REVVE TECHNOLOGIES, INC.

PRIVACY POLICY

Effective Date: March 2026

At Revve Technologies, Inc. ("Revve," "we," "us," or "our"), we are committed to protecting the privacy and security of the personal information entrusted to us. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website at https://www.revve.ai (the "Site") or use our AI-powered voice communication and conversational intelligence platform (the "Services").

This Privacy Policy applies to all visitors, users, and customers of our Site and Services. If you are a business customer using our platform under a services agreement, the terms of your agreement (including any Data Processing Agreement, or "DPA") will govern our processing of data you submit through the Services to the extent they conflict with this Privacy Policy. The DPA is incorporated herein by reference and controls with respect to data processing matters.

By accessing the Site or using the Services, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

1.1 Information You Provide to Us

Account Information: When you register for the Services, we collect your name, business name, email address, phone number, job title, and billing information.
Customer Data: Data you submit, upload, or transmit through the Services, including lead information, contact records, call scripts, workflow configurations, and other business data.
Communications: When you contact us for support, provide feedback, or correspond with us, we collect the content of those communications.
Order Form and Billing Data: Information necessary to process payments and manage your account, including billing address and purchase history. Payment card details are processed by our third-party payment processor and are not stored on our systems.

1.2 Information Generated Through the Services

Voice Recordings: The Services may record voice communications between AI agents and call recipients. Voice recordings are processed to generate transcripts and analytics.
AI-Generated Output: The Services generate transcripts, conversation summaries, lead scoring, analytics, insights, and recommended actions from Customer Data ("Output Data").
Usage Data: We collect information about how you interact with the Services, including features used, actions taken, timestamps, and performance metrics.

1.3 Information Collected Automatically

When you visit our Site, we automatically collect certain information through cookies, pixels, and similar tracking technologies:

Device and Browser Information: IP address, browser type and version, operating system, device type, and screen resolution.
Usage Information: Pages visited, time spent on pages, referring URLs, click patterns, and navigation paths.
Analytics Data: We use Google Analytics (GA4) and PostHog to collect aggregated usage statistics about Site visitors, including page views, session duration, and user flows.
Marketing Pixels: We use marketing pixels (such as Meta Pixel and LinkedIn Insight Tag) to measure advertising effectiveness and deliver relevant ads. These tools may collect information about your activity on our Site and across other websites.

1.4 Information from Third-Party Sources

We may receive information from third-party sources to supplement the information we collect, including business contact information from data enrichment services and publicly available business information.

2. How We Use Information

We use the information we collect for the following purposes:

Providing the Services: To deliver, maintain, and improve our AI-powered voice communication, conversational intelligence, and workflow automation platform.
Processing Customer Data: To process Customer Data solely as necessary to provide the Services on your behalf, in accordance with your instructions and our Data Processing Agreement.
Account Management: To create and manage your account, process payments, and communicate with you about your account and the Services.
Support and Communication: To respond to your inquiries, provide technical support, and send service-related notices.
Analytics and Improvement: To analyze usage patterns, diagnose technical issues, and improve the functionality and performance of the Site and Services.
Marketing: To send you marketing communications about our products, features, and events (where you have consented or where we have a legitimate interest to do so). You may opt out of marketing communications at any time.
Security and Fraud Prevention: To detect, investigate, and prevent security incidents, fraud, and abuse of the Services.
Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.

Data Ownership: As between Revve and our customers, customers retain all rights to their Customer Data and own all Output Data generated by the Services. Revve retains all rights to the platform, software, and underlying technology.

We do not use Customer Data or Output Data to train, fine-tune, or improve general-purpose artificial intelligence or machine learning models. Any use of data for service improvement is limited to aggregated, anonymized, and de-identified data that cannot identify you, your organization, or any individual.

3. How We Share Information

We do not sell your personal information. We share information only in the following circumstances:

3.1 Sub-Processors and Service Providers

We engage trusted sub-processors and service providers to assist in delivering the Services. These providers are contractually bound to use data only for the purposes of providing services to Revve, subject to confidentiality obligations and data protection commitments. Our sub-processors are disclosed in Schedule A of our Data Processing Agreement, which is available upon request. Key categories include:

AI Model Providers: We use AI services from providers such as OpenAI, Anthropic, and Cohere (via AWS/Amazon Bedrock) to power conversational intelligence features. These providers process data solely via API to generate responses and do not use Customer Data for model training.
Cloud Infrastructure: We use cloud infrastructure providers to host and process data within the United States.
Telephony and Communication: We use telephony providers to facilitate voice communications through the Services.
Observability and Monitoring: We use monitoring tools such as LangSmith for platform performance and quality assurance.

