Privacy Policy (RevScope)

This Privacy Policy explains how RevScope (by Yonavi, Inc., "RevScope", "we", "us") collects, uses, and protects Personal Data in connection with our websites, web application, and related services (the "Services"). It reflects how RevScope actually operates: you paste URLs, upload files (e.g., spreadsheets), optionally connect third-party accounts, and—if you enable it—RevScope can take approved actions on your behalf (e.g., publish or edit content, adjust campaigns).

Contact: privacy@revscope.ai

What RevScope Is (and Isn't)

  • What we do: You provide links or files; you may connect third-party tools (e.g., ad platforms, CRM, CMS, social/video). RevScope analyzes your inputs and (if you enable it) performs specific, authorized actions through those integrations.
  • What we don't do: We don't run third-party tracking pixels across the open web, don't build shadow profiles, and don't buy/sell Personal Data. We only access the exact data, scopes, and resources you authorize.

Key Definitions

  • Personal Data: Info that identifies or relates to an identifiable person (or household, where applicable).
  • Customer Data: Content, files, configurations, metadata, connected-account data within the scopes you grant, and outputs (recommendations, explanations).
  • Applicable Law: GDPR (EU/UK), CCPA/CPRA (CA), and other privacy laws that apply.

We process Personal Data under Applicable Law (e.g., GDPR Art. 6(1)(b)–(f); Art. 28 where we act as processor). We do not sell Personal Data.

Roles

  • Controller: Yonavi, Inc. (for our marketing site, sign-up, billing, communications, and direct accounts).
  • Processor: For Customer Data provided/connected by you or your organization (e.g., URLs, files, integration data, instructions to act), we generally act as a processor to your organization.

Data We Collect and Why

1) Customer Data you submit (core function)

  • Examples: URLs you paste; files you upload (CSV/XLSX); labels, prompts, and settings; our generated outputs.
  • Purpose: Deliver analysis, recommended actions, explanations, and product support.
  • Legal basis: Contract (provide the Service) and legitimate interests (security, reliability).

2) Connected accounts & integrations (actions on your behalf)

  • Examples: Data accessed via APIs for ad platforms, CRM, CMS, social/video, analytics—only within the scopes you approve (e.g., "read campaigns", "manage posts").
  • Actions: If enabled, RevScope may create/edit/publish content, pause/adjust campaigns, update CRM records/fields, tag content, or schedule tasks—strictly per your instructions, automation rules, and approvals.
  • Minimization: We request the least privilege scopes needed. You can revoke access at any time via the third-party provider or within RevScope (where supported).
  • Legal basis: Contract (perform requested actions), legitimate interests (service reliability and security), and consent where required.

3) Website/App usage data (privacy-first)

  • Examples: pages viewed, referrer, device/browser, language, approximate location, crash/diagnostic logs, and IP (processed transiently for security, then truncated or deleted).
  • Purpose: Operate, secure, and improve performance; prevent abuse.
  • Legal basis: Legitimate interests; consent where required.

4) Account & communications

  • Examples: name, work email, organization, role, password (hashed), preferences; messages you send us.
  • Purpose: Provision accounts, respond to requests, deliver service updates, and—if you opt in—marketing communications.
  • Legal basis: Contract, legitimate interests, consent (where required).

5) Product telemetry (de-identified/aggregate)

  • Examples: feature usage counts, latency/error metrics, model response timings, action success/failure codes.
  • Purpose: Reliability, debugging, capacity planning, and product decisions.
  • Handling: De-identified or aggregated wherever feasible.

Cookies and Signals

  • Essential cookies operate the site/app.
  • Optional analytics are consent-based where required, with controls in our banner and your browser.
  • We honor recognized privacy signals (e.g., Global Privacy Control) where legally required.

