This policy (together with our terms of service and any other documents referred to in it) sets out:
- Information we collect
- Cookies and other tracking technologies
- How we use your information
- Our promotional updates and communications
- Lawful Bases
- Who we share your information with
- Where we store your information
- How we respond to DNT signals
- How we protect your information
- How long we keep your information
- EU Citizen Rights
- Note to Users Outside the United States
- Changes to this policy
- Contact us
Our site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
Information we collect
We will collect and process the following personal data from you:
- Information you give us, which may consist of:
- Information about you that you give us by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our site, subscribe to our service, search for a product, in discussion boards or other social media functions on or via our site, enter a competition, promotion or survey, submit a query, providing information at trade shows or sponsored events and when you report a problem with our site;
- Your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph, login and password details; and
- Employment details if you send us a CV, resumé or other details of your employment history in connection with an advertised job vacancy or a general inquiry regarding employment opportunities with us.
- Technical information, which may include the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, operating system and platform;
- Information about your visit, which may include the full Uniform Resource Locators (URL), clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number or social media handle used to connect with our customer service team.
- IP Location data, where IP addresses are collected and location is inferred based on IP location.
- Information collected from other platform activities.
If you are using our products or services as a developer, the following information regarding your end users may be received and processed by us:
- “End User Technical Information”: This refers to technical information related to an end user’s mobile device or computer, such as: device type, operating system,
- “End User Transaction Information”: This refers to transaction information related to an end user’s activities with respect to your app or other digital product, and may include:
- Last seen time that the end user used your app or digital product;
- Apple receipt file; and
- Google purchase token,
- “Optional End User Information”: This refers to information that we may receive if you select or enable this option in our products, which may include:
- User ID of the end user in your app or digital product; and
- Additional attribution or metadata associated with an end user.
End User Technical Information, End User Transaction Information, and Optional End User Information are collectively referred to as “End User Information”.
Information we receive from other sources
We may receive other personal data about you:
- If you use any of the other websites or apps we operate or the other services we or our affiliates provide.
- From third parties we work with:, which may include Zapier Lead Scoring.
Cookies and other tracking technologies
How we use your information
Information we collect:
- We will use this information in our legitimate interests, where we have considered these are not overridden by your rights:
- To administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To keep our site safe and secure.
- For measuring or understanding the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.
- To improve our site to ensure that content is presented in the most effective manner for you and for your computer.
- To allow you to participate in interactive features of our site and service, when you choose to do so.
- To deliver and improve our products and services and your overall user experience.
Information we receive from other sources:
- We may combine this information with information you give to us and information we collect about you in our legitimate interests (where we have considered that these are not overridden by your rights). We will use this information and the combined information for the purposes set out above (depending on the types of information we receive).
End User Information:
- We will only use End User Information to provide our services and products to you, in accordance with the agreement agreed to and signed by us.
Our promotional updates and communications
Where permitted in our legitimate interest or with your prior consent where required by law, we will use your personal information for marketing analysis and to provide you with promotional update communications by email about our products and services. You can object to further marketing at any time by checking and updating your contact details within your account, or selecting the “unsubscribe” link at the end of all our marketing and promotional update communications to you, or by submitting your email address here.
We will only collect and process personal data where we have lawful bases. Lawful bases include consent(where you have given consent), contract (where processing is necessary for the performance of a contract with you (e.g. to operate the site or deliver any products or services you have requested) and “legitimate interests”. We rely on our legitimate interests as our lawful basis only where those interests are not overridden by the impact on you (unless we have your consent or our processing is otherwise required or permitted by law). If you have questions about the lawful bases of how we process your personal information, contact us at firstname.lastname@example.org.
Who we share your information with
We may share your information with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, who support our processing of personal data under this policy. If any of these parties are using your information for direct marketing purposes, we will only transfer the information to them for that purpose with your prior consent.
