Privacy Policy

Revalink, Inc. ("Revalink," "we," "us," or "our") operates Revalink AJ, an AI-powered lead nurturing platform for real estate professionals. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website at revalink.ai, our customer dashboard, and related services (collectively, the "Service").

This policy applies to business customers who subscribe to Revalink AJ and to the lead contact data those customers import or sync into the Service. By using the Service, you acknowledge that you have read this Privacy Policy.

We collect the following categories of information:

Account and profile data. When you register, we collect your name, business email address, password (stored in hashed form via our authentication provider), company or brokerage name, and account preferences such as your voice profile settings.

Payment data. Subscription billing is processed by Stripe. We store your Stripe customer ID and subscription status. We do not store full credit card numbers, CVV codes, or other raw payment card data on our servers.

CRM and lead data. When you connect Follow Up Boss (FUB) or otherwise sync leads, we receive lead records including names, phone numbers, email addresses, pipeline stage, tags, notes, and related CRM metadata necessary to operate AJ on your behalf.

AI-generated message content. We store draft and sent SMS messages generated by our AI systems, including message text, approval status, delivery timestamps, and associated lead identifiers.

Usage and log data. We automatically collect technical logs such as IP address, browser type, device information, pages viewed, dashboard actions, API request metadata, error reports, and security audit events.

Cookies and similar technologies. We use essential cookies and local storage to maintain your session and remember dashboard preferences. A separate cookie consent experience may be introduced before launch.

We use collected information to:

• Provide, operate, and maintain the Service, including AI lead outreach on your behalf;
• Sync and update lead data from Follow Up Boss and reflect changes in your dashboard;
• Generate, queue, and deliver SMS messages subject to your approval settings;
• Process subscription payments and manage billing through Stripe;
• Communicate with you about your account, security alerts, product updates, and support requests;
• Monitor performance, troubleshoot errors, prevent fraud, and enforce our Terms of Service;
• Improve product features, model quality, and reliability through aggregated analytics.

We do not use your lead data to train public-facing AI models for unrelated third parties. Processing for product improvement is limited to operating and securing the Service for paying customers.

We share information only as needed to operate the Service. We do not sell personal information and we do not share data with advertising networks.

Service providers and subprocessors that may process data on our behalf include:

• Supabase / PostgreSQL — database hosting, authentication, and encrypted storage;
• Twilio — SMS delivery and phone number provisioning;
• Stripe — payment processing and customer billing portal;
• Anthropic (Claude) — AI message generation;
• Portkey — LLM routing, observability, and guardrails;
• Follow Up Boss — CRM sync via API;
• Inngest — background job orchestration;
• Vercel — application hosting and edge delivery.

We may also disclose information if required by law, to protect rights and safety, or in connection with a merger, acquisition, or sale of assets — subject to appropriate confidentiality protections.

Revalink AJ uses artificial intelligence to draft personalized SMS messages for your leads. Messages are generated using large language models, primarily Claude via Anthropic, routed through our LLM infrastructure with content safety checks.

Human-in-the-loop approval. By default, outbound messages require your review and approval in the dashboard before they are sent. You may enable auto-approve settings at your discretion; you remain responsible for messages sent under your account.

Voice profile. We use your voice profile — tone, phrasing preferences, and business context you provide — to personalize generated content. This data is associated with your customer account and is not published publicly.

Lead processing. Lead names, phone numbers, CRM context, and message history may be transmitted to AI systems solely to generate relevant outreach for your account. Automated decisions do not produce legal or similarly significant effects without your oversight of the approval workflow.

AJ sends SMS messages to leads on your behalf using Twilio-provided phone numbers assigned to your account. SMS is a regulated channel under the Telephone Consumer Protection Act (TCPA) and related rules.

Your consent obligations. You represent that you have obtained valid, documented consent — or another lawful basis — before AJ contacts any lead via SMS. Revalink provides technology; you are responsible for maintaining consent records for your leads.

Opt-out handling. Recipients may reply with standard opt-out keywords such as STOP, UNSUBSCRIBE, CANCEL, END, or QUIT. We process opt-out requests and suppress future outbound messages to those numbers for your account, consistent with carrier and regulatory requirements.

Message frequency varies based on your nurture settings and lead activity. Standard message and data rates may apply to recipients.

Mobile information sharing. No mobile information (including phone numbers and SMS opt-in data) will be shared with third parties or affiliates for marketing or promotional purposes. Mobile information is shared only with service providers listed in the Data Sharing section, solely to operate messaging and the Service on your behalf.

End-user privacy. If you are a consumer who received an SMS from a real estate professional using Revalink AJ, your agent is responsible for obtaining your consent. For program terms, message frequency, and opt-out instructions, see our SMS Messaging Program section in the Terms of Service.

Customer account data is retained for the duration of your active subscription and for up to ninety (90) days after termination, unless a longer period is required by law or you request earlier deletion subject to legal exceptions.

Lead and CRM data is retained while your subscription is active and according to sync settings you control. Upon account closure, lead data is deleted or anonymized within the post-termination window unless backup retention is required for disaster recovery.

Message content (draft and sent SMS) is retained for operational, compliance, and dispute-resolution purposes during your subscription and the post-termination period described above.

Audit and security logs are retained for twelve (12) months to support security investigations, billing disputes, and regulatory inquiries.

We implement administrative, technical, and organizational measures designed to protect your information, including:

• Encryption in transit using TLS for all web and API communications;
• Encryption at rest for database storage provided by Supabase/PostgreSQL;
• Row-level security (RLS) and customer-scoped data isolation in our database layer;
• Role-based access controls and separation between customer-facing and service-role credentials;
• Audit logging of sensitive actions before side effects occur;
• Periodic security reviews and dependency monitoring.

No method of transmission or storage is completely secure. If you believe your account has been compromised, contact us immediately at privacy@revalink.ai.

Depending on your jurisdiction, you may have rights to access, correct, delete, or export personal information we hold about you or your account.

To submit a privacy request, email privacy@revalink.ai. We will verify your identity before fulfilling requests. We aim to respond within thirty (30) days.

Billing data. Payment methods and invoices can be managed through the Stripe Customer Portal linked from your dashboard.

California residents (CCPA/CPRA).California consumers may have additional rights including the right to know, delete, and opt out of certain sharing. We do not sell personal information. To exercise California privacy rights, contact privacy@revalink.ai with "California Privacy Request" in the subject line.

The Service is designed for business use by adults aged eighteen (18) and older. We do not knowingly collect personal information from children under eighteen. If you believe we have inadvertently collected information from a minor, contact privacy@revalink.ai and we will take steps to delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will notify account holders by email to the address on file and update the "Last updated" date at the top of this page.

Continued use of the Service after the effective date of an updated policy constitutes acceptance of the revised terms, except where applicable law requires explicit consent.

For privacy-related questions or requests, contact us at:

Email: privacy@revalink.ai

Mailing address:
Revalink, Inc.
[Street Address — pending]
Tampa, FL [ZIP — pending]
United States