Global Privacy Policy

Introduction

Revenue, Inc. (doing business as “Revenue.io,” and referred to herein as “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information through compliance with this Privacy Policy.

This Privacy Policy describes how we collect, use, disclose, store, retain, and protect personal information when you access or use our website, applications, and services (collectively, the “Services”).

This Privacy Policy applies to information we collect on our website (www.revenue.io), in email, text, and other electronic messages between you and our Services, and through mobile and desktop applications you download from or connect to our Services.

Please read this Privacy Policy carefully to understand our practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Services. By accessing or using our Services, you agree to this Privacy Policy.

This Privacy Policy, together with Revenue.io’sMaster Service Agreement and Subprocessor List, governs the use of our Services. These documents are publicly accessible from Revenue.io’s homepage at www.revenue.io and from the footer of all pages within the revenue.io domain.

1. Categories of Personal Information We Collect

We collect the following categories of information from and about users of our Services:

1.1 Information You Provide Directly

• Name

• Business contact information (email address, telephone number, postal address, company name)

• Account credentials

• Communications with us (including customer support inquiries)

• Any other information you voluntarily provide in connection with the Services

1.2 Commercial Information

• Records of services purchased, obtained, or considered

• Subscription and licensing details

• Transaction and billing history

• Other purchasing or consuming histories or tendencies

1.3 Internet and Electronic Network Activity Information

• Log data and usage analytics

• Device information

• IP address

• Browser type and version

• Referring URLs and pages visited

1.4 Information Collected via Third-Party Integrations

If you elect to connect third-party services to our platform (including Google Workspace), we may receive and process data from those services as described in the applicable integration sections below.

2. Google API Services Data and Limited Use Compliance

Google API Services Limited Use Disclosure: Revenue.io’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Full policy: Google API Services User Data Policy

2.1 Google OAuth Authorization

When a user elects to connect their Google account to the Services, Revenue.io requests authorization through Google’s OAuth 2.0 framework.

Application Identification: Revenue.io accesses Google Workspace APIs through its integration partner Nylas, Inc. (“Nylas”), which serves as a middleware layer for email and calendar connectivity. As a result, the application name displayed on Google’s OAuth consent screen may appear as “revenue-nylas-v3-prod” or a similar identifier. This application is owned and operated by Revenue, Inc. (Revenue.io) and is governed by this Privacy Policy and Revenue.io’s Master Service Agreement. Nylas is listed as a subprocessor at https://www.revenue.io/subprocessors.

Revenue.io currently requests the following Google API scopes:

• https://www.googleapis.com/auth/gmail.modify (Restricted)
• Google Calendar access, including calendar event metadata (Sensitive)

These scopes allow Revenue.io to access, create, and modify certain Gmail and Google Calendar data, as expressly authorized by the user.

• Revenue.io does not request access to Google Contacts data.
• Revenue.io does not request access to Google Drive data.
• Revenue.io does not request full mailbox access via https://mail.google.com/.

Access to Google Workspace data occurs only after the user provides explicit consent through Google’s OAuth consent screen. Users may revoke Revenue.io’s access at any time via: https://myaccount.google.com/permissions

2.2 Categories of Google Workspace Data Accessed

2.2.1 Gmail Data

Revenue.io may access and store:

• Gmail message body content (plain text and/or HTML content)

• Gmail message metadata, including:

– Sender address

– Recipient address(es)

– Timestamp

– Subject line

– Message ID

– Thread ID

– Message headers

Revenue.io does not store Gmail attachments.

Revenue.io does not access or store Google Contacts data.

2.2.2 Google Calendar Data

Revenue.io may access and store limited Google Calendar event metadata, including:

• Meeting title or topic

• Meeting join URL

• Meeting description

• Event start time

• Event end time

Revenue.io does not store calendar file attachments.

2.3 Storage and Retention of Google API Data

Revenue.io stores the following Google Workspace data:

• Gmail message body content

• Gmail message metadata

• Limited Google Calendar event metadata (as described above)

Google API data is stored within Revenue.io’s secure infrastructure and retained only for as long as necessary to:

• Provide user-authorized functionality

• Maintain account-level service continuity

• Comply with contractual obligations

• Satisfy applicable legal requirements

If a user disconnects their Google account from the Services, or upon termination of the Customer’s subscription, associated Google API data is deleted or de-identified within thirty (30) days unless retention is required by applicable law. This deletion obligation survives termination of any agreement between Revenue.io and Customer.

