Privacy Policy
Last updated: 22 May 2026
This Privacy Policy describes how RevTurbine ("RevTurbine", "we", "us", or "our") collects, uses, shares, and protects personal information when you visit the website at revturbine.com (the "Site") or use the RevTurbine product (the "Service").
By using the Site or Service, you agree to the practices described in this policy. If you do not agree, please do not use the Site or Service.
For any privacy-related question or request, contact us at privacy@revturbine.com.
Information we collect
When you visit the Site
We collect limited information automatically from all visitors to the Site:
- Technical data — IP address, device type, browser, operating system, referrer, pages viewed, and time on page. This is collected by our hosting provider (Vercel) and our analytics tools (Vercel Analytics, Vercel Speed Insights, Ahrefs Analytics, and Google Analytics 4).
- Tag management — we use Google Tag Manager to load and manage third-party scripts (such as analytics and marketing tags) on the Site. Google Tag Manager does not itself collect identifiable information, but it loads other tools that do; those tools and the data they collect are listed in this policy.
- Web analytics — we use Google Analytics 4 (loaded via Google Tag Manager) to measure traffic and engagement. GA4 collects pageviews, events, device and browser information, and a randomly generated client identifier. IP addresses are not stored.
- Business identification — we use Leadfeeder (a service of Dealfront) to identify which companies visit the Site, based on the visitor's IP address mapped to Dealfront's company database. Leadfeeder identifies organizations, not individuals, and does not surface personal names, email addresses, or LinkedIn profiles.
- Cookies — Vercel Analytics, Vercel Speed Insights, and Ahrefs Analytics are cookieless. Google Analytics 4 and Leadfeeder set cookies on your device for analytics and visitor identification. The Service uses functional cookies necessary for authentication.
When you contact us through the Site
When you submit one of our contact, booking, or email-signup forms, we collect:
- The information you provide — typically your name, email address, the topic you select, and any message you write.
- Scheduling information you provide when booking a session, which is processed by Calendly.
We use this information to respond to you, follow up about your enquiry, and (if you opt in) send product updates.
When you use the Service
When you create an account or use the Service, we collect:
- Account information — your name, email address, and password (stored only as a salted hash). If you sign in via Google, GitHub, or Microsoft Entra ID, we receive your basic identity details from that provider.
- Workspace and tenant information — organization name, workspace members, roles, and configuration.
- Billing information — processed by Stripe (we operate a Stripe Connect platform). We do not store full payment-card details. We retain Stripe customer and subscription identifiers and high-level billing metadata.
- Usage and event data — page views, placement impressions and conversions, billing events, and other in-product activity. These events are sent to Tinybird and retained for 365 days.
- AI prompts and content — when you use AI-powered features, your prompts and any codebase content you provide (including content fetched from GitHub using tokens you supply) are forwarded to Anthropic (Claude) and/or OpenAI through the Vercel AI Gateway for processing.
- Operational data — session and rate-limiting data processed by Upstash Redis; background and webhook events (including Stripe webhook payloads) processed by Inngest; transactional email (verification, magic links, invitations) sent via Google (Gmail API); server logs sent to Axiom for observability.
How we use information
We use personal information to:
- Provide, operate, secure, and improve the Site and the Service.
- Authenticate you and protect your account.
- Process payments and manage subscriptions.
- Send transactional, service, and (where you've opted in) marketing communications.
- Respond to your enquiries and follow up about sales.
- Analyze usage to improve our product, content, and marketing.
- Detect, investigate, and prevent fraud, abuse, and security threats.
- Comply with legal obligations.
Legal bases (UK / EU / EEA visitors)
Where the UK GDPR or EU GDPR applies, we rely on the following legal bases:
- Performance of contract — to provide the Service you signed up for.
- Legitimate interests — for analytics, business identification, fraud prevention, marketing to business contacts, and improving our offering.
- Consent — where required (you may withdraw consent at any time).
- Legal obligation — where applicable.
