DataRevenue.io

Privacy Policy

Last updated: June 19, 2026

Data Revenue LLC ("DataRevenue," "we," "us," or "our") operates the website at datarevenue.io and the application at app.datarevenue.io, together with the DataRevenue data asset valuation platform, the Data Revenue Connecter (DRC) scanner, and related services (collectively, the "Services"). This Privacy Policy explains what information we collect, how we use and share it, and the choices and rights you have.

By using the Services you agree to this Privacy Policy. If you do not agree, please do not use the Services.

1. Who this policy covers

This policy applies to: visitors to our websites; account holders and their authorized users; referral partners; and individuals whose business-contact information is submitted to us through a referral or lead-capture form. It does not govern the privacy practices of third parties we link to or integrate with.

2. Information we collect

a. Account and identity information. Name, business email address, company name, role, and authentication identifiers. Authentication is handled through our identity provider (Supabase); we receive your user identifier, email, and role.

b. Questionnaire and dataset metadata. Information you provide about the data assets you want valued, such as record counts, data categories, cost and revenue inputs, quality and risk self-assessments, ownership and compliance answers, and business context. This describes your datasets; it is not the underlying records themselves.

c. DRC Scanner / Data Passport data. The DRC Scanner runs in your own environment and is read-only. It produces a signed "Data Passport" that contains only aggregate statistics and derived metrics (for example, table and column counts, quality scores, and detected categories of personally identifiable information by type), together with a list of PII finding types. By design, the Data Passport does not contain raw rows, field values, or record-level content. See Section 4.

d. Usage, device, and log data. IP address, browser and device characteristics, pages viewed, actions taken, timestamps, and request identifiers, collected to operate, secure, and improve the Services.

e. Communications. Messages you send us (support requests, emails) and our correspondence with you.

f. Payment information. If you purchase a paid plan or remit an engagement deposit, payments are processed by our third-party providers, Stripe (card and electronic payments) and Thread Bank (wire transfers). We do not store full payment card numbers; we receive limited transaction and billing details from these providers.

We do not knowingly collect special categories of personal data, and we instruct clients not to submit protected health information (PHI) or sensitive personal data through the questionnaire or chat features.

3. How we use information

We use information to:

  • provide, operate, secure, and maintain the Services;
  • create accounts and authenticate users;
  • generate data asset valuation reports, recommendations, and analyses;
  • generate written report narratives using third-party large language model (LLM) providers (see Section 5);
  • communicate with you, including service and lead notifications;
  • administer the referral partner program and attribute referred leads;
  • process payments and manage subscriptions and engagement deposits;
  • monitor, analyze, and improve performance and reliability;
  • detect, prevent, and address fraud, abuse, and security incidents; and
  • comply with legal obligations and enforce our agreements.

4. The DRC Scanner and Data Passport (privacy by design)

The DRC Scanner is designed to keep your underlying data in your environment. It connects read-only, profiles your data locally, and emits a Data Passport that carries only aggregate and derived statistics plus PII finding metadata (type, table/column name, and risk level). Raw values and sample rows are processed only in your environment and are not transmitted to us. The Data Passport is cryptographically signed so its integrity can be verified on ingestion.

5. Automated processing and AI

We use third-party LLM providers (currently Anthropic and/or OpenAI) to generate the narrative sections of valuation reports and related text. The structured inputs we send for this purpose are derived from your questionnaire answers and computed valuation outputs. We instruct these providers to process the data only to return the requested output. We do not use your data to train third-party foundation models.

6. How we share information

We share information only as described here:

  • Service providers (sub-processors). Hosting and infrastructure (Railway), authentication (Supabase), LLM providers (Anthropic, OpenAI) for report narratives, email delivery, error monitoring, and payment processing (Stripe and Thread Bank). These providers process data on our behalf under contractual confidentiality and security obligations.
  • Monetization partner (Graphable). If you elect to pursue data monetization, and only after you have signed the applicable Engagement Agreement, we transmit your valuation report and associated assessment to our refinement and monetization partner, Graphable, Inc., so they can evaluate monetization opportunities. This transfer does not occur without your authorization.
  • Referral partners. When a lead is submitted through a referral partner's link, the business-contact details of that lead are associated with the referring partner for attribution and follow-up within our CRM.
  • Legal and safety. When required by law, regulation, legal process, or to protect the rights, property, or safety of DataRevenue, our users, or others.
  • Business transfers. In connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

We do not sell your personal information, and we do not share it for cross-context behavioral advertising.

7. Legal bases for processing (EEA/UK)

Where the EU/UK GDPR applies, we process personal data on the bases of: performance of a contract; our legitimate interests in operating and improving the Services; your consent (where requested, such as for non-essential cookies); and compliance with legal obligations.

8. International data transfers

We are based in Wyoming, United States, and may process and store information in the United States and other countries. Where required for transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards (such as the European Commission's Standard Contractual Clauses).

9. Data retention

We retain personal information for as long as your account is active or as needed to provide the Services, and thereafter as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Valuation records and signed agreements may be retained for audit and compliance purposes. You may request deletion as set out below.

10. Security

We apply administrative, technical, and organizational safeguards designed to protect personal information, including encryption in transit, field-level encryption of sensitive data at rest (AES-256-GCM), signed Data Passports, role-based access controls, and audit logging. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Your rights and choices

Depending on your location, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing. Where we rely on consent, you may withdraw it at any time. California residents have rights under the CCPA/CPRA, including the right to know, delete, correct, and to opt out of "sale" or "sharing" (note that we do not sell or share personal information as those terms are defined). EEA/UK residents may lodge a complaint with their local supervisory authority. To exercise any right, contact us at hello@datarevenue.io. We will respond within the timeframes required by applicable law and will not discriminate against you for exercising your rights.

12. Cookies and similar technologies

We use strictly necessary cookies to authenticate sessions, secure the Services, and remember essential preferences. Where required by law, we request your consent before setting non-essential cookies (such as analytics), and you can change or withdraw your choice at any time through our cookie banner or your browser settings. Disabling some cookies may affect functionality.

13. Children's privacy

The Services are intended for businesses and are not directed to children. We do not knowingly collect personal information from anyone under 18 (or under 16 in the EEA/UK).

14. Third-party links and services

The Services may link to or integrate with third-party sites and services that we do not control. Their privacy practices are governed by their own policies.

15. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, where appropriate, provide additional notice.

16. Contact us

Questions or requests regarding this Privacy Policy:

Data Revenue LLC 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801 Email: hello@datarevenue.io