Revenue.io does not retain Gmail attachments.

2.4 Compliance with the Google API Services User Data Policy

In accordance with the Google API Services User Data Policy, including the Limited Use requirements:

2.4.1 Purpose Limitation

Google API data is used solely to provide user-facing functionality that has been explicitly enabled and authorized by the user, including:

• Composing email communications

• Modifying email messages

• Synchronizing email activity data

• Synchronizing calendar event metadata

Google API data is not used for any secondary, unrelated, or incompatible purpose.

2.4.2 No Sale of Google API Data

Revenue.io does not sell Google API data or Google Workspace data under any circumstances.

2.4.3 No Advertising or Marketing Use

Google API data is not used for:

• Behavioral advertising

• Cross-context advertising

• Retargeting

• Profiling for advertising purposes

• Marketing unrelated to core product functionality

2.4.4 No Generalized Artificial Intelligence or Model Training

Google Workspace data obtained via Google APIs is not used to develop, improve, or train:

• Generalized artificial intelligence systems

• Foundation models

• Large language models

• Cross-customer machine learning systems

• Shared training datasets

Revenue.io does not permit AI or machine learning systems to ingest, process, analyze, or train on Google Workspace data. Any AI or machine learning functionality operated by Revenue.io is confined to Revenue-controlled environments and does not utilize Google Workspace data as model input.

Google Workspace data obtained via Google APIs is expressly excluded from any de-identified or aggregated data sets and shall not be used for training, developing, enhancing, or improving any AI system, product, or service.

2.4.5 Human Access Restrictions

Revenue.io does not permit human access to Google API data except:

• With explicit user authorization

• When necessary to investigate or prevent fraud, abuse, or security incidents

• To comply with applicable law or legally binding governmental request

• For limited internal operational purposes necessary to maintain or debug the Services

All access to Google API data is subject to access controls, monitoring, and confidentiality obligations.

2.4.6 Transfers and Subprocessors

Google API data may be processed by third-party subprocessors acting solely on Revenue.io’s behalf under written data processing agreements that require:

• Confidentiality

• Data protection safeguards

• Security controls

• Use limitations consistent with the Google API Services User Data Policy

Nylas, Inc. serves as a subprocessor for Google API data, providing middleware connectivity for Gmail and Google Calendar integrations. A current list of all subprocessors is available at: https://www.revenue.io/subprocessors

Google API data is not transferred to third parties for independent use.

2.5 Security Safeguards for Google API Data

Revenue.io implements administrative, technical, and organizational measures designed to protect Google API data against unauthorized access, disclosure, alteration, or destruction, including:

• Encryption in transit using TLS 1.2 or higher

• Encryption at rest

• Role-based access controls

• Multi-factor authentication for privileged access

• Access logging and monitoring

• Segregation of duties

• Security review and risk assessment processes

Access to Google API data is restricted to authorized personnel with a legitimate business need.

3. How We Use Personal Information

We use the information we collect about you or that you provide to us, including any personal information:

• To present our Services and their contents to you

• To provide you with information, products, or services that you request from us

• To fulfill any other purpose for which you provide it

• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us

• To notify you about changes to our Services or any products or services we offer

• To ensure system security and integrity

• To comply with applicable legal obligations

Notwithstanding any other provision of this Privacy Policy, Google Workspace data obtained via Google APIs is used solely as described in Section 2 above and strictly in compliance with the Google API Services User Data Policy, including the Limited Use requirements.

4. Disclosure of Personal Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this Privacy Policy:

• To subprocessors and service providers under written data processing agreements

• To comply with any court order, law, or legal process, including responding to any government or regulatory request

• To enforce our Terms of Service and other agreements

• In connection with a merger, acquisition, restructuring, or sale of assets, provided the acquiring entity agrees to be bound by the terms of this Privacy Policy

• To protect the rights, property, or safety of Revenue.io, our customers, or others

Google API data is shared only with subprocessors acting on Revenue.io’s behalf (including Nylas, Inc. for API connectivity) and solely for the purpose of providing the Services, in accordance with written data processing agreements.

