Privacy Policy

This Privacy Policy describes how OpeRev ("we", "us", or "our") collects, uses, and shares information when you use our website (operev.com), our application (app.operev.com), and related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account or use the Service, we may collect:

• Account information: email address, name, password (hashed), company name
• Billing information: billing address, payment method details (processed by Stripe; we do not store full card numbers)
• Workspace data: data you upload or create within your workspace, including contact records, company records, notes, tags, and custom fields
• Communications: messages you send to our support team, feedback submissions, and survey responses

1.2 Third-Party Lead Data (Important Disclosure)

OpeRev is a B2B revenue operations platform. Users may upload or enrich records containing personal information about third parties (such as sales prospects, leads, or business contacts), including names, email addresses, phone numbers, job titles, LinkedIn URLs, and company affiliations.

When you upload such data to OpeRev, you represent and warrant that you have the legal basis to process that data under applicable law. OpeRev acts as a data processor on your behalf for this data.

1.3 Information Collected Automatically

When you use the Service, we automatically collect:

• Usage data: pages visited, features used, time spent, clicks, and interaction patterns
• Device and log data: IP address, browser type and version, operating system, device identifiers, referring URLs, and timestamps
• Cookies and similar technologies: see our Cookie Policy for details

1.4 Information from Third-Party Services

If you connect OpeRev to third-party services (such as HubSpot, Salesforce, Apollo, or email providers), we may receive information from those services to provide the integration. We process this data according to your instructions and the permissions you grant through OAuth or API keys.

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service
• Process transactions and send related information including confirmations and invoices
• Send technical notices, updates, security alerts, and support messages
• Respond to your comments, questions, and customer service requests
• Monitor and analyze trends, usage, and activities in connection with the Service
• Detect, investigate, and prevent fraudulent transactions, abuse, and other illegal activities
• Personalize and improve your experience
• Carry out any other purpose described to you at the time the information was collected

3. Legal Basis for Processing

We process your personal information based on:

• Contract performance: to provide the Service you have subscribed to
• Legitimate interests: to operate and improve our business, ensure security, and prevent fraud
• Consent: where you have provided consent (e.g., for marketing communications)
• Legal obligations: where required to comply with applicable laws

4. How We Share Information

4.1 Service Providers

We use third-party service providers to help us operate, provide, and improve the Service. These providers have access to your information only to perform tasks on our behalf and are contractually obligated to protect it. Current service providers include:

• Hosting and infrastructure: Vercel, Supabase, Amazon Web Services
• Payments: Stripe
• Email delivery: Resend
• Analytics: Google Analytics, Vercel Analytics

4.2 Integration Partners

When you connect third-party services to OpeRev (such as HubSpot), we share the minimum necessary data to enable the integration, based on your instructions and granted permissions.

4.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 Business Transfers

If OpeRev is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your personal information.

4.5 With Your Consent

We may share information with third parties when you give us explicit consent to do so.

5. Data Retention

We retain personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account data: retained while your account is active, deleted within 90 days of account closure
• Workspace data: retained while your workspace is active; you may export or delete your data at any time
• Billing records: retained for seven (7) years to comply with financial and tax regulations
• Log and usage data: typically retained for 13 months

6. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you
• Correction: request correction of inaccurate or incomplete information
• Deletion: request deletion of your personal information
• Portability: request your data in a structured, machine-readable format
• Objection: object to certain processing activities
• Restriction: request restriction of processing
• Withdraw consent: where processing is based on consent

6.1 California Residents (CCPA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete personal information, the right to opt out of the sale of personal information (OpeRev does not sell personal information), and the right to non-discrimination for exercising your rights. To exercise any of these rights, contact us at privacy@operev.com.

7. Data Security

We implement technical and organizational measures designed to protect your personal information. These include encryption in transit (TLS 1.2+) and at rest (AES-256), access controls, regular security reviews, limited access on a need-to-know basis, and row-level security enforcement at the database layer. For more details, see our Security page.

8. Data Breaches

In the event of a data breach that affects your personal information, we will notify you and relevant authorities in accordance with applicable law.

9. International Data Transfers

OpeRev operates primarily from the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. We take appropriate safeguards to ensure that your information receives adequate protection regardless of where it is processed.

10. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 30 days before the changes take effect. The "Last updated" date at the top of this policy indicates when it was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

• Email: privacy@operev.com
• Website: operev.com

14. Data Protection Officer

For inquiries related to data protection, contact our Data Protection Officer at privacy@operev.com.