- Selected third parties which may include:
- Organizations who process your personal data on our behalf and in accordance with our instructions and applicable law. This includes organizations supporting the services we offer through the site, in particular organizations providing website and data hosting services, providing fulfillment services, distributing any communications we send, supporting or updating marketing lists, and facilitating feedback on our services. These organizations (which may include third party suppliers, agents, sub-contractors and/or other companies in the RevenueCat group of companies) will only use your information to the extent necessary to perform their support functions.
- Analytics and search engine providers that assist us in the improvement and optimization of our site and subject to the cookie section of this policy (this will not identify you as an individual).
- Payment processing providers, such as Stripe, who provide secure payment processing services. (Your payment card details are not shared with us by the provider.)
- We will disclose your personal information to third parties:
- If RevenueCat or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
Where we store your information
The data that we collect from you will be stored securely on Amazon Web Services (“AWS”) in the USA.
How We Respond to DNT Signals
Your browser settings may allow you to automatically transmit a Do Not Track signal to websites and other online services you visit. We do not alter our practices when we receive a Do Not Track signal from a visitor’s browser because we do not track our visitors to provide targeted advertising. To find out more about Do Not Track, please visit http://www.allaboutdnt.com.
The site may, from time to time, make chat rooms, message boards, news groups and/or other public forums available to its users. Any information that is disclosed in these areas becomes public information and you should exercise caution when using these and avoid posting any personal information.
The site is intended for use only by persons who are at least 16 years of age. By using the site, you confirm to us that you meet this requirement. If you are under the age of 16, you confirm you have received permission from your parent or guardian before using this site or sending us personal information.
How we protect your information
Security is one of our biggest priorities at RevenueCat. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
- All application data is secured in transit using TLS.
- Any payment transactions will be encrypted using SSL.
- RevenueCat audits changes to the application throughout the development lifecycle: architecture reviews are performed as well as stringent automated and manual code review processes.
- RevenueCat monitors application servers, infrastructure, and the RevenueCat network environment to detect potential abuse.
- RevenueCat uses Amazon Web Services (“AWS”) to persistently store Customer data and does not host Customer data on its premises. AWS is a leading cloud provider, and holds industry best security certifications, such as SOC2 and ISO 27001. Customer data sent to RevenueCat from around the world is sent to AWS data centers located in the United States.
How long we keep your information
We retain personal data during any period in which you have expressed an interest in our products and services, for as long as you have an account with us in order to meet our contractual obligations to you, and for six years after that to identify any issues and resolve any legal proceedings. We may also retain aggregate information beyond this time for research purposes and to help us develop and improve our services. You cannot be identified from aggregate information retained or used for these purposes.
EU Citizen Rights Under GDPR
You have the right under certain circumstances:
- to be provided with a copy of your personal data held by us.
- to request the rectification or erasure of your personal data held by us.
- to request that we restrict the processing of your personal data (while we verify or investigate your concerns with this information, for example).
- to object to the further processing of your personal data, including the right to object to marketing.
- to request that your provided personal data be moved to a third party.
- You may opt out at any time from allowing further access by us to your location data by emailing email@example.com.
- Your right to withdraw consent:
- Where the processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by going here.
You can also exercise the rights listed above at any time by contacting us at firstname.lastname@example.org. We will respond to your requests within a reasonable timeframe. Please note these rights may be limited in certain circumstances as provided by applicable law.
We would appreciate the opportunity to directly address any GDPR issues you may have. Please contact us at email@example.com. You do, however, have the right to approach your local data protection authority, (see http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html for data protection authorities in the EU).
Data processed on behalf of our Customers
If your personal data is processed by RevenueCat on behalf of one of our customers and you wish to discontinue such processing, or if you seek to correct, amend, or delete inaccurate data, please contact the RevenueCat customer (the data controller) directly. The RevenueCat customer should then provide instructions to us, if necessary. If requested to remove data by the data controller we will respond within a reasonable timeframe. We will retain personal information pursuant to our retention policy and will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Note to users outside the United States
RevenueCat is based in the United States. The Site and our products and services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your personal data may be stored and processed in any country where we have facilities or in which we engage service providers, and by using the Services you consent to the transfer of information to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal data.
Changes to this policy
633 Taraval St. Suite 101, San Francisco, CA, 94116