5. Data Rights

If you are a resident of the European Economic Area (EEA), you have certain data protection rights covered by the GDPR. If you are a resident of California, you have certain data protection rights covered by the CCPA and CPRA. These include the right to access, update, or delete the information we have on you; the right of rectification; the right to object; the right of restriction; the right to data portability; and the right to withdraw consent.

Please see Sections 11 and 12 for detailed information regarding jurisdiction-specific rights.

6. Clients Using Revenue.io Services

6.1 Data Ownership and Control

As a client of Revenue.io, you retain ownership and control of all data you provide to us on the frontend. We maintain only backup data for business continuity purposes. We will only use this data to provide the services you have requested, in accordance with this Privacy Policy and our Terms of Service.

6.2 Data Protection and Compliance

You are responsible for ensuring that any data you provide to us complies with all relevant laws and regulations. This includes obtaining any necessary consents for the collection and processing of personal data.

6.3 Security

You are responsible for maintaining the security of your account, including keeping your login information confidential and securing any devices you use to access our Services. If you become aware of any unauthorized access to your account, please notify us immediately.

6.4 Client Data Requests

As a client, you have the right to request access to, correction of, or deletion of your data at any time. To make a request, please contact us at privacy@revenue.io or submit a Data Subject Access Request using our DSAR Form.

6.5 Service Changes and Cancellations

You may change or cancel your services based upon our mutually executed Master Services Agreement. We may retain certain data for a period of time after cancellation as described in the Data Retention section below.

7. Sensitive Personal Information

Revenue.io does not knowingly collect, use, or disclose sensitive personal information unless it is necessary to provide our Services or fulfill contractual obligations. Sensitive personal information may include data revealing racial or ethnic origin, religious beliefs, health data, biometric data, and precise geolocation.

Where we process sensitive personal information, we apply heightened security measures, including encryption and restricted access, and limit processing strictly to what is necessary for the purposes specified at the time of collection.

If you believe we have inadvertently collected sensitive information, please contact us at privacy@revenue.io.

8. Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. The safety and security of your information also depends on you.

8.1 Technical Controls for Data Protection

Revenue.io utilizes a range of technical controls to ensure the secure processing and storage of data, including:

• Access Control: We have implemented strict access controls to limit who can access personal data. Only authorized personnel who require access to perform their job functions are granted such access. We use a principle of least privilege.
• Encryption: Personal data is encrypted both at rest and in transit. Encryption in transit is done using Transport Layer Security (TLS 1.2 or higher). Encryption at rest is used to protect data stored in our databases and servers.
• Regular Auditing and Monitoring: We conduct regular audits of our systems and monitor them for unusual activity to identify and respond to potential security incidents in a timely manner.
• Firewalls and Intrusion Prevention Systems: We use firewalls and intrusion prevention systems to detect and block malicious activity and prevent unauthorized access to our systems.
• Data Backup and Recovery: We regularly back up data to help prevent data loss and aid in recovery. Backups are encrypted and stored securely.
• Security Training: Our employees receive regular training on data protection and information security to ensure they understand their responsibilities and how to handle data securely.
• Security by Design and Default: We incorporate data protection into our services from the earliest stages of development, including using secure coding practices and conducting regular security testing.
• Two-Factor Authentication (2FA): We use two-factor authentication for accessing our systems, adding an extra layer of security by requiring users to provide two forms of identification.

We continuously review and update our controls to respond to new security threats and ensure ongoing compliance with data protection laws.

For more information about our security controls, contact privacy@revenue.io.

8.2 Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and relevant authorities without undue delay and in accordance with applicable laws, including the General Data Protection Regulation (GDPR) and other regional data protection requirements.

Notifications will include information regarding the nature of the breach, affected data categories, likely consequences, and measures taken or proposed to address the breach.

