Revenue Growth Agent
Home Get Started
Legal

Privacy Policy

Company: RevenueCEO, LLC  ·  Effective Date: May 10, 2025  ·  Last Updated: May 28, 2026

For the controls and security architecture behind this policy, see the Trust & Security Center. For the current sub-processor list, see /sub-processors.

Introduction

RevenueCEO, LLC ("we," "our," or "us") operates the Revenue Growth Agent platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Personal Information

We collect personal information that you provide directly to us:

  • Account Information: Name, email address, company name, job title
  • Payment Information: Billing details, credit card information (processed by third-party payment processors)
  • Contact Information: Phone number, company address
  • Profile Information: User preferences, settings, and configurations

1.2 CRM Data

When you integrate Revenue Growth Agent with your CRM platform (Salesforce, HubSpot, or other supported systems):

Data We Collect from CRM:

  • Contact / Lead Information: First Name, Last Name, Email, Phone
  • Company Information: Company Name, Website URL, Industry, Company Size
  • Professional Information: Job Title, LinkedIn Profile URL
  • Meeting Prep Form Data: Any additional information you enter when generating meeting preps or discovery sessions

Data We Store:

We store the above CRM data in our database (Airtable) for the following purposes:

  • Generate meeting preparation documents
  • Track meeting prep history
  • Provide discovery session support
  • Improve service quality

Data We Do NOT Store:

  • Full CRM records (we only store fields listed above)
  • Opportunity data, deal stages, or pipeline information
  • Custom CRM fields not explicitly entered in our forms
  • Sensitive personal information (SSN, financial data, health data)

Important: We access CRM data via OAuth tokens and signed requests, but only retain the specific fields you provide through our meeting prep and discovery forms.

1.3 Client-Provided Content

You may upload or provide content to enhance our Service:

  • Documents: PDFs, case studies, presentations, sales collateral
  • Links: Website URLs, LinkedIn profiles, news articles
  • Company Information: Product descriptions, value propositions, positioning
  • Custom Data: Any other content you provide for use as retrieval context

How it's used: Client-provided content is stored in Vercel Blob (source files) and indexed as vector embeddings in our retrieval-augmented generation (RAG) database powered by Pinecone. This enables personalized, company-specific insights in meeting preps, discovery, and proposals. Your content is never used to train commercial AI models.

1.4 Generated Content

Meeting Preparation Documents:

  • We generate .docx and .html briefing artifacts and store them in Vercel Blob under per-tenant paths.
  • A structured prep record (the inputs, the AI-generated outputs, and the briefing URLs) is stored in our database (Airtable).
  • Briefing artifacts are accessible via unique, long-form URLs scoped to the owning organization; cross-tenant URL access fails the server-side authorization check.

Discovery Session Outputs:

  • Sales-call transcript files are stored in Vercel Blob.
  • Structured MEDDIC analysis and themes are stored in Airtable.

Generated Proposals:

  • The generated proposal is returned to the user as a downloadable document; the structured proposal record is stored in Airtable.

1.5 Usage Data

We automatically collect information about how you use the Service:

  • Log Data: IP address, browser type, operating system, pages visited
  • Usage Patterns: Features used, frequency of use, session duration
  • Device Information: Device type, unique device identifiers
  • Performance Data: Error logs, load times, API response times

1.6 Cookies and Tracking

We use cookies and similar tracking technologies to:

  • Maintain user sessions
  • Remember user preferences
  • Analyze usage patterns
  • Improve service performance

You can control cookies through your browser settings.

2. How We Use Your Information

2.1 Service Delivery

  • Generate AI-powered meeting preparation documents
  • Create discovery session summaries and insights
  • Integrate with your CRM platform (Salesforce, HubSpot, etc.)
  • Store and retrieve meeting prep history
  • Provide customer support and troubleshooting

2.2 Service Improvement

  • Analyze usage patterns to enhance features
  • Improve AI-generated insights using your client-provided content (stored in your private RAG database only)
  • Identify and fix bugs and technical issues
  • Develop new features and capabilities
  • Optimize performance and reliability

Important: We configure all AI providers (OpenAI, Anthropic) to opt out of using your data for their model training. Your data is never used to train commercial AI models. Configuration evidence is available on request.

