Privacy Policy

RevOG ("we," "us," or "our") operates a sales performance platform built for modern sales organizations. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our platform, including Track (sales analytics dashboard) and Target (CRM for sales teams), along with our website and related services (collectively, the "Service").

By accessing or using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use the Service.

This policy should be read alongside our Terms of Service and Cookie Policy.

We use the information we collect to:

• Provide, operate, and maintain the Service, including Track dashboards and Target CRM functionality
• Process and display sales analytics by aggregating data from connected wholesale platform APIs
• Enable multi-tenant organization management, including user invitations, role assignments, and team administration
• Process subscription billing and manage your account through Stripe
• Improve and optimize the Service based on usage patterns and feedback
• Send administrative communications, including service updates, security alerts, and support messages
• Detect, prevent, and address technical issues, fraud, or security concerns
• Comply with legal obligations and enforce our Terms of Service

We do not use your sales data or CRM data to train machine learning models, build competitive intelligence products, or for any purpose other than providing the Service to your organization.

We share information only with service providers that are necessary to deliver the Service. We do not sell, rent, or trade your personal information or your organization's sales data to third parties.

Our service providers include:

• Clerk -- Authentication, user management, and organization-based session handling
• Stripe -- Payment processing, subscription management, and billing
• Neon (Postgres) -- Primary database hosting for account, CRM, and application data
• Vercel -- Application hosting, deployment, and content delivery
• ClickHouse / MooseStack -- Analytics data processing and aggregation for sales reporting dashboards
• Wholesale Platform APIs -- Data is exchanged with wholesale platforms (such as Apex Trading) as configured and authorized by your organization

Each service provider is contractually obligated to use your data only for the purposes of providing their service to us and to maintain appropriate security measures.

We may also disclose information if required to do so by law, in response to a valid legal process (such as a subpoena or court order), to protect our rights or safety, or in connection with a merger, acquisition, or sale of assets (in which case we will notify affected users).

We retain your information for as long as your account or organization subscription is active, or as needed to provide the Service. Specific retention practices include:

• Account data -- Retained for the duration of your account. Upon account deletion, personal information is removed within 30 days, except where retention is required by law.
• Sales and CRM data -- Retained for the duration of your organization's subscription. Upon subscription termination, all organizational data is deleted within 60 days unless a longer retention period is requested or required by law.
• Analytics data -- Aggregated analytics data stored in ClickHouse is deleted alongside the associated organizational data upon subscription termination.
• Usage logs -- Usage and access logs are retained for up to 12 months for security and troubleshooting purposes, then automatically purged.
• Backups -- Database backups that may contain your data are retained for up to 30 days beyond the primary data deletion date and then destroyed.

You may request early deletion of your data by contacting us at the address provided in the Contact Information section below.

We take the security of your data seriously and implement industry-standard measures to protect it. Our security practices include:

• Encryption in transit -- All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security)
• Encryption at rest -- Data stored in our databases is encrypted at rest using AES-256 encryption
• Multi-tenant isolation -- Every database query is scoped to your organization's unique identifier (org_id), ensuring strict logical separation of data between organizations. No organization can access another organization's data.
• Authentication security -- User authentication is managed by Clerk, which provides session management, multi-factor authentication options, and protection against common authentication attacks
• Access controls -- Role-based access controls within organizations ensure that users only see data relevant to their role and assigned locations
• Infrastructure security -- Our hosting providers (Vercel, Neon, and ClickHouse) maintain SOC 2 compliance and implement comprehensive physical and network security controls

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents. For more details, please visit our Security page.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Right to access -- You may request a copy of the personal information we hold about you
• Right to correction -- You may request that we correct inaccurate or incomplete personal information
• Right to deletion -- You may request the deletion of your personal information, subject to certain legal exceptions
• Right to data portability -- You may request an export of your data in a structured, commonly used, machine-readable format
• Right to opt out -- You may opt out of non-essential communications at any time
• Right to restrict processing -- You may request that we limit how we use your personal information in certain circumstances

To exercise any of these rights, please contact us at privacy@revog.com. We will respond to your request within 30 days. Organization administrators may also manage user data and access directly through the platform's administration settings.

We recognize that sales data in our industry is particularly sensitive and competitively valuable. RevOG is built with this understanding at its core:

• Competitive data isolation -- Your organization's sales data, customer lists, pricing strategies, account relationships, and performance metrics are strictly isolated from every other organization on the platform. There is no cross-organization data access, aggregation, or benchmarking that could expose your competitive position.
• Wholesale platform data -- Data imported from wholesale platforms such as Apex Trading is treated with the same level of confidentiality as data entered directly into the platform. We access only the data scopes authorized by your API integration configuration.
• Dispensary and buyer data -- Contact information, purchasing patterns, and relationship data for dispensary accounts entered into Target are owned by your organization and are never shared with other organizations, competitors, or third parties.
• Sales representative data -- Individual rep performance data, activity logs, and territory assignments are visible only to authorized members within your organization based on their role and location-scoped permissions.

We understand that trust is the foundation of business relationships. We are committed to maintaining strict data boundaries and never leveraging one customer's data to benefit another.

The Service is a business-to-business platform designed for use by professionals in the industry. It is not directed at individuals under the age of 18, and we do not knowingly collect personal information from anyone under 18 years of age. If we become aware that we have inadvertently collected personal information from a person under 18, we will take steps to delete that information promptly. If you believe that a minor has provided us with personal information, please contact us at privacy@revog.com.

RevOG is based in the United States, and our primary data processing occurs within the United States. Our service providers may process data in various locations. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers maintain facilities.

By using the Service, you consent to the transfer of your information to the United States and other jurisdictions as described in this policy. We take steps to ensure that your data is treated securely and in accordance with this Privacy Policy regardless of where it is processed, including implementing appropriate contractual safeguards with our service providers.

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable laws. When we make material changes, we will:

• Update the "Last updated" date at the top of this page
• Notify organization administrators via email at least 30 days before material changes take effect
• Display a prominent notice within the Service for significant updates

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically for the latest information on our privacy practices.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information.

To submit a CCPA request, please contact us at privacy@revog.com. We will verify your identity before processing your request and respond within 45 days as required by law.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 30 business days.