9. Automated Decision-Making and Use of Artificial Intelligence

Disclosure of AI Model Use: Revenue.io uses third-party generative artificial intelligence (“AI”) models, including large language models (“LLMs”), to power features within our Services. Revenue.io does not develop or operate its own proprietary LLMs. Users may opt out of AI-driven features and profiling by contacting privacy@revenue.io or by adjusting their AI feature settings within the platform, where available.

Revenue.io integrates these third-party AI technologies to assist and enhance our Services, including but not limited to conversation transcription analysis, conversation summaries, follow-up email drafting, coaching feedback generation, scorecards, and question-answering features.

Google Workspace data obtained via Google APIs is not used as input to, processed by, analyzed by, or incorporated into any artificial intelligence, machine learning model, large language model, or automated decision-making system operated by or on behalf of Revenue.io.

AI outputs are generated based on system-defined prompts and user-submitted queries, and are intended to assist users rather than to replace human decision-making. Where outputs involve actions such as email communications, human review and intervention are required prior to finalization or transmission.

Revenue.io does not engage in automated decision-making that produces legal or similarly significant effects on individuals without human involvement. Our use of AI is transparent, secure, and aligned with applicable data protection laws.

For more information or to exercise your rights related to automated processing, please contact us at privacy@revenue.io.

10. Responsible Use of AI

Revenue.io is committed to the responsible development and use of Artificial Intelligence technologies. We design and deploy AI systems with the principles of transparency, fairness, accountability, and privacy in mind.

We actively monitor for potential biases and regularly review our AI systems to ensure compliance with ethical standards and applicable laws.

Opting Out of AI Features

Users have the ability to opt out of AI-driven features and profiling. To exercise this right, users may:

• Adjust AI feature settings within the Revenue.io platform, where available
• Contact us at privacy@revenue.io to request that AI-driven processing be disabled for their account
• Submit a request through our DSAR Form

Opting out of AI-driven features will not affect your ability to use the core functionality of our Services.

This commitment expressly includes the exclusion of Google Workspace data obtained via Google APIs from any AI model training, evaluation, tuning, embedding generation, or generalized machine learning processing.

11. California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

11.1 Rights under CCPA

If you are a resident of California, you have the following rights under the CCPA:

Right to Know

You have the right to request that we disclose what personal information we collect, use, disclose, and sell.

Right to Delete

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions.

Right to Opt-Out

You have the right to direct us not to sell your personal information at any time. Revenue.io does not sell personal information and does not sell Google API data or Google Workspace data under any circumstances.

Right to Non-Discrimination

You have the right not to receive discriminatory treatment by us for exercising your CCPA rights.

11.2 Additional Rights under CPRA

Right to Correct

You have the right to request that we correct your personal information if it is inaccurate.

Right to Limit Use and Disclosure of Sensitive Personal Information

You have the right to direct us to limit our use of your sensitive personal information, including not using or disclosing sensitive personal information for advertising or marketing purposes.

Automated Decision Making and Profiling

You have the right to opt-out of our use of your personal information for automated decision-making or profiling.

Right to Appeal Automated Decisions

If an automated decision made by Revenue.io significantly impacts you, you have the right to request a review of the decision by a human. Upon request, we will provide meaningful information about the logic involved, as well as the significance and consequences of the processing.

11.3 Exercising Your Rights

To exercise any of the rights described in this section, please send a request to privacy@revenue.io.

We may require specific information from you to help us confirm your identity and process your request. If we are unable to confirm your identity or to connect the information you provide with personal information we already maintain, we may deny your request.

To submit an automated Data Subject Access Request (DSAR) under CCPA/CPRA, please use our online form: Submit a Data Subject Access Request

by submitting a request through our

11.4 Response Timing and Format

We aim to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing. Any disclosures we provide will only cover the 12-month period preceding our receipt of the verifiable consumer request.

11.5 Non-Discrimination

We will not discriminate against you for exercising any of your CCPA or CPRA rights.

12. General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have the following data protection rights under the GDPR:

Right to Access, Correct, Update, or Request Deletion

You have the right to access, correct, update, or request deletion of your personal information at any time by contacting us at privacy@revenue.io or by submitting a request through our Data Subject Access Request Form.

Right to Object to Processing

You have the right to object to the processing of your personal information, ask us to restrict the processing of your personal information, or request portability of your personal information.

