Legal
Privacy Policy
This policy explains what personal data RevSight collects, how we use it, our role as a processor of the billing data you connect, and the rights you have.
1. Who we are and how to contact us
RevSight provides a read-only, AI-assisted billing-intelligence application embedded in your CRM. For any privacy question or request, contact us at team@revsight.io.
These terms are between you and RevSight ("RevSight", "we", "us", or "our"), the operator of the RevSight service.
2. Data we collect
(a) Account data
Information needed to create and run your account, such as your work email (used for one-time-passcode login), and workspace details. We collect this directly from you.
(b) Customer / billing data processed on our customers’ behalf
When you connect your billing and CRM providers, RevSight processes the data in those accounts to provide the service. This can include your end-customers’ names and email addresses, subscriptions, invoices, usage, and payment status drawn from Stripe, Metronome, and HubSpot. We process this data on your behalf as a processor (see “Our role” below and the DPA).
(c) Usage and diagnostic logs
Operational records such as billing-lookup events, timestamps, and basic technical logs used to run, secure, and improve the service.
(d) Cookies
We use a single essential session cookie to keep you logged in. We do not use advertising or cross-site tracking cookies. See “Cookies” below.
3. How we use data
- to provide, operate, secure, and improve the service;
- to authenticate you and protect against unauthorized access;
- to resolve and display billing information on your CRM records;
- to provide support and respond to your requests;
- to manage subscriptions, billing, and trials;
- to comply with law and enforce our terms.
4. AI processing
To generate billing summaries and answer questions in the assistant, relevant billing context is sent to our AI subprocessor, Anthropic, which returns the generated text. Under our agreement with that subprocessor, data sent through its API is not used to train its publicly available models. We send only the context needed to answer the request. See our Subprocessors page.
5. Legal bases (GDPR / UK GDPR)
Where the GDPR or UK GDPR applies and we act as a controller (mainly for account and usage data), we rely on: performance of a contract with you; our legitimate interests in operating, securing, and improving the service; consent where we ask for it; and compliance with legal obligations. For data we process on a customer’s behalf, the customer is the controller and determines the legal basis.
6. Our role: processor vs. controller
For the connected customer/billing data described in 2(b), RevSight acts as a processor (a service provider) on behalf of the business customer, who is the controller. We process that data only on the customer’s documented instructions and to provide the service, as set out in our Data Processing Addendum. For account and usage data we act as a controller.
7. Sharing and subprocessors
We do not sell your personal information. We share data only with the service providers that help us run RevSight, listed on our Subprocessors page, and where required by law or to protect rights and safety. Each subprocessor is bound by appropriate confidentiality and data-protection obligations.
8. Retention
We keep account data while your account is active and as needed to provide the service. Logs are kept for a limited period for security and operations. On request or on termination, we delete or return personal data we process on your behalf, except where we must retain it to comply with law.
9. Security
We use technical and organizational measures appropriate to the risk, including encryption in transit and at rest, encryption of stored provider credentials, read-only access to your billing providers, least-privilege access controls, and logging. No method of transmission or storage is completely secure, but we work to protect your data.
10. International transfers
We process data in the United States and may transfer data internationally. Where required, we use appropriate safeguards for such transfers, including the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable).
11. Your rights
Depending on where you live, your rights may include the right to access, correct, delete, port, restrict, or object to the processing of your personal data, and to withdraw consent. To exercise them, contact team@revsight.io; if your data is processed on a business customer’s behalf, we will refer your request to that customer (the controller).
For California residents (CCPA/CPRA), you have the right to know, delete, and correct personal information and to opt out of its sale or sharing. We do not sell or share personal information for cross-context behavioral advertising. We will not discriminate against you for exercising your rights.
12. Cookies
RevSight uses a single essential session cookie required for login. We do not use advertising, analytics-tracking, or cross-site cookies for behavioral advertising.
13. Children
RevSight is a business product and is not directed to, or intended for, anyone under 18. We do not knowingly collect personal data from children.
14. Changes to this policy
We may update this Privacy Policy from time to time. For material changes, we will provide reasonable notice (for example, by email or in-product notice) and update the date at the top of this page.
15. Contact
For any privacy question or request, contact us at team@revsight.io.