2.3 Communication

  • Send service-related notifications
  • Provide customer support responses
  • Share product updates and new features
  • Send billing and payment confirmations
  • Deliver marketing communications (with your consent)

2.4 Legal and Compliance

  • Comply with legal obligations
  • Enforce our Terms of Service
  • Protect against fraud and abuse
  • Respond to legal requests (subpoenas, court orders)
  • Protect our rights and property

2.5 What We Do NOT Do

We do NOT:

  • Use your data to train commercial AI models (we opt out with all AI providers)
  • Allow AI providers (OpenAI, Anthropic) to train on your data
  • Sell your data to third parties
  • Share your data with advertisers
  • Use your CRM data for purposes outside of providing the Service
  • Access your CRM platform beyond what you authorize via OAuth

3. Data Sharing and Third-Party Services

3.1 Third-Party Service Providers

We engage third-party service providers ("sub-processors") that assist in operating the Service. Our current sub-processor list, including each vendor's purpose and the categories of data they process, is published and kept up to date at:

https://www.revenuegrowthagent.com/sub-processors

The list covers infrastructure and platform providers (such as Vercel, Airtable, Clerk, Upstash, Railway, Sentry, and Make.com), AI and data providers (such as Anthropic, OpenAI, Pinecone, PitchGhost, and Brandfetch), CRM and content integrations (such as Salesforce, HubSpot, Google Workspace, Dropbox, and Stripe), and providers that operate our marketing site and lead-generation surfaces (GoHighLevel for the marketing hub and demo bookings, and Google Analytics for visitor analytics).

When the list changes, we update that page. Customers with an executed Data Processing Agreement may request to be notified of changes. Continued use of the Service after the sub-processor list is updated constitutes acceptance of the revised list.

3.2 Data Processing Agreements

Upon request, we can provide Data Processing Agreements (DPAs) for customers requiring contractual data protection commitments, particularly for GDPR compliance. Contact support@revenuegrowthagent.com.

3.3 We Do NOT Sell Your Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

4. Data Storage and Security

4.1 Where Your Data is Stored

Primary Storage:

  • CRM Data (Contact / Lead info from meeting prep forms): Airtable (US-based)
  • Generated Briefings & Source Files (meeting prep .docx and .html, transcripts, uploaded knowledge base): Vercel Blob (US-based)
  • Client-Provided Content Embeddings (RAG database): Pinecone (US-based)
  • Application Data (logs, configurations): Vercel (US-based)

International Transfers:

If you are located outside the United States, your data may be transferred to and processed in the United States. We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses (SCCs) with processors
  • EU-US Data Privacy Framework compliance (where applicable)
  • Contractual commitments with third-party processors

4.2 Security Measures

We implement industry-standard security practices. The full security architecture is described in our Trust & Security Center; in summary:

Encryption:

  • All data transmitted via HTTPS / TLS 1.3
  • Stored CRM credentials (the Salesforce integration private key and HubSpot OAuth tokens) are additionally encrypted at rest with application-layer AES-256-GCM, with the master encryption key held in a separate platform environment from the database that stores the ciphertext

Access Controls:

  • Role-based access control (RBAC)
  • Multi-factor authentication (MFA) on every system holding customer data or tokens
  • Principle of least privilege

Authentication:

  • For Salesforce: OAuth 2.0 JWT-Bearer flow against a customer-created External Client App, with a certificate-signed assertion, no shared client secret, and no long-lived refresh token
  • For HubSpot: OAuth 2.0 authorization flow
  • For the in-Salesforce component: short-lived, signed (HS256) tokens minted by your Salesforce org and exchanged for an HttpOnly session cookie over an encrypted handshake
  • Web app authentication (login): handled by Clerk via JWT

Monitoring:

  • Automated error tracking and alerting
  • Security audit logs
  • Regular security assessments (OWASP ZAP scanning with zero high- or medium-severity findings)

Application Security:

  • Rate limiting on authentication, API, and upload paths
  • Input validation on all endpoints
  • Regular dependency updates and security patches

However, no system is 100% secure. You acknowledge that you use the Service at your own risk.

4.3 Data Breach Notification

In the event of a data breach affecting your personal information:

  • We will notify affected customers within 72 hours of discovery
  • We will provide details of the breach and remediation steps
  • We will cooperate with regulatory authorities as required by law

5. Data Retention

5.1 Active Subscription

While your subscription is active, we retain all data you provide to and generate within the Service — account information, CRM data, sales-call transcripts, uploaded knowledge-base content, generated meeting prep and proposal documents — for the duration of your subscription. Usage logs (request paths, response times, error traces) are retained for 90 days for debugging and security.

5.2 After Cancellation

After your subscription is cancelled or terminated, we retain all customer data — account information, CRM data, sales-call transcripts, uploaded content, and generated documents — for 90 days, after which it is permanently deleted from our production systems. Backups roll off on the underlying platform providers' standard backup retention schedules; encrypted CRM credentials in backups remain encrypted.

Early Deletion: You may request immediate deletion of your data by emailing support@revenuegrowthagent.com. We will process such requests within 30 days.

5.3 Legal Retention

We may retain certain data longer if required by:

  • Legal obligations (tax records, audit requirements)
  • Dispute resolution or litigation
  • Fraud prevention or security investigations

6. Your Rights and Choices

6.1 Access and Portability

You have the right to:

  • Request a copy of your personal information
  • Export your data in CSV or JSON format
  • Access your CRM data stored in our database

How to Request: Email support@revenuegrowthagent.com.