Right to Opt-Out of Marketing Communications

You have the right to opt-out of marketing communications at any time by clicking the “unsubscribe” or “opt-out” link in marketing emails, or by contacting us.

Right to Withdraw Consent

If we have collected and processed your personal information with your consent, you can withdraw your consent at any time. Withdrawal will not affect the lawfulness of any processing conducted prior to your withdrawal, nor will it affect processing conducted in reliance on lawful processing grounds other than consent.

Right to Complain to a Data Protection Authority

You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

13. Data Retention

Revenue.io retains personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements.

Typical retention periods include:

• Account Information: Retained for the duration of the customer relationship plus 6 years for legal compliance purposes.
• Communication Data: Retained for up to 24 months unless otherwise required.
• AI-generated Data and Conversation Analytics: Retained for up to 36 months, subject to customer agreements or earlier upon customer request.

Upon expiration of the applicable retention period, personal data is securely deleted or anonymized.

Google Workspace data obtained via Google APIs is retained only as long as necessary to provide authorized Services or as required by law. Upon user disconnection of a linked Google account, or upon termination of the Customer’s subscription, associated Google API data is deleted or de-identified within thirty (30) days unless retention is required by applicable law.

14. International Data Transfers

Your information, including personal data, may be transferred to and maintained on servers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ.

When transferring personal data internationally, Revenue.io implements appropriate safeguards, including:

• Execution of the European Commission’s Standard Contractual Clauses (SCCs) for data transfers outside of the EEA and UK
• Participation in frameworks such as the EU-U.S. Data Privacy Framework (where applicable)
• Implementing supplementary security measures, such as encryption in transit and at rest

You can request a copy of our Standard Contractual Clauses or additional information about our international data transfers by contacting privacy@revenue.io.

15. Subprocessors

Revenue, Inc. uses certain subprocessors to assist in providing our Services. A subprocessor is a third-party data processor engaged by Revenue, Inc. who has or potentially will have access to or process service data (which may contain personal data).

Nylas, Inc. is a key subprocessor that provides middleware connectivity for Google Workspace integrations (Gmail and Google Calendar). A complete and current list of subprocessors authorized by Revenue, Inc., including those that may process Google API data on our behalf, is available at: https://www.revenue.io/subprocessors

16. Cookies and Tracking Technologies

Revenue.io uses cookies and similar tracking technologies (such as web beacons and pixels) to enhance your experience, analyze trends, administer the website, and gather demographic information.

We categorize our use of cookies as follows:

• Strictly Necessary Cookies: Required for the website to function properly.
• Performance Cookies: Collect information about how visitors use the website (e.g., Google Analytics).
• Functional Cookies: Enable website customization.
• Targeting/Advertising Cookies: Track browsing habits to deliver advertising relevant to your interests.

Some cookies are placed by third-party service providers that perform services for us (e.g., Google Analytics, LinkedIn Insight Tag).

You have the ability to manage your cookie preferences via our cookie consent tool. For our full cookies notice, please visit: https://www.revenue.io/cookie-notice

17. Children’s Privacy

Revenue.io’s Services are not intended for or directed at individuals under the age of 13, or the applicable minimum age in the relevant jurisdiction. We do not knowingly collect or solicit personal information from anyone under this age.

If you believe that a child under the applicable age has provided us with personal information, please contact us at privacy@revenue.io.

18. Use of Services

You must use our Services in accordance with our Terms of Service. This includes not using our Services for illegal activities or to infringe upon the rights of others.

19. Changes to This Privacy Policy

It is our policy to post any changes we make to this Privacy Policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on the Website home page. The date the Privacy Policy was last revised is identified at the top of this document.

20. Contact Information

To ask questions or comment about this Privacy Policy and our privacy practices, or to exercise your privacy rights, contact us at:

Revenue, Inc. (Revenue.io)

Email: privacy@revenue.io

Contact: Attention Compliance

Address: 15000 Ventura Boulevard #201 Sherman Oaks, California 91403

Phone: (855) 954-0209

To submit a Data Subject Access Request, please visit: DSAR Request Form

© 2026 Revenue, Inc. (Revenue.io). All rights reserved.