Legal
Privacy Notice
Last updated: May 2, 2026
Who we are
RevFlex Call Coach is operated by RevFlex LLC. We act as the data controller for the personal data described here. Contact us via the email address listed on our site for any privacy-related request.
What we collect & why
| Category | Examples | Purpose | Legal basis |
|---|---|---|---|
| Account data | Email, display name, password hash, OAuth profile | Create and secure your account | Contract |
| Usage data | Calls run, scenarios picked, scoring results | Provide the service, generate your scorecard | Contract |
| Call transcripts | Text you submit during a practice call | Run the AI prospect simulation and grade the call | Contract |
| Technical data | IP address, device, browser, log timestamps | Security, fraud prevention, debugging | Legitimate interests |
| Billing metadata | Subscription status, plan, renewal date | Manage your subscription and access | Contract |
Payment card details are collected and processed directly by our Merchant of Record, Paddle. We never see or store your card.
Who we share data with
- Paddle — our Merchant of Record for sale of the product, subscription management, payments, tax compliance, and invoicing.
- Hosting & database (Lovable Cloud / Supabase) — stores your account, calls, and scoring data.
- AI providers (Google, OpenAI, etc.) — process call transcripts to generate prospect responses and scoring. Do not send confidential customer or personal data into the simulator.
- Authorities — where required by law.
International transfers
Where data is transferred outside the UK/EEA, we rely on appropriate safeguards (Standard Contractual Clauses or adequacy decisions) with our processors.
How long we keep it
Account and billing data: while your account is active and for up to 6 years after closure (tax/audit). Call transcripts and scores: up to 24 months, then deleted or anonymized. Logs: up to 90 days.
Your rights
Subject to local law, you can ask us to access, correct, delete, restrict, or port your data, or object to processing. You can withdraw consent at any time. Email us to exercise any right; we'll respond within one month. You can also complain to your local data protection authority.
Security
We use industry-standard measures: encryption in transit (TLS) and at rest, row-level security on the database, scoped access to production systems, and regular reviews. No system is 100% secure — please use a strong, unique password and report suspected issues immediately.
Cookies
We use only essential cookies needed to keep you signed in and remember your session. We don't use marketing or third-party analytics cookies at this time. If that changes, we'll update this notice and ask for consent where required.
Changes
We'll post material changes here. If changes are significant we'll notify you by email.