6.2 Correction and Update

You have the right to:

  • Correct inaccurate personal information
  • Update your account details
  • Modify your CRM integration settings

How to Update: Access your account settings or email support@revenuegrowthagent.com.

6.3 Deletion ("Right to be Forgotten")

You have the right to:

  • Request deletion of your personal information
  • Request deletion of CRM data we've stored
  • Request deletion of generated content
  • Close your account

How to Request: Email support@revenuegrowthagent.com. We will process within 30 days.

Limitations: We may retain data if required by law or for legitimate business purposes (fraud prevention, dispute resolution).

6.4 Opt-Out of Marketing

You have the right to:

  • Unsubscribe from marketing emails (click "unsubscribe" in any email)
  • Opt out of promotional communications
  • Continue receiving service-related emails (account updates, billing, security)

6.5 CRM Permissions

You control what data we access via CRM integrations:

  • Revoke OAuth tokens at any time via Salesforce / HubSpot settings
  • Disable the External Client App from Salesforce Setup
  • Disconnect HubSpot integration

This will stop all data access immediately.

7. GDPR Compliance (European Union)

If you are located in the European Economic Area (EEA):

7.1 Legal Basis for Processing

We process your data based on:

  • Contract Performance: To provide the Service you subscribed to
  • Legitimate Interest: To improve the Service, prevent fraud, ensure security
  • Consent: For marketing communications, optional features

7.2 Data Controller and Processor

  • Data Controller: You (the customer / subscriber)
  • Data Processor: RevenueCEO, LLC (we process data on your behalf)

7.3 Your GDPR Rights

  • Right to access your personal data
  • Right to rectification (correct inaccurate data)
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with your supervisory authority

Data Protection Officer: support@revenuegrowthagent.com

7.4 International Transfers

We transfer data from the EEA to the United States. We use Standard Contractual Clauses (SCCs) approved by the European Commission to ensure adequate protection.

8. CCPA Compliance (California)

If you are a California resident:

8.1 Categories of Data Collected

  • Identifiers: Name, email, IP address, device ID
  • Commercial Information: Purchase history, subscription details
  • Professional Information: Job title, company name, industry
  • Internet Activity: Usage patterns, browsing history on our Service
  • Inferences: Preferences derived from usage patterns

8.2 Purpose of Collection

  • Provide and improve the Service
  • Process payments and subscriptions
  • Customer support and communication
  • Security and fraud prevention
  • Legal compliance

8.3 Third-Party Sharing

We share data with service providers listed in Section 3 (and at /sub-processors). We do NOT sell your personal information.

8.4 Your CCPA Rights

  • Right to Know: Request what data we collect, use, and share
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of data sales (not applicable — we don't sell data)
  • Right to Non-Discrimination: We will not discriminate for exercising your rights

How to Exercise Rights: Email support@revenuegrowthagent.com or call (239) 456-3336. We will verify your identity before processing requests.

9. Children's Privacy

Our Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, contact us immediately at support@revenuegrowthagent.com and we will delete it promptly.

10. Changes to This Privacy Policy

10.1 Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes by:

  • Posting the updated policy on our website
  • Updating the "Last Updated" date
  • Sending email notifications (for significant changes)

Your continued use of the Service after changes indicates acceptance of the updated Privacy Policy.

10.2 Changes to Sub-Processors

We may add or remove sub-processors over time. We will reflect any such change on the sub-processor list at https://www.revenuegrowthagent.com/sub-processors. For customers operating under an executed Data Processing Agreement, we will use commercially reasonable efforts to provide notice of material additions in advance where practicable. Your continued use of the Service after the sub-processor list is updated constitutes acceptance of the change.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy:

Mailing Address:

RevenueCEO, LLC
1616 Cape Coral Parkway West
Suite 102-196
Cape Coral, FL 33914
United States

Response Time: We aim to respond to all inquiries within 5 business days.

12. State-Specific Disclosures

12.1 Nevada Residents

Nevada residents may opt out of the sale of personal information. We do not sell personal information as defined by Nevada law. If you have questions, contact support@revenuegrowthagent.com.

12.2 Other US States

If you reside in Virginia, Colorado, Connecticut, Utah, or other states with privacy laws, you may have additional rights similar to GDPR and CCPA. Contact us at support@revenuegrowthagent.com to exercise these rights.

Acknowledgment

By using the Revenue Growth Agent Service, you acknowledge that:

  • You have read and understood this Privacy Policy
  • You consent to the collection, use, and processing of data as described
  • You understand your rights and how to exercise them
  • You have authority to agree to these terms on behalf of your organization

Last Updated: May 28, 2026  ·  Effective Date: May 10, 2025  ·  Version: 2.1 (Trust Center harmonization)

© 2026 RevenueCEO, LLC. All rights reserved.