Privacy Policy
Last updated: February 23, 2026
1. Introduction
Revcaster (“we”, “us”, “our”) operates the sales forecasting service available at revcaster.co and related subdomains. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have as a data subject under the General Data Protection Regulation (GDPR) and other applicable privacy laws.
By using our service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue using the service.
2. Data We Collect
Account Data
When you register, we collect your email address and full name. This information is used to identify your account and deliver service notifications.
Usage Data
We record forecast jobs you create, the subscription plan you hold, timestamps of key actions, and aggregate usage metrics (e.g., number of forecasts per day). This data is necessary to enforce plan quotas and improve the service.
Technical Data
For security and fraud prevention, our servers record IP addresses and browser user-agent strings at the time of login and API requests. These logs are retained for 12 months and then automatically purged.
Payment Data
All payment processing is handled by Stripe. We never see, store, or process your card number, CVV, or banking details. We only receive a Stripe customer ID and subscription status from Stripe after a successful transaction.
Analytics Data (optional)
If you consent to analytics cookies, PostHog collects anonymized usage patterns such as which features you use, how often, and where you encounter errors. This data is associated with a random identifier, never your email address. You can withdraw consent at any time via our Cookie Preference Center.
3. Data We Do NOT Collect
- We do not sell your personal data to any third party.
- We do not share your data with advertisers.
- Your CSV files are automatically deleted after 24 hours. We do not store the content of your CSV files in our database — only the forecast results (aggregated statistics) are retained.
- We do not build advertising profiles about you.
- We do not use your data to train AI models.
4. How We Use Your Data
- Service delivery: To authenticate you, run forecasting jobs, and return results.
- Transactional emails: Password reset, plan upgrade confirmations, quota warnings, and weekly report emails (if enabled).
- Product improvement: Aggregated and anonymized analytics (only with your consent) help us prioritize features and fix bugs.
- Legal compliance: We retain certain logs to comply with applicable laws and to resolve disputes.
- Security: IP logs and audit trails help us detect and prevent unauthorized access, brute force attacks, and abuse.
5. Data Retention
| Data type | Retention period |
|---|---|
| CSV files | 24 hours (auto-deleted) |
| Forecast results (JSON) | While account is active |
| Account data (email, name) | Until deletion requested |
| Audit logs & security logs | 12 months |
| PostHog analytics | 1 year (if consented) |
| Stripe payment records | 7 years (legal obligation) |
6. Your Rights (GDPR Articles 15–22)
As a data subject under GDPR, you have the following rights. To exercise any of them, contact us at privacy@revcaster.co.
- Right to access (Art. 15)Request a copy of the personal data we hold about you.
- Right to deletion (Art. 17)Request permanent deletion of your account and all associated data. Use our data deletion form or email us.
- Right to portability (Art. 20)Request your data in a machine-readable format (JSON/CSV). Email us and we will send it within 30 days.
- Right to rectification (Art. 16)Correct inaccurate data via your Account Settings page.
- Right to object (Art. 21)Opt out of analytics by changing your Cookie Preferences at any time.
- Right to restrict processing (Art. 18)Request that we limit how we process your data while a complaint is being investigated.
You also have the right to lodge a complaint with your national data protection authority if you believe your rights have been violated.
7. Cookies
We use the following cookie categories:
- Necessary cookies: Required for authentication (JWT token) and CSRF protection. These cannot be disabled.
- Analytics cookies (optional): PostHog collects anonymized usage data if you give consent. You can withdraw consent at any time via the Cookie Preference Center.
8. Third-Party Services
| Service | Purpose | Privacy |
|---|---|---|
| Stripe | Payment processing | stripe.com/privacy |
| Supabase | Database & file storage | supabase.com/privacy |
| PostHog | Analytics (if consented) | posthog.com/privacy |
| Resend | Transactional email | resend.com/legal/privacy-policy |
| Sentry | Error monitoring | sentry.io/privacy |
9. Data Security
- All data is transmitted over HTTPS/TLS 1.2+.
- Passwords are stored as BCrypt hashes — never in plain text.
- JWT authentication tokens expire after 15 minutes.
- CSV files are stored in private, access-controlled cloud storage.
- OAuth tokens (e.g., Google Sheets) are stored AES-256-GCM encrypted at rest.
- Brute force protection limits failed login attempts.
10. Contact
Data Controller: Revcaster
Privacy email: privacy@revcaster.co
Data deletion: Submit a deletion request
Last updated: February 23, 2026