revtrace

Privacy Policy

Last updated: March 15, 2026

1. Introduction

RevTrace is operated by Formulytic (“we,” “us,” or “our”). RevTrace is a cloud-based HubSpot audit platform for B2B SaaS revenue teams. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service at revtrace.ai and app.revtrace.ai.

2. Information We Collect

Account Information

  • Name, email address, and password (stored as a one-way hash)
  • Profile avatar (optional, stored as an image upload)
  • For Google SSO users: name and email provided by Google (no password stored)

HubSpot Connection Data

  • OAuth access and refresh tokens for your HubSpot portal
  • Portal ID and hub domain

Audit Data

  • Structured audit findings only: severity, category, title, description, affected count, and recommended action
  • We never store raw HubSpot records (contacts, deals, companies, or any other CRM objects)

Organization Data

  • Organization name and team member roles (admin, edit, view)

Billing Information

  • Payment processing is handled entirely by Stripe
  • We store your Stripe customer ID and subscription status — we never store credit card numbers or payment card details

Usage Data

  • Audit run counts and feature usage for billing and service improvement

Cookies

  • Session cookie for authentication
  • Organization and portal preference cookies
  • Theme preference (light/dark/system)
  • Google Analytics cookies (_ga, _ga_*) for usage analytics

3. How We Use Your Information

  • Operate and provide the service — run audits, generate findings, display results
  • Process billing and manage subscriptions
  • Send transactional emails (audit completion notifications, team invitations, password resets)
  • Improve the service based on aggregated usage patterns

4. HubSpot Data Handling (GDPR-by-Design)

RevTrace is built with a strict GDPR-by-design approach to handling your HubSpot data:

  • All HubSpot data is processed in memory at runtime only during an audit
  • No contacts, deals, companies, tickets, or other CRM records are ever written to our database
  • Only aggregated, anonymized findings are stored (e.g., “12 deals missing close dates” — not the deals themselves)
  • We use read-only API access to your HubSpot portal
  • You can disconnect your portal at any time, which immediately clears all stored OAuth tokens

5. Data Sharing & Third Parties

We do not sell your data to third parties. We do not use your data for advertising. We share data only with the following service providers, solely to operate RevTrace:

  • Stripe — payment processing
  • Resend — transactional email delivery
  • Vercel — application hosting and analytics
  • Neon — database hosting
  • Google — SSO authentication (if you choose to sign in with Google) and analytics (GA4)
  • HubSpot — API access to your own portal (initiated by you)

6. Data Retention

  • Account data is retained while your account is active
  • Audit findings are retained for historical comparison and trend tracking — you can request deletion at any time
  • When you disconnect a HubSpot portal, OAuth tokens are immediately cleared
  • Account deletion is available upon request

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your personal data
  • Portability — request your data in a portable format
  • Restriction — request that we limit processing of your data
  • Objection — object to processing of your data

To exercise any of these rights, contact us at privacy@revtrace.ai.

8. Security

  • All connections are encrypted via HTTPS/TLS
  • OAuth tokens are stored server-side in an encrypted database
  • Passwords are hashed using industry-standard algorithms — never stored in plaintext
  • We follow security best practices for application development and infrastructure

9. Cookies & Analytics

We use the following categories of cookies:

  • Essential — authentication session, active organization/portal preferences, theme preference. These are required for the service to function.
  • Analytics — Google Analytics (GA4) sets cookies (_ga, _ga_*) to help us understand how visitors use RevTrace. Vercel Analytics collects anonymized performance data. You can opt out of Google Analytics by using a browser extension or disabling cookies.

10. Age Requirement

RevTrace is a business-to-business service intended for users aged 18 and older. We do not knowingly collect data from anyone under 18.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on our website. Your continued use of RevTrace after any changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or data requests, contact us at privacy@revtrace.ai.

Start Free Audit