Privacy Policy
Effective date: [EFFECTIVE DATE]
This Privacy Policy explains how [COMPANY LEGAL NAME] ("revibear," "we," "us") collects, uses, and discloses information in connection with the revibear application and related services (the "Service"), available at [WEBSITE URL].
revibear is a business-to-business sales analytics tool. Most data we handle is business data that our customers (companies) provide or connect so that we can analyze it on their behalf. For that customer-provided data, the customer is the controller and revibear acts on the customer's instructions under our Data Processing Agreement. This Policy focuses on the personal information we handle directly.
1. Information we collect
Account & identity information. When a user is invited or signs up, our authentication provider (Clerk) processes the user's name, email address, and login identifiers. We store the user's email, name, role, and organization association.
Customer business data you connect or upload. At a customer's direction, the Service ingests sales and CRM data (for example deals, contacts, pipeline, quotas) and documents (for example PDF, PowerPoint, and Word files) via uploads or connectors such as Google Drive. This data may incidentally contain personal information about a customer's own employees or contacts. We process it solely to provide the Service.
Usage and query data. Questions you ask the AI, generated responses, chat history, and feature-usage and token-consumption metrics.
Technical and diagnostic data. IP address, browser/device information, log data, and error reports (via Sentry) generated when you use the Service.
We do not intentionally collect special categories of sensitive personal information, and we ask that you not upload it.
2. How we use information
- To provide, operate, secure, and improve the Service;
- To authenticate users and manage organizations and roles;
- To run AI analysis you request and return results;
- To monitor usage, enforce limits, and prevent abuse;
- To diagnose problems and maintain reliability;
- To communicate with you about the Service; and
- To comply with law and enforce our agreements.
AI processing. To answer your questions, relevant query text and business data are sent to our AI provider (Anthropic) for processing. We do not sell your data, and we do not use your customer business data to train our own models.
3. How we share information
We share information with subprocessors that perform services on our behalf, under contracts that restrict their use of the data:
| Subprocessor | Purpose |
|---|---|
| Anthropic | AI analysis / chat responses |
| Clerk | Authentication and user management |
| Google (Drive API / OAuth) | Optional customer data/document connector |
| Amazon Web Services (S3) | Document/file storage |
| Voyage AI or OpenAI | Document embeddings for semantic search |
| Sentry | Error monitoring and diagnostics |
| Railway | Application and database hosting |
| Vercel | Web application hosting |
We may also disclose information: to comply with law or valid legal process; to protect our rights, users, or the public; and in connection with a merger, acquisition, or sale of assets (subject to this Policy). We do not sell personal information, and we do not "share" it for cross-context behavioral advertising as those terms are defined under California law.
4. Data retention
We retain personal information for as long as needed to provide the Service and for legitimate business or legal purposes. Customer business data is retained per the customer's instructions and the applicable order or DPA; on termination it is deleted or returned as described there. Audit logs are retained for up to two years. We may retain backups and de-identified data for longer.
5. Security
We use technical and organizational measures designed to protect information, including encryption in transit, encryption of stored connector credentials, access controls and role-based permissions, per-organization data isolation, and audit logging. No method of transmission or storage is perfectly secure, and we cannot guarantee absolute security.
6. Your California privacy rights (CCPA/CPRA)
If you are a California resident, you may have the right to:
- Know / access the categories and specific pieces of personal information we have collected about you;
- Delete personal information we have collected, subject to exceptions;
- Correct inaccurate personal information;
- Opt out of sale or sharing of personal information — note we do not sell or share personal information; and
- Non-discrimination for exercising your rights.
To exercise these rights, contact us at [PRIVACY EMAIL]. We will verify your request before responding. If your personal information was provided to us by a business customer (your employer), we will direct your request to that customer, who is the controller of that data.
The categories of personal information we collect are described in Section 1. We collect them for the business purposes in Section 2 and disclose them to the service providers in Section 3.
7. Children's privacy
The Service is not directed to children under 16, and we do not knowingly collect personal information from them.
8. International users
The Service is operated in the United States. If you access it from outside the US, you understand your information will be processed in the US.
9. Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new effective date and, where appropriate, provide additional notice.
10. Contact us
[COMPANY LEGAL NAME] [NOTICE ADDRESS] [PRIVACY EMAIL]