3.2 Third-Party Integrations

When you choose to connect third-party platforms to the Services (e.g., CRM systems, scheduling tools), data may be shared with those platforms at your direction and in accordance with the scope of the integration. These customer-directed integrations are distinct from our sub-processors and are governed by Schedule B of our Data Processing Agreement. Your use of third-party integrations is governed by those platforms' own privacy policies and terms of service. We are not responsible for the privacy practices of third-party platforms.

3.3 Legal Requirements

We may disclose information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a lawful request.

3.4 Business Transfers

In connection with a merger, acquisition, bankruptcy, reorganization, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change and the choices you may have regarding your information.

3.5 With Your Consent

We may share information with third parties when you have given us explicit consent to do so.

4. Cookies and Tracking Technologies

4.1 Types of Cookies We Use

Essential Cookies: Required for the Site and Services to function properly, including session management and authentication. These cannot be disabled.
Analytics Cookies: Used by Google Analytics (GA4) and PostHog to collect aggregated information about how visitors use our Site, including pages visited, session duration, and user flows. This helps us improve the Site experience.
Marketing Cookies: Used by marketing pixels (Meta Pixel, LinkedIn Insight Tag, and similar tools) to measure advertising effectiveness, track conversions, and deliver relevant advertisements across platforms.

4.2 Your Cookie Choices

You can manage your cookie preferences through the cookie consent banner displayed when you first visit our Site. You may also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of the Site.

For opt-out of specific analytics and advertising services:

Google Analytics: https://tools.google.com/dlpage/gaoptout
Meta Pixel: Manage through your Facebook Ad Settings
LinkedIn: Manage through your LinkedIn Ad Settings

5. Data Retention and Deletion

5.1 Active Accounts

We retain Customer Data and account information for as long as your account is active and as needed to provide the Services.

5.2 Account Closure

Upon account closure or termination of Services, we will make Customer Data available for export for thirty (30) days upon written request. Following the export period, we will delete or anonymize Customer Data within thirty (30) days, unless retention is required by law or regulation.

5.3 Voice Recordings and Transcripts

Voice recordings and AI-generated transcripts are retained in accordance with the retention periods specified in your services agreement and Data Processing Agreement. Default retention is aligned with your Subscription Term unless a shorter period is specified.

5.4 Site Data

Automatically collected Site data (analytics, cookies, logs) is retained for no longer than twenty-four (24) months.

5.5 Deletion Requests

You may request deletion of your personal information at any time by contacting us at [email protected]. We will process deletion requests within thirty (30) days, subject to any legal or regulatory retention requirements.

6. Data Security

We implement administrative, technical, and organizational security measures designed to protect personal information against unauthorized access, disclosure, alteration, or destruction. These measures include:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256 or equivalent);
Role-based access controls and multi-factor authentication for administrative access;
Regular security assessments, vulnerability scanning, and penetration testing;
Incident detection, monitoring, and logging;
Employee security awareness training and background checks for personnel with access to personal data; and
Vendor security assessments for all sub-processors.

While we strive to protect your information using commercially reasonable measures, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

6.1 Data Breach Notification

In the event of a security breach affecting personal data, we will notify affected customers without undue delay, and in no event later than seventy-two (72) hours after becoming aware of the breach. We will provide sufficient information to enable affected parties to comply with their own notification obligations. For EU/EEA data subjects, we will notify the relevant supervisory authority within seventy-two (72) hours as required under GDPR. We will also notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

7. Data Location

All Customer Data is processed and stored within the United States. If you are accessing the Services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using the Services, you consent to this transfer. For data subjects in the EU/EEA or United Kingdom, please see Section 9 for information about international data transfer safeguards.

8. Your Privacy Rights — United States

8.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share the information.
Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.
Right to Correct: You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Opt-Out of Sale or Sharing: We do not sell your personal information. We do not "share" your personal information for cross-context behavioral advertising purposes as defined under the CPRA, except through the use of marketing cookies described in Section 4, which you may opt out of through the cookie consent banner or by contacting us.
Right to Limit Use of Sensitive Personal Information: To the extent we process sensitive personal information, we use it only for purposes permitted under the CPRA.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

Exercising Your Rights: To submit a request, contact us at [email protected]. We will verify your identity before processing your request and respond within forty-five (45) days.

