Privacy Policy

RevFactor (“RevFactor,” “we,” “us,” or “our”) operates RevFactor CFO, a financial analytics and reporting platform for short-term rental (“STR”) operators. This Privacy Policy explains what information we collect, how we use and protect it, the third parties that help us deliver the service, and the rights you have over your data.

By creating an account or connecting a data source, you agree to the practices described here. If you do not agree, please do not use the service.

1. Information We Collect

Account & profile information

When you sign up we collect your email address, and optionally your name, company name, and phone number. Authentication is handled by our identity provider (Supabase Auth), including email/password and Google sign-in.

Property & financial data

We collect and store the data you provide or connect, which may include:

• Property details (addresses, unit configuration, ownership, mortgage and operating cost assumptions).
• Reservation, occupancy, revenue, payout, and fee data imported from your property management system (“PMS”) and channel managers.
• Pricing and market data synced from revenue-management tools such as PriceLabs.
• If you choose to connect a bank account, transaction history and balance information retrieved on your behalf, used to reconcile property financials. Connecting bank data is optional.
• Chat messages, prompts, and questions you submit to the AI CFO assistant.

Credentials & access tokens

To connect third-party services we store the credentials or OAuth access/refresh tokens you authorize (for example, PMS API keys and PriceLabs API keys). These are sensitive secrets and are protected as described in “How We Secure Your Data” below.

Usage & technical data

We collect standard technical information such as IP address, browser type, device information, and log/diagnostic data necessary to operate, secure, and improve the service.

2. How We Use Your Information

• To provide the core service: importing, aggregating, and analyzing your property financials.
• To generate reports, dashboards, KPIs, forecasts, and AI-assisted insights.
• To authenticate you, maintain your account, and provide support.
• To secure the platform, detect abuse, and meet legal obligations.
• To communicate service updates and, where you have opted in, notifications and digests.

We do not sell your personal information, and we do not use your financial data to train third-party foundation models.

3. AI Features

The AI CFO uses a third-party large language model provider (Anthropic) to generate responses. When you use AI features, the relevant context (such as the questions you ask and the financial figures needed to answer them) is sent to the AI provider to produce a response. We use the provider under a commercial agreement and do not permit your content to be used to train their models. Do not enter information into the AI assistant that you do not want processed in this way.

4. Third-Party Processors

We share data with the following categories of service providers (“sub-processors”) strictly to operate the service:

• Supabase — managed Postgres database, authentication, and hosting of stored application data.
• Property management systems (e.g., your connected PMS provider) — source of reservation, payout, and occupancy data, accessed via their APIs with your authorization.
• PriceLabs — revenue-management and pricing data synced via API.
• Anthropic — AI model provider that powers the AI CFO assistant.
• Banking / financial data providers — where you choose to connect a bank account, the aggregation provider that retrieves transactions on your behalf.
• Infrastructure & hosting providers — for application hosting, logging, and email delivery.

Each processor only receives the data necessary to perform its function and is bound by contractual confidentiality and security obligations.

5. How We Secure Your Data

• Encryption in transit: all traffic to and from the platform is encrypted using TLS.
• Encryption at rest: data stored in our database, including financial data and connection credentials, is encrypted at rest by our infrastructure providers.
• Access controls: data is scoped to your account. Application access requires authentication, and each record is associated with the owning user. Internal administrative access is restricted to authorized personnel on a need-to-know basis.
• Secrets handling: API keys and access tokens are stored as protected secrets and are never exposed to other customers or displayed back in full.

No system is perfectly secure, but we work to apply industry-standard safeguards appropriate to the sensitivity of financial data.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. When you delete your account (see Section 7), all application data associated with your user — including properties, PMS and PriceLabs connections, bank account connections, financial records, and AI chat history — is permanently deleted from our database. We may retain limited records where required for legal, accounting, or fraud-prevention purposes, and backups are purged on a rolling basis.

7. Your Rights: Export & Deletion

You have the right to access, export, and delete your data. You can permanently delete your account and all associated application data at any time from Settings → Delete account, which requires a typed confirmation. This action is immediate and irreversible.

Depending on your jurisdiction, you may have additional rights (such as access, correction, portability, or objection). To exercise any of these rights, or to request a data export, contact us at the address below.

8. International Users

Your data may be processed in the United States and other countries where we or our sub-processors operate. By using the service you consent to such transfers, subject to appropriate safeguards.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the service or by email. Continued use after an update constitutes acceptance of the revised policy.

10. Contact Us

Questions about this policy or your data? Email us at privacy@revfactor.io.