Service providers (sub-processors)
We share personal information with the following third-party service providers, each bound by data-protection commitments where applicable. This list reflects our current sub-processors and may change over time.
| Provider | Purpose | Primary location |
|---|---|---|
| Vercel | Hosting, web analytics, performance monitoring | United States |
| Neon (via Vercel Postgres) | Primary database | United States |
| Upstash | Session cache and rate limiting | United States |
| Google (OAuth) | Google sign-in | United States |
| Google (Gmail API) | Transactional email | United States |
| Google (Tag Manager) | Tag management container for the Site | United States |
| Google (Analytics 4) | Web analytics (loaded via Google Tag Manager) | United States |
| Dealfront (Leadfeeder) | B2B visitor identification at the company level (loaded via Google Tag Manager) | European Union |
| GitHub | OAuth sign-in; repository access via user-supplied tokens | United States |
| Microsoft (Entra ID) | OAuth / SSO sign-in | United States |
| Stripe (Stripe Connect) | Payment processing | United States |
| Tinybird | Clickstream and event analytics (365-day retention) | European Union |
| Anthropic (Claude) | AI / large-language-model processing | United States |
| OpenAI | AI / large-language-model processing | United States |
| Vercel AI Gateway | Proxy for LLM requests | United States |
| Inngest | Background jobs and webhook processing | United States |
| Axiom | Logs and observability | United States |
| Ahrefs Analytics | Marketing analytics (cookieless) | European Union |
| Calendly | Session scheduling | United States |
International transfers
Most of our service providers are based in the United States. By using the Site or Service, you understand that your information may be transferred to and processed in the United States and other jurisdictions whose data-protection laws may differ from those in your country. Where required, we rely on Standard Contractual Clauses or equivalent transfer mechanisms.
Data retention
We retain personal information for as long as needed for the purposes described in this policy, unless a longer retention period is required by law:
- Marketing site analytics and visitor identification — retained while reasonably useful for the purposes above.
- Account data — retained for the lifetime of your account, plus a reasonable archival period after deletion.
- Usage and clickstream events (Tinybird) — 365 days.
- Billing records — retained as required by tax and accounting laws (typically 7 years).
- Logs and operational data — retained per provider defaults, typically 30–90 days.
Your rights
Depending on where you live, you may have rights in relation to your personal information, including the right to:
- Access the personal information we hold about you.
- Correct inaccurate or incomplete information.
- Delete your information.
- Restrict or object to certain processing.
- Receive a copy of your information in a portable format.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with your local data-protection authority.
If you are a California resident, you have additional rights under the CCPA/CPRA, including the right to know, delete, correct, and opt out of "sale" or "sharing" of personal information. We do not sell personal information for monetary value. To exercise any CCPA/CPRA right, email privacy@revturbine.com.
If you are in the UK, EU, or EEA, you have rights under the UK GDPR / EU GDPR as described above.
To exercise any of these rights, email privacy@revturbine.com. We will respond within the timeframe required by applicable law.
Cookies and tracking
The Site uses:
- Cookieless analytics via Vercel Analytics, Vercel Speed Insights, and Ahrefs Analytics.
- Google Tag Manager to load and manage third-party scripts. Google Tag Manager itself does not set tracking cookies.
- Google Analytics 4 cookies (e.g.,
_ga,_ga_*) to distinguish unique users and sessions. - Leadfeeder cookies (e.g.,
_lfa) for company-level visitor identification. - Functional cookies required for authentication when using the Service.
You can configure your browser to block or delete cookies. Doing so may affect parts of the Service that depend on them (for example, staying signed in).
Security
We use industry-standard security measures including encryption in transit (TLS), salted password hashing, OAuth-based sign-in where available, and access controls. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
Children
The Site and Service are not directed at children under the age of 16, and we do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, please contact us.
Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page reflects the most recent change. Material changes will be communicated through the Site or the Service.
Contact us
For any privacy-related question, request, or complaint:
RevTurbine Email: privacy@revturbine.com