Privacy Policy

Introduction

Welcome to RevUp SaaS ("RevUp", "we", "us", or "our"). RevUp is a reputation management tool that helps businesses manage their online reputation and analyze their Google Business Profile performance. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using RevUp, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our service.

Information We Collect

Business User Data

When business owners and administrators use our platform, we collect:

• Account Information: Name, email address, organization name, and authentication credentials
• Business Information: Business category, specialization, logo, and branding preferences
• Location Data: Location names, addresses, contact information, and location-specific settings
• Employee Data: Employee names, designations, photos (optional), and employee-specific QR code information
• Email Configuration: Notification email addresses and email verification status for operational purposes

Technical Data

We automatically collect certain technical information when you use our service:

• Device Information: IP address, browser type, device type, and operating system
• Usage Data: Pages visited, time spent on pages, and interaction patterns
• Analytics Data: QR code scan counts and platform usage metrics

Email Logs

For operational and delivery tracking purposes, we maintain logs of:

• Email recipient addresses
• Email delivery status (sent, delivered, failed)
• Email type (notifications, operational emails)
• Timestamp information for email delivery tracking

Google Business Profile (GMB) Data

When you connect your Google Business Profile to RevUp, we collect and store:

• OAuth Tokens: Encrypted OAuth access and refresh tokens for Google Business Profile API access
• Business Profile Information: Business name, address, phone number, website, hours of operation, description, and status
• Historical Metrics Data: Daily snapshots of profile views, search appearances (direct and discovery), direction requests, phone calls, website clicks, booking actions, total reviews, and average ratings
• Review and Rating Data: Existing reviews from your Google Business Profile, ratings distribution, and review content
• Category and Service Data: Primary and additional business categories, service offerings, and business attributes (amenities, features, specializations)
• Keyword Data: Keywords extracted from your business description, reviews, Q&A sections, posts, and services for SEO analysis
• Review Pattern Analysis: Common themes, service mentions, language patterns, and sentiment patterns identified in your reviews
• Profile Health Data: Calculated profile health scores based on completeness, SEO optimization, review quality, and business information accuracy
• Search Keyword Impressions: Actual search keywords used by customers to find your business in Google Search and Maps
• Competitive Insights: Performance comparisons with similar businesses, action insights, audience insights, and time-based engagement data

Google OAuth Data Usage

When you connect your Google account to RevUp, we request access to the following Google services:

Gmail API Access

Scope: https://www.googleapis.com/auth/gmail.send and https://www.googleapis.com/auth/userinfo.email

• Purpose: To send review request emails on behalf of your business
• Data Accessed: Email sending permissions only (we do not read, access, or store your emails)
• How We Use It: We use Gmail API to send review request emails to your customers, including bulk review requests via CSV campaign uploads
• Data Storage: OAuth access tokens and refresh tokens are encrypted and stored securely in our database
• Data Retention: Tokens are retained while your account is active and deleted immediately upon account closure or when you revoke access

Google Business Profile API Access

Scope: https://www.googleapis.com/auth/business.manage

• Purpose: To sync and manage your Google Business Profile data
• Data Accessed: Business information, reviews, ratings, performance metrics, and profile settings
• How We Use It: We sync your business profile data to provide analytics, review management, and performance insights
• Data Storage: OAuth tokens and synced business data are encrypted and stored securely
• Data Retention: Tokens and synced data are retained while your account is active and deleted 12 months after account closure

Analytics and Performance Data

We collect analytics data to provide insights and improve our platform:

• QR Scan Tracking: QR code scan counts per location and per employee, including timestamps and attribution data
• Sentiment Distribution: Analytics on positive vs negative distribution across locations and employees
• Employee Performance Metrics: Employee-specific analytics including attribution, performance comparisons, and leaderboard data
• Location Performance Data: Location-specific analytics including scan counts, conversion rates, sentiment distribution, and performance comparisons across multiple locations

Data Access: Analytics data is accessible only to platform developers (for service improvement and technical support) and the respective business owners. This data is not shared with third parties.

Data Retention: Analytics data is retained for as long as your account is active and for a period of 24 months after account closure for business intelligence and platform improvement purposes, after which it is deleted or anonymized.

How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: Process and deliver customer feedback to business owners and provide platform functionality
• Google Business Profile Management: Sync and manage your Google Business Profile data, including business information, reviews, metrics, and performance analytics
• Analytics and Insights: Provide business dashboards with analytics including QR scan counts, conversion rates, sentiment distribution, employee performance tracking, and Google Business Profile performance metrics
• SEO Optimization: Analyze keyword data, review patterns, and profile health to provide SEO recommendations and optimization insights
• Email Communications: Send operational emails including feedback notifications, system updates, and service-related communications
• Platform Improvement: Analyze usage patterns to improve our service, fix bugs, and develop new features
• Security and Fraud Prevention: Detect and prevent fraudulent activity, unauthorized access, and ensure platform security
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

How We Share Your Information

We share your information only in the following circumstances:

With Business Owners

Customer information is shared with the respective business owners whose QR codes were scanned. This includes:

• Customer contact information (if provided)
• Employee attribution data (which employee received the information)
• Location information

Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Protect the rights, property, or safety of our users or others
• Prevent or investigate fraud or security issues

No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Your data is used solely to provide and improve our service.

Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Data is encrypted in transit using HTTPS/TLS and at rest using database encryption
• Access Controls: Multi-tenant architecture with Row Level Security (RLS) policies ensuring data isolation between businesses
• Authentication: Secure authentication system with password protection and session management
• Secure Storage: Data stored in secure, monitored databases with regular backups
• OAuth Token Security: Email and Google Business Profile OAuth tokens are encrypted before storage in our database

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining the highest security standards.

Data Retention

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for a reasonable period after account closure for legal and business purposes
• Feedback Data: Retained to provide ongoing access to business owners for customer relationship management
• Google Business Profile Data: Retained while your account is active and for 12 months after account closure for historical analytics purposes
• Analytics Data: Retained for 24 months after account closure for business intelligence and platform improvement purposes
• Email Logs: Retained for delivery tracking and operational purposes

When you request account deletion, we will delete or anonymize your personal information in accordance with applicable laws, except where we are required to retain information for legal, regulatory, or business purposes.

Your Rights

You have the following rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (subject to legal and business requirements)
• Data Portability: Request a copy of your data in a structured, machine-readable format
• Objection: Object to certain processing of your personal information
• Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise these rights, please contact us using the contact information provided at the end of this Privacy Policy. We will respond to your request within a reasonable timeframe and in accordance with applicable laws.

Cookies and Tracking

We use cookies and similar tracking technologies to:

• Maintain your session and authentication state
• Remember your preferences and settings
• Analyze platform usage and performance
• Improve user experience

We do not use third-party advertising cookies or tracking for marketing purposes. You can control cookie preferences through your browser settings, though disabling cookies may affect platform functionality.

Children's Privacy

RevUp is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately, and we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated Privacy Policy on this page
• Updating the "Last updated" date at the top of this policy
• Sending an email notification to registered users for significant changes

Your continued use of RevUp after any changes to this Privacy Policy constitutes acceptance of the updated policy. We encourage you to review this Privacy Policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: