We collect information you give us, data we generate on your behalf, and data produced as you use our service. We use it to deliver marketing intelligence outputs, improve our systems over time, and run our business. We do not sell your data. Anonymised and aggregated signals,stripped of anything that could identify you or your brand,power the Collaborative Intelligence Network that makes every client's recommendations smarter over time. Network participation is a condition of the Service. Clients with documented regulatory obligations may request a Compliance Quarantine accommodation. Read Sections 5 and 6 for the full picture.
RevFlowLab ("we," "us," or "our") operates the website at revflowlab.com and the RevFlowLab Marketing Operating System (collectively, the "Service"). We are the data controller for personal information collected through the Service.
For all privacy-related matters, contact us at badis@revflowlab.com. We will respond within 30 days of any verified request.
As part of our own business development activities, we may collect publicly available business information about companies and their founders - such as company name, website URL, and publicly listed contact information - from publicly accessible sources. This information is used solely to determine whether a business might benefit from our Service, and to send an initial outreach message. We do not purchase personal data lists. If you have received outreach from us and wish to be removed, email badis@revflowlab.com and we will promptly delete your information.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Delivering the Service | Brand materials, account info, all generated outputs | Contract performance |
| Brand diagnostics & audits | Brand URL, submitted materials, market data | Contract performance |
| Competitive & market intelligence | Competitor URLs you provide; publicly accessible web data | Contract performance |
| Search & content intelligence (Tier 2) | Target keywords, niche data, publicly available search results | Contract performance |
| Improving AI output quality | Anonymised, aggregated correction & performance signals | Legitimate interest |
| Cross-client intelligence (see §5) | Anonymised niche-level engagement patterns | Legitimate interest / Consent |
| Billing & account management | Payment data, contact info | Contract performance |
| Customer support & onboarding | Communications, usage data | Legitimate interest |
| Security & fraud prevention | IP address, device data, usage logs | Legitimate interest |
| Our own marketing outreach | Publicly available business contact information | Legitimate interest |
| Sending marketing communications | Email address, engagement history | Consent |
A core component of the Service involves collecting and analysing publicly accessible information on your behalf. This includes publicly visible web pages, publicly available search engine results, and publicly accessible competitor content. We do this only when you direct us to.
We collect only publicly accessible information - content that any member of the public could access without authentication. We do not access private systems, bypass access controls, or collect information from pages requiring login. You are responsible for ensuring that any URLs or domains you submit to us are ones you have a legitimate interest in analysing.
A core feature of RevFlowLab is a shared intelligence layer that makes the system smarter over time and across clients. To power this, we use two categories of data:
Aggregated, anonymised signals derived from campaign performance across clients in the same market niche - for example, that a particular type of message structure performs above average in a given product category. Your brand name, copy assets, and any identifying information are never included in these aggregates.
When our operators review and correct AI-generated drafts, those corrections - including the nature of the error and how it was fixed - are logged and used as training signal to improve the quality of future outputs across the system. This data is stripped of any brand-identifying context before being used in system improvement.
Your brand identity, specific copy assets, proprietary brand materials, and competitive positioning are never shared with, visible to, or attributable to any other client. Only statistical patterns,stripped of all identifying context and aggregated across a minimum of three clients before any value is written,contribute to the shared intelligence layer.
Network participation is the default and a condition of the Service. The network is how the platform functions,every client that participates contributes anonymised patterns and receives the benefit of all other clients' intelligence. Clients with documented regulatory obligations requiring data isolation may request a Compliance Quarantine accommodation,see Section 6.
Clients with documented regulatory obligations (for example, GLBA, HIPAA, or legal privilege constraints) may request a Compliance Quarantine accommodation. This replaces what was previously referred to as "Private Vault Mode." It is a regulatory accommodation, not a paid feature or a general privacy option.
Under quarantine, your account data does not contribute to the cross-client intelligence network, and your account does not receive cross-client recommendations. Drafts are generated from your own edit history only. Recommendation quality is reduced,this is disclosed at onboarding. Quarantine must be requested in writing with documentation of the regulatory obligation. Email badis@revflowlab.com with subject "Compliance Quarantine Request".
Note: quarantine affects aggregation pipeline participation only. Your data is stored in the same infrastructure as all other clients. If your compliance requirement specifies physical data isolation beyond aggregation exclusion, contact us to discuss whether the Service can accommodate your specific requirement before subscribing.
We work with trusted third-party service providers who process data on our behalf. All processors are bound by confidentiality obligations and data processing agreements.
| Category | What They Process | Purpose |
|---|---|---|
| AI Model Providers | Brand context, project briefs, generated content | Content generation, analysis, quality scoring |
| Vector Database & Cloud Infrastructure | Account data, generated outputs, system logs | Data storage, retrieval, and platform operation |
| Workflow Automation | Project data passed between system components | Service delivery pipeline orchestration |
| Web Intelligence Tools | Publicly accessible URLs and web content you direct us to | Competitor analysis, market research, SEO intelligence |
| Email Delivery | Your email address, communication content | Service communications, account notifications |
| Payment Processor | Billing information | Subscription management and payment processing |
AI model providers we use are contractually prohibited from using your data to train their own models.
We do not sell, rent, or trade your personal data. We share information only in the following circumstances:
Depending on your location, you may have the following rights. To exercise any of these, email badis@revflowlab.com with subject line "Privacy Request".
Our infrastructure and third-party processors may be located outside your country of residence. Where required by law (for example, for transfers from the UK or EU), we implement appropriate safeguards such as Standard Contractual Clauses.
We implement industry-standard security measures including encryption in transit (TLS), access controls, and regular security reviews. No system is completely immune to risk. If you suspect any unauthorised access, notify us immediately at badis@revflowlab.com.
The Service is not directed to individuals under the age of 16. We do not knowingly collect data from children.
We may update this Privacy Policy from time to time. Material changes will be communicated by email or via a prominent notice on our website, with at least 14 days' notice before taking effect.
Data Request - "Privacy Request"
Opt-Out - "Intelligence Opt-Out"
Outreach Removal - "Remove Me"