How Our AI & Agents Handle Your Data

  • No default model training on your Customer Data: We do not use your Customer Data to train generalized models used across customers unless you (or your org) explicitly opt in.
  • Providers/Subprocessors: Vetted infrastructure, storage, and AI model providers process data only under our instructions and only to fulfill your requests.
  • Human-in-the-loop (optional): If you enable expert review or raise a support ticket, authorized personnel may view limited snippets to resolve an issue or improve a specific output/action you request. Access is role-based and logged.

Actions & Automations on Your Behalf

When you enable actions or automations, RevScope will:

  • Use only the permissions you grant (API scopes). We avoid broad scopes and surface why each scope is requested.
  • Show previews/confirmations for sensitive actions (e.g., publish/post, budget changes) when your policy requires approval.
  • Log every action with timestamp, actor (user/automation), target system/resource, and status (success/failure) for auditability.
  • Respect your guardrails (budgets, roles, allowed channels, blackout times, fallback to draft).
  • Allow revocation anytime (via the connected provider or RevScope).
  • Retry safely within rate limits; if failures persist, actions stop and we notify you in-product and/or by email (per your settings).

Examples of actions (config-dependent): create/edit/publish posts or pages; pause/adjust campaigns; update CRM fields/statuses; create tasks; tag content; schedule or roll back a change.

Credentials, Tokens & Secrets

  • OAuth/Access tokens are stored encrypted at rest; we never store plaintext passwords.
  • Tokens are used only to perform the actions you've authorized and are rotated/expired per provider norms.
  • You can disconnect an integration at any time; doing so invalidates future reads/writes. Some activity records may remain in our audit logs.

Sharing and Disclosure

We share Personal Data only with:

  • Service Providers/Subprocessors (e.g., cloud hosting, logging, email delivery, model inference) bound by confidentiality and data-processing terms. A current list is available on our Trust page (or by request).
  • Professional advisors & authorities for legal, compliance, security, or audit.
  • Business transfers (e.g., M&A, financing) consistent with law and contracts.

We do not otherwise disclose Personal Data without consent unless required by law.

International Transfers

Data may be processed in the United States and other locations where we or our providers operate. Where required, we implement appropriate safeguards (e.g., Standard Contractual Clauses). Enterprise options (e.g., data residency or private deployments) may be available by agreement.

Security

We apply administrative, technical, and physical safeguards appropriate to the sensitivity of data, including access controls, encryption in transit, environment isolation, and logging. We continuously improve defenses and monitor for abuse.

Retention

  • Customer Data: Retained for your subscription term or until you/your admin delete it, plus a short period for backups/business continuity.
  • Integration Data: Retained only as needed to execute your requests, display results/history, and maintain audit logs.
  • Account/Contact Data: Retained while your account is active and as required for legal/compliance/security.
  • Usage/Telemetry: Retained only as long as needed, then deleted or de-identified.

You can delete Customer Data from within the product (where available) or by contacting us.

Your Rights

Subject to your location's laws, you may have rights to access, correct, delete, object, restrict, port, and withdraw consent.

  • If we process data as processor for your organization, we'll refer your request to your administrator.
  • We verify identity before fulfilling requests.

Requests: privacy@revscope.ai (subject: "Privacy Request").
You may also have the right to complain to your data protection authority.

Communications Preferences

Manage marketing preferences or unsubscribe at any time (service/security notices may still be sent). We honor do-not-contact requests as required by law.

Children's Data

The Services are not directed to children under 13 (or other age as required by local law). We do not knowingly collect Personal Data from children. If you believe a child provided Personal Data, contact us so we can delete it.

Third-Party Sites & Policies

Your connected platforms (e.g., ad networks, CRM, CMS, social/video) remain governed by their own terms and privacy policies. Their permissions, rate limits, and retention rules apply to data accessed through them.

Data Processing Agreements (DPA)

We will execute a DPA (and, where needed, Standard Contractual Clauses) with customer organizations upon request. Contact privacy@revscope.ai.

Changes to This Policy

We may update this Policy from time to time. Material changes will be posted here and, if you have an account, we'll notify you where required. Changes take effect upon posting unless stated otherwise.

Effective date: November 2, 2025
Contact: privacy@revscope.ai