CCPA Service Provider Designation: When we process personal information on behalf of our business customers, we act as a "Service Provider" under the CCPA/CPRA. We do not sell or share Customer Data and process it only as directed by our customers.

8.2 Other U.S. State Privacy Laws

Residents of states with comprehensive privacy legislation (including Virginia, Colorado, Connecticut, Utah, and others) may have similar rights to access, delete, correct, and opt out. To exercise your rights under applicable state privacy laws, contact us at [email protected].

9. Your Privacy Rights — International

9.1 EU/EEA and United Kingdom (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data in accordance with the General Data Protection Regulation (GDPR) and the UK GDPR, respectively.

Lawful Bases for Processing:

Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
Legal Obligation: Where processing is necessary for us to comply with applicable law.
Legitimate Interests: Where processing is necessary for our legitimate interests (such as improving our Services, preventing fraud, and marketing), provided those interests are not overridden by your rights and freedoms.

Your Rights Under GDPR:

Right of access to your personal data;
Right to rectification of inaccurate personal data;
Right to erasure ("right to be forgotten");
Right to restriction of processing;
Right to data portability;
Right to object to processing based on legitimate interests or direct marketing;
Right to withdraw consent at any time; and
Right to lodge a complaint with a supervisory authority.

International Data Transfers: When we transfer personal data from the EEA or UK to the United States, we rely on appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission and/or the UK Information Commissioner's Office. You may request a copy of the applicable transfer mechanisms by contacting us at [email protected].

Data Protection Impact Assessments: We conduct Data Protection Impact Assessments (DPIAs) where our data processing is likely to result in a high risk to the rights and freedoms of individuals, as required by GDPR Article 35.

Record of Processing Activities: We maintain a Record of Processing Activities (ROPA) as required by GDPR Article 30.

9.2 Other Jurisdictions

If you are located in a jurisdiction with applicable data protection laws, we will process your personal data in accordance with those laws. Contact us at [email protected] for information about your specific rights.

10. Voice Communications and AI Disclosures

10.1 Voice Recording

The Services may involve the recording of voice communications between AI agents and call recipients. Voice recordings are used to generate transcripts, provide conversational analytics, and improve the quality of interactions. Customer is responsible for obtaining all required consents from call participants prior to recording, in accordance with applicable state and federal recording consent laws.

10.2 AI-Generated Communications

The Services utilize artificial intelligence to generate voice communications, including AI-generated calls and pre-recorded voice messages. Recipients of such communications may be interacting with an AI system. Customer is responsible for making appropriate disclosures to call recipients as required by applicable law.

10.3 TCPA Compliance

Use of the Services for AI-generated voice calls and pre-recorded messages is subject to the Telephone Consumer Protection Act (TCPA) and applicable state telemarketing laws. TCPA compliance is a shared responsibility between Revve and our customers: Revve maintains calling infrastructure that supports compliance with do-not-call requirements, calling time restrictions, and opt-out mechanisms, while customers are responsible for obtaining prior express written consent from call recipients as required by 47 CFR § 64.1200(a)(2). Additional details regarding TCPA compliance responsibilities are set forth in our Terms of Service (Section 5).

10.4 Biometric Data

We do not use voice recordings to create biometric identifiers or biometric information as defined under the Illinois Biometric Information Privacy Act (BIPA) or similar state biometric privacy laws. Voice recordings are not used for voice print identification, speaker recognition, or any biometric matching purpose.

10.5 No Model Training

We do not use Customer voice recordings, transcripts, or other Customer Data to train, fine-tune, or improve general-purpose AI or machine learning models. AI sub-processors engaged by Revve are contractually prohibited from using Customer Data for model training purposes.

11. Children's Privacy

The Services are designed for business use and are not directed at individuals under the age of sixteen (16). We do not knowingly collect personal information from children under 16 (or under 13, as applicable under COPPA). If we become aware that we have collected personal information from a child, we will promptly delete it. If you believe a child has provided us with personal information, please contact us at [email protected].

12. Third-Party Links and Services

The Site and Services may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make material changes, we will notify you by email or by posting a prominent notice on our Site at least thirty (30) days before the changes take effect. The "Effective Date" at the top of this Privacy Policy indicates when it was last updated.

Your continued use of the Site or Services after the effective date of any updated Privacy Policy constitutes your acceptance of the changes.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Revve Technologies, Inc. Email: [email protected]

For EU/EEA data subjects, if you are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

By using our Site and Services, you acknowledge that you have read and understood this Privacy Policy.