Privacy Policy

Effective Date: May 15, 2025

1. Introduction

Welcome to Revenuity ("Site"), a service provided by Spontaneous Clouds Solutions Lda. ("we," "us," "our"). We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website (revenuity.io), purchase our auditing or ongoing maintenace services, subscribe to our newsletter, or book a call with us.

Spontaneous Clouds Solutions Lda., a company registered in Portugal, is the primary data controller for the personal data collected through the Site and for the provision of our services directly to you. When we perform auditing services for our clients, we may act as a data processor for the data our clients provide us access to, under their instruction and in accordance with a separate data processing agreement where applicable.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the site or use our services.

2. Information We Collect

We may collect information about you in a variety of ways. The information we may collect on the Site includes:

A. Information You Provide to Us Directly

We collect personal data that you voluntarily provide to us when you:

• Purchase Auditing or Retainer Services: When you purchase our services, we collect your name, email address, business name, website url and billing information. Payment processing is handled by Stripe Inc., and we do not store your full credit card details.
• Book a Call: When you book a call using Cal.com, we collect your name, email address, and any other information you choose to provide to facilitate the call (e.g., company name, store url, topics for discussion).
• Subscribe to Our Newsletter: If you subscribe to our newsletter, we will collect your email address and your name.
• Contact Us: If you contact us via email (e.g., [email protected]) or other communication channels, we will collect your name, email address, and any information contained in your correspondence.

B. Information We Collect Automatically

When you access our Site, we may automatically collect certain information about your device and usage, including:

• Log and Usage Data: Through Google Analytics, we collect information such as your IP address (which may be anonymized), browser type, operating system, referring URLs, pages viewed, links clicked, time spent on pages, and other actions you take on the Site. This information helps us understand how users interact with our Site and to improve its functionality and user experience.
• Cookies and Similar Technologies: We use cookies and similar tracking technologies to collect and use personal information about you. This is further detailed in Section 6 ("Cookies and Tracking Technologies").

C. Data Accessed for Auditing Services (Client-Controlled Data)

When you purchase our Auditing Services, we require access to certain data that you control to perform these services effectively. This data is processed by us as a Data Processor on your behalf and under your instruction. This may include, but is not limited to:

• Access to your Google Analytics account data.
• Access to your e-commerce platform backend (e.g., Shopify, WooCommerce).
• Sales data and reports.
• Customer lists for segmentation analysis (e.g., email lists).
• Access to heatmap and session recording tools data.
• Any other data or platform access required by the specific auditing package you have purchased and as agreed with you.

The handling of this client-controlled data is governed by our service agreement with you and applicable data processing terms. This Privacy Policy primarily concerns data for which Spontaneous Clouds Solutions Lda. is the Data Controller.

3. How We Use Your Information

We use the information we collect or access for various purposes, including:

• To Provide and Manage Our Services: To process your orders for auditing services, deliver the agreed-upon reports and recommendations, schedule and conduct calls, and manage your account.
• To Perform Auditing Services: To analyze the client-controlled data (as described in 2.C) to identify revenue recovery opportunities, provide insights on conversion rate optimization (CRO), retention marketing, and deliver actionable implementation plans.
• To Communicate With You: To respond to your inquiries, send important service-related notices, provide customer support, and request feedback.
• For Payment Processing: To facilitate transactions for our services via our third-party payment processor, Stripe.
• For Marketing and Promotional Purposes: If you have opted-in, to send you newsletters, marketing emails, and information about our services, promotions, or events that may be of interest to you. You can opt-out of these communications at any time.
• To Improve Our Site and Services: To understand how users interact with our Site, to monitor and analyze usage and trends, to improve the Site's functionality and user experience, and to develop new products and services.
• For Legal, Safety, and Security Purposes: To comply with applicable legal obligations (e.g., tax and accounting requirements), to protect our rights, privacy, safety, or property, and/or that of yours or others, and to detect, prevent, or otherwise address fraud, security, or technical issues.

4. Legal Basis for Processing Your Personal Data (GDPR)

If you are located in the European Economic Area (EEA) or the UK, our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only:

• Where we need the personal information to perform a contract with you (e.g., to provide our Auditing Services, to process your payment).
• Where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms (e.g., for our marketing activities (where consent is not required), to improve our Site, for fraud prevention).
• Where we have your consent to do so (e.g., to send you newsletters, to use certain cookies).
• Where we have a legal obligation to collect personal information from you (e.g., for tax and accounting purposes).

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under Section 14.

