You must have ended up here because you care about your and your users’ privacy. That’s great.
The lawyers make us write a bunch of fancy words in our official policy but its worth laying out in more plain language what our policy on data privacy is.
There are two different kinds of data we touch: your personal data as the developer and the data of your customers who use your app that uses RevenueCat. We have different policies for each and it’s worth breaking down:
Your customer data, which would, by association, include information about your business, are under a completely different set of policies. In GDPR terms, we are a “processor” here. This data is probably why you are here in the first place. Two important points:
We will never share information about your app outside of RevenueCat
The data about your revenue and your users stays within RevenueCat. We do utilize some 3rd party services for hosting, such as AWS, but that data is encyrypted and unavailable to those providers.
We will never send identifiable information about your users to 3rd parties without your constent
With the exception of opt-in integrations, we won’t send information about your subscribers to any 3rd parties. We don’t want the liability of any downstream processors having issues and compromising your data. We want to keep it with us, where we can have some control over its security.
We will never sell your data
We’re in the business of making money off of you making money. We have no interest in trying to turn a 2nd order profit by fencing information about your business. We may, at some point, utilize aggregate data to provide insights in our app (i.e. “your app is 20% below average for churn”), but it would not be possible to extract any meaningful information about your business from that.
Last update: January 24th, 2019
This policy (together with our terms of service and any other documents referred to in it) sets out:
We will collect and process the following personal data from you:
This is information we receive about you:
Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with promotional update communications by email about our products and services. You can object to further marketing at any time by checking and updating your contact details within your account, or selecting the “unsubscribe” link at the end of all our marketing and promotional update communications to you, or by submitting your email address here.
We may give your information to:
Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy. If any of these parties are using your information for direct marketing purposes, we will only transfer the information to them for that purpose with your prior consent.
Selected third parties
The data that we collect from you will be stored in the USA.
The site may, from time to time, make chat rooms, message boards, news groups and/or other public forums available to its users. Any information that is disclosed in these areas becomes public information and you should exercise caution when using these and avoid posting any personal information
The site is intended for use only by persons who are at least 16 years of age. By using the site, you confirm to us that you meet this requirement. If you are under the age of 18, you confirm you have received permission from your parent or guardian before using this site or sending us personal information.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
Our site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
We retain personal data during any period in which you have expressed an interest in our products and services, for as long as you have an account with us in order to meet our contractual obligations to you, and for six years after that to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
You can also exercise the rights listed above at any time by contacting us at firstname.lastname@example.org.
We would appreciate the opportunity to directly address any GDPR issues you may have. Please contact us at email@example.com. You do, however, have the right to approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html for data protection authorities in the EU).
Customer agreements are in place with each RevenueCat customer. These agreements cover data transfers to third parties that may occur as part of RevenueCat’s provision of its services to the customer.
See also our data processing addendum.
300 Euclid Ave, San Francisco, CA, 94118