Back

Privacy Policy

Last updated: February 18, 2026

Introduction

RevGuard ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Account Information

When you sign up for RevGuard, we collect:

  • Email address (via Google OAuth)
  • Google account profile information (name, profile picture)

Stripe Connection Data

When you connect your Stripe account, we collect and store:

  • Stripe account ID
  • OAuth access and refresh tokens
  • Webhook events related to failed payments
  • Customer email addresses (for recovery emails)
  • Invoice and payment metadata

Usage Data

We automatically collect certain information when you use our service:

  • Log data (IP address, browser type, pages visited)
  • Recovery attempt outcomes
  • Dashboard interactions

How We Use Your Information

We use your information to:

  • Provide and maintain our service
  • Monitor failed payments and execute recovery workflows
  • Send recovery emails to your customers
  • Process payment retries through Stripe
  • Generate billing invoices
  • Provide customer support
  • Improve our service and develop new features
  • Comply with legal obligations

Data Sharing and Disclosure

Third-Party Service Providers

We share data with the following service providers:

  • Stripe: Payment processing and Stripe Connect integration
  • Supabase: Database hosting and authentication
  • Resend: Transactional email delivery
  • Vercel: Application hosting
  • Sentry (optional): Error monitoring and performance tracking

Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

Business Transfers

If RevGuard is involved in a merger, acquisition, or asset sale, your information may be transferred as part of that transaction.

Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data encrypted in transit (TLS/HTTPS)
  • All data encrypted at rest in Supabase PostgreSQL
  • Stripe OAuth tokens stored securely with row-level security
  • Regular security audits and updates
  • PCI compliance through Stripe (we never handle raw card data)

Account Deletion

When you disconnect your Stripe account or request account deletion, we will:

  • Immediately revoke Stripe OAuth access
  • Retain billing and recovery records for 7 years (legal/tax compliance)
  • Delete all other personal data within 30 days

To request account deletion, email privacy@getrevguard.com

Your Rights

Depending on your location, you may have the following rights:

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data
  • Portability: Request transfer of your data
  • Objection: Object to processing of your data
  • Restriction: Request restriction of processing

To exercise these rights, email us at privacy@getrevguard.com

International Data Transfers

Your data may be transferred to and processed in countries other than your own, including the United States and Australia. We use the following safeguards:

  • Data is stored in Supabase (AWS infrastructure)
  • Stripe processes payment data under their own GDPR-compliant Data Processing Agreement
  • Email delivery via Resend (US-based)
  • We rely on Standard Contractual Clauses (SCCs) for transfers from the EEA to countries without an adequacy decision
  • All service providers are contractually bound to protect your data

Data Retention

We retain your data for the following periods:

  • Account data: Until you delete your account
  • Stripe connection data: Until you disconnect, then deleted within 30 days
  • Billing records: 7 years (legal/tax compliance)
  • Recovery attempt logs: 2 years
  • Email delivery logs: 90 days
  • Audit logs: 1 year

Cookies & Tracking

We use essential cookies for authentication and session management. We also use:

  • Sentry: Error tracking and performance monitoring (IP addresses are not stored; errors may include technical context but no personal identifiers)
  • Vercel Analytics: Page views and performance (privacy-focused, no personal data collected)

We do not use advertising cookies or sell your data to third parties.

GDPR (European Users)

If you are in the European Economic Area (EEA), you have additional rights under GDPR:

  • Legal basis: We process your data based on contractual necessity (to provide the service) and legitimate interest (to improve our service)
  • Data controller: RevGuard is the data controller for merchant account data
  • Data processor: RevGuard acts as a data processor for your customers' data (we process it on your behalf)
  • DPA: Enterprise customers may request a Data Processing Agreement
  • Supervisory authority: You have the right to lodge a complaint with your local data protection authority if you believe we have violated your rights

To exercise GDPR rights, email privacy@getrevguard.com. We will respond within 30 days. We may request verification of your identity before processing your request.

CCPA (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act:

  • Right to know what personal information we collect
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we do not sell your data)
  • Right to non-discrimination for exercising your rights

Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, contact us at:

Email: privacy@getrevguard.com

RevGuard
Victoria, Australia