5. Sharing Your Information

We do not sell your personal information. We may share your personal information in the following situations:

• With Service Providers: We may share your information with third-party vendors, consultants, and other service providers who perform services on our behalf. These include:
  • Stripe: For payment processing. Stripe may process your personal data as a controller for its own purposes. You can review Stripe's Privacy Policy at https://stripe.com/privacy.
  • Cal.com: For call scheduling. Cal.com may process your personal data as a controller for its own purposes. You can review Cal.com's Privacy Policy at https://cal.com/privacy.
  • Google Analytics: For website analytics and understanding user behavior. You can learn more about Google's practices at https://policies.google.com/privacy.
  • Newsletter Provider (Resend): If we use a third-party service like Resend for newsletter distribution, your email address (and name, if provided) will be shared with them solely for this purpose.
  • Other IT, hosting, and professional service providers who assist us in operating our website, conducting our business, or servicing you, so long as those parties agree to keep this information confidential and process it only on our instructions.
• Client-Controlled Data for Auditing: The data you provide access to for our Auditing Services (as described in Section 2.C) is treated with strict confidentiality. We access this data solely to provide you with the agreed-upon services. We do not share this specific client data with any third parties unless explicitly authorized by you as part of the service delivery (e.g., integrating a recommended tool with your consent) or if required by law.
• For Legal Reasons: We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii) protect and defend our rights or property, (iii) act in urgent circumstances to protect the personal safety of users of the Site or the public, or (iv) protect against legal liability.
• Business Transfers: In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company, your personal information may be transferred. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy.
• With Your Consent: We may disclose your personal information for any other purpose with your explicit consent.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. A cookie is a small text file stored on your computer or mobile device when you visit a website.

Our Site uses cookies for the following purposes:

• Google Analytics: We use Google Analytics to collect information about how visitors use our Site. This includes information about the number of visitors, the websites that referred them, and the pages they visited. We use this information to compile reports and to help us improve the Site. Google Analytics cookies may track your IP address (often anonymized), browser type, operating system, and other usage details. For more information on Google Analytics cookies, see the official Google Analytics Ppage or Google's Privacy Policy. You can opt-out of Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout.
• Stripe: When you use our services to make a payment, Stripe may place cookies that are necessary for processing your transaction securely and for fraud prevention. For more information, please review Stripe's Cookie Policy, which is typically part of their overall Privacy Policy linked above.
• Cal.com: When you use our Site to book a call, Cal.com may place cookies that are necessary for the booking functionality to work correctly. For more information, please review Cal.com's Privacy Policy linked above.

Our Stance on Other Cookies: Beyond the cookies used by Google Analytics, Stripe, and Cal.com for their essential functionalities as described, Revenuity does not deploy other first-party or third-party cookies for advertising, tracking, or profiling purposes on our Site.

Managing Cookies: Most web browsers allow you to control cookies through their settings preferences. You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, some features of our Site or services (like payment processing or call booking) may not function properly.

7. Data Retention

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Policy. This includes retaining your data to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable tax/revenue laws), resolve disputes, enforce our legal agreements and policies, and for our legitimate business needs.

Specifically:

• Information related to your purchases of our services (e.g., billing information) will be retained for the period required by Portuguese law for financial and tax records.
• Information you provide when booking a call or contacting us will be retained as long as necessary to respond to your query and for a reasonable period thereafter for follow-up or record-keeping.
• If you subscribe to our newsletter, your email address will be retained until you unsubscribe.
• Data collected via Google Analytics is subject to Google's retention policies and our configuration settings.
• Client-controlled data accessed for Auditing Services will be retained for the duration of the audit project and a reasonable period thereafter as agreed in our service agreement, or until you instruct us to delete it, unless longer retention is required by law.

8. Data Security

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. These measures aim to protect your data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. For example, payment transactions are processed through Stripe, which uses encryption and other security measures.

However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Site is at your own risk. You should only access the services within a secure environment.

9. Your Data Protection Rights (GDPR)

If you are a resident of the European Economic Area (EEA) or the UK, you have certain data protection rights. Spontaneous Clouds Solutions Lda. aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. These rights include:

• The right to access: You have the right to request copies of your personal data.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure (right to be forgotten): You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing: You have the right to object to our processing of your personal data based on our legitimate interests (or those of a third party), under certain conditions. You also have the absolute right to object to the processing of your personal data for direct marketing purposes.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, in a structured, commonly used, machine-readable format, under certain conditions.
• The right to withdraw consent: If we are processing your personal data based on your consent (e.g., for newsletters), you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.

If you wish to exercise any of these rights, please contact us at [email protected]. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

You also have the right to lodge a complaint with a data protection supervisory authority. For Portugal, the supervisory authority is the Comissão Nacional de Proteção de Dados (CNPD) - www.cnpd.pt.

10. International Data Transfers

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction (e.g., United States, where some of our service providers like Google, Stripe, Cal.com are based).

Spontaneous Clouds Solutions Lda. is based in Portugal. If we transfer your personal data out of the EEA or UK, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and that appropriate safeguards are in place to protect your personal data. This may include implementing Standard Contractual Clauses (SCCs) approved by the European Commission or which meet the minimum requirements of the GDPR.

11. Children's Privacy

Our Site and Services are not intended for or directed at individuals under the age of 18 (or the relevant age of majority in their jurisdiction). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal data from a child without verification of parental consent, we will take steps to delete that information from our servers promptly.

12. Links to Other Websites

Our Site may contain links to other websites that are not operated by us (e.g., links to Stripe, Cal.com, or other resources). If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time in response to changing legal, technical, or business developments. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will post any changes on this page and update the "Effective Date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions or concerns about this Privacy Policy, our data practices, or if you wish to exercise any of your data protection rights, please contact us:

Spontaneous Clouds Solutions Lda.
Email: [email protected]
Registered in Portugal.