Privacy Policy

Last updated: March 11, 2026

1. What RevDrop Does

RevDrop analyzes publicly available information from websites. When you submit a URL, we fetch data that is already visible to anyone with a web browser: HTTP response headers, public HTML source code, publicly accessible files (robots.txt, sitemap.xml, security.txt, manifest.json), and public DNS records. We do not access private data, bypass authentication, or use credentials of any kind.

2. Information We Collect

Account data: When you create an account, we collect your email address and a password (hashed, never stored in plain text). We use Supabase Auth for authentication.

Scan data: URLs you submit, the extraction results, AI-generated reports, and AI-generated ideas. These are stored in our database and associated with your account.

Usage data: Basic analytics such as page views and feature usage. We do not use third-party tracking scripts on our website.

Payment data: If you subscribe to a paid plan, payment is processed by Stripe. We do not store your credit card number. Stripe's privacy policy applies to payment processing.

3. How We Use Your Data

• To provide the scanning and analysis service you requested
• To generate AI-powered reports and business ideas from scan results
• To enforce usage limits based on your plan
• To send transactional emails (account confirmation, password reset, billing receipts)
• To improve the service based on aggregate, anonymized usage patterns

We do not sell your data. We do not share your data with third parties for advertising purposes.

4. Data Storage and Security

Your data is stored on Supabase (hosted on AWS infrastructure) with row-level security policies. API traffic is routed through Cloudflare. All connections use TLS encryption. We apply the principle of least privilege to all internal access.

5. Data Retention

• Free plan: Scan history retained for 7 days, then automatically deleted.
• Pro plan: Scan history retained for 90 days.
• Team plan: Scan history retained indefinitely while subscription is active.

If you delete your account, all associated data (scans, ideas, comparisons) is permanently deleted within 30 days.

6. Third-Party Services

• Supabase — Authentication and database hosting
• Cloudflare — CDN, DDoS protection, and API hosting
• Stripe — Payment processing
• Anthropic (Claude API) — AI report and idea generation. Scan data is sent to Anthropic's API for analysis. Anthropic does not use API inputs for training. See Anthropic's privacy policy.

7. Your Rights

Regardless of where you are located, you have the right to:

• Access your data — request a copy of all data we hold about you
• Correct inaccurate data
• Delete your account and all associated data
• Export your scan reports in JSON format
• Withdraw consent at any time by closing your account

To exercise any of these rights, email privacy@revdrop.net. We respond within 30 days.

8. GDPR (European Users)

If you are in the European Economic Area, we process your data under the legal basis of contract performance (providing the service you signed up for) and legitimate interest (improving the service). You may lodge a complaint with your local data protection authority.

9. CCPA (California Users)

We do not sell personal information. California residents may request disclosure of data collected and request deletion. Contact privacy@revdrop.net.

10. Cookies

We use only essential cookies for authentication (session tokens). We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

11. Children

RevDrop is not directed at anyone under 16. We do not knowingly collect data from children. If we become aware of such data, we delete it immediately.

12. Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website. The "Last updated" date at the top reflects the most recent revision.

13. Contact

For questions about this privacy policy or your data, contact us at privacy@revdrop.net.