Privacy Policy

Last updated: March 2026

Revtown ("we", "our", "us") operates revtown.io and app.revtown.io. This policy explains what data we collect, how we use it, and how we protect it. Questions: hello@revtown.io.

What we collect

When you use the hosted dashboard (app.revtown.io):

• Account information — email address and password (hashed, never stored in plaintext) when you create an account.
• CRM OAuth tokens — HubSpot access and refresh tokens, scoped to the minimum permissions required by each agent. Stored encrypted in Supabase (AES-256 at rest).
• Anthropic API key — stored encrypted in Supabase. Used only to make API calls on your behalf during agent runs.
• Run metadata — issue counts, severity levels, scores, and timestamps from each agent run. Never raw CRM records.
• Business context — optional thresholds you configure (sales cycle length, deal value thresholds, SLA windows). Used to calibrate agent checks.

When you use the self-hosted CLI (npx revtown):

• All credentials stay on your local machine in .env. Nothing is sent to Revtown servers.
• The only external calls are to HubSpot (your token) and Anthropic (your API key). No data passes through Revtown infrastructure.

What we never store

• Raw CRM records — contact names, emails, phone numbers, company names, deal amounts, or any PII from your CRM
• CRM credentials in plaintext
• Payment information (handled by Stripe directly)

What gets sent to Claude API

• Aggregate counts: "247 contacts audited, 12 issues found"
• Issue category labels: "missing email", "no associated company"
• Severity breakdowns: counts by critical / warning / info

What never gets sent: contact names, email addresses, company names, deal names, amounts, or any record-level data from your CRM. Your data stays in your CRM.

How we use your data

• To authenticate you and associate runs with your org
• To run agents against your CRM on your behalf
• To generate AI summaries of agent findings
• To display your run history and score trends on the dashboard
• To send Slack notifications if you have configured a webhook

We do not sell your data. We do not use your data to train AI models. We do not share your data with third parties except as described below.

Third parties

• Vercel — hosting and serverless functions. Processes requests but does not store application data.
• Supabase — database and auth. Stores encrypted credentials and run metadata.
• Anthropic — AI API for generating agent summaries. Receives aggregate metadata only.

Your rights (GDPR / CCPA)

You have the right to access, correct, export, or delete your personal data. Email hello@revtown.io — we will respond within 30 days.

Revoking CRM access

You can revoke Revtown's access to your CRM at any time without contacting us:

• HubSpot: Settings → Integrations → Connected Apps → Revoke
• Salesforce: Setup → Connected Apps → Revoke

Revoking immediately terminates all Revtown access to your CRM. Stored run history is unaffected.

Changes to this policy

We will update this page when the policy changes and notify active users by email.

Contact

Privacy questions: hello@revtown.io