Legal
RevBridge Privacy Policy
Last Updated: April 10, 2026
RevBridge AI Ltda. ("RevBridge," "we," "us," or "our"), a company registered under CNPJ 62.811.394/0001-15, with its registered office at Rua Pais Leme, nº 215, Conjunto 1713, Pinheiros, São Paulo/SP, CEP 05424-150, Brazil, is committed to protecting the privacy of its Customers and website visitors.
This Privacy Policy describes how we collect, use, store, share, and protect personal data in connection with our website (https://revbridge.ai), our Platform, and our Services, as defined in our Terms of Service.
This Privacy Policy applies to Customers (businesses and their authorized representatives that use the RevBridge Platform) and visitors to the RevBridge website. This Privacy Policy does not govern the relationship between our Customers and their End Users. Customers are solely responsible for their own privacy policies and practices with respect to End User data processed through the Platform.
Table of Contents
- Definitions
- Data We Collect
- How We Use Your Data
- Legal Basis for Processing
- Cookies and Tracking Technologies
- Data Sharing and Disclosure
- International Data Transfers
- Data Storage and Security
- Data Retention
- Your Rights Under the LGPD
- End User Data — Customer Responsibility
- Children's Privacy
- Changes to This Policy
- Contact Us
1. Definitions
"Customer" means the legal entity or individual that registers for and uses the RevBridge Platform and Services.
"Dashboard User" means an individual authorized by Customer to access the RevBridge Dashboard.
"End User" means a consumer or individual whose data is uploaded by Customer to the Platform for the purpose of receiving Campaign communications. End Users are not direct users of RevBridge.
"Personal Data" means any information relating to an identified or identifiable natural person, as defined under the Lei Geral de Proteção de Dados (LGPD — Law No. 13,709/2018).
"Platform" means the RevBridge software-as-a-service product, including the Dashboard, APIs, SDKs, and related tools.
"Services" has the meaning set forth in the RevBridge Terms of Service.
2. Data We Collect
2.1 Data You Provide Directly
When you register for an account, contact us, or use our Services, we may collect:
- Account information: Company name, contact person name, email address, phone number, billing address, and login credentials.
- Billing information: Payment method details, invoicing data, and transaction history. Note: we do not store full credit card numbers; payment processing is handled by third-party payment providers.
- Communications: Content of emails, support requests, and other correspondence you send to us.
- Onboarding information: Integration details, technical configuration preferences, and Conversion definitions agreed during setup.
2.2 Data We Collect Automatically
When you visit our website or use the Dashboard, we may automatically collect:
- Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution.
- Usage data: Pages visited, features used within the Dashboard, clicks, session duration, referring URLs, and interaction patterns.
- Log data: Server logs including access times, error logs, and API call records.
- Location data: Approximate geographic location derived from IP address.
2.3 Data We Collect via Cookies and Tracking Technologies
See Section 5 (Cookies and Tracking Technologies) for details.
2.4 End User Data
Customers upload End User data (such as names, email addresses, phone numbers, purchase history, and behavioral events) to the Platform for the purpose of running Campaigns. RevBridge processes this data strictly as a Processor (Operador) on behalf of the Customer, who acts as the Controller (Controlador). The collection, legality, and consent for End User data is entirely the Customer's responsibility. RevBridge does not independently collect, generate, or enrich End User data.
3. How We Use Your Data
We use Customer and visitor data for the following purposes:
3.1 Service Delivery
- Providing, operating, and maintaining the Platform and Services.
- Processing Budget deposits and managing billing.
- Delivering Campaign communications on Customer's behalf.
- Optimizing Campaign performance through algorithmic decision-making and machine learning.
- Generating performance reports and analytics within the Dashboard.
3.2 Account Management
- Creating and managing Customer accounts.
- Authenticating Dashboard Users.
- Providing customer support and responding to inquiries.
- Communicating service-related notices (e.g., downtime, security alerts, product updates).
3.3 Improvement and Development
- Analyzing usage patterns to improve Platform features and user experience.
- Conducting internal research and development.
- Generating aggregated, anonymized statistics about Platform usage (which cannot be used to identify any individual or Customer).
3.4 Marketing and Communications
- Sending marketing communications about RevBridge products, features, and events, where Customer has opted in or where permitted by applicable law.
- Displaying relevant advertising to website visitors through remarketing pixels.
Customer may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting us at privacy@revbridge.ai.
3.5 Legal and Compliance
- Complying with applicable laws, regulations, and legal processes.
- Enforcing our Terms of Service and protecting our rights.
- Preventing fraud, abuse, and security incidents.
4. Legal Basis for Processing
Under the LGPD, we process Personal Data based on the following legal grounds:
| Purpose | Legal Basis (LGPD Art. 7) |
|---|---|
| Service delivery and contract performance | Performance of a contract (Art. 7, V) |
| Account management and support | Performance of a contract (Art. 7, V) |
| Billing and payment processing | Performance of a contract / Legal obligation (Art. 7, II and V) |
| Platform improvement and analytics | Legitimate interest (Art. 7, IX) |
| Marketing communications | Consent (Art. 7, I) |
| Cookies and tracking (analytics) | Legitimate interest (Art. 7, IX) |
| Cookies and tracking (marketing) | Consent (Art. 7, I) |
| Security and fraud prevention | Legitimate interest (Art. 7, IX) |
| Legal compliance | Legal obligation (Art. 7, II) |
| End User data processing | Performance of a contract with Customer, acting as Processor (Art. 7, V) |
5. Cookies and Tracking Technologies
5.1 What Are Cookies
Cookies are small text files stored on your device when you visit a website. We also use similar technologies such as pixels, tags, and local storage.
5.2 Types of Cookies We Use
Strictly Necessary Cookies — Required for the website and Dashboard to function. These cannot be disabled.
- Session management and authentication
- Security tokens
- Load balancing
Analytics Cookies — Help us understand how visitors interact with our website and Dashboard.
- Google Analytics (GA4) — traffic analysis, page views, user behavior
- Usage patterns within the Dashboard
Marketing Cookies — Used to deliver relevant advertising and measure campaign effectiveness.
- Google Ads remarketing pixel
- Meta (Facebook) pixel
- LinkedIn Insight Tag
5.3 Cookie Management
You can manage your cookie preferences at any time through our cookie banner displayed on your first visit to the website, or by adjusting your browser settings. Please note that disabling certain cookies may affect the functionality of the website or Dashboard.
Browser controls: Most browsers allow you to block or delete cookies through their settings. Refer to your browser's help documentation for instructions.
Opt-out links:
- Google Analytics: https://tools.google.com/dlpage/gaoptout
- Google Ads: https://adssettings.google.com
- Meta: https://www.facebook.com/settings/?tab=ads
- LinkedIn: https://www.linkedin.com/psettings/guest-controls
5.4 Do Not Track
Our website does not currently respond to "Do Not Track" browser signals, as there is no industry-standard protocol for compliance. However, you may use the cookie management options described above to control tracking.
6. Data Sharing and Disclosure
We do not sell, rent, or trade your Personal Data. We may share your data only in the following circumstances:
6.1 Service Providers (Sub-Processors)
We engage trusted third-party providers to assist in delivering the Services, including cloud hosting, payment processing, email delivery, analytics, and customer support. These providers are contractually bound to process data only on our instructions and in accordance with applicable data protection laws. A list of current sub-processors is available upon request at privacy@revbridge.ai.
6.2 Legal Requirements
We may disclose Personal Data if required by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of RevBridge, our Customers, or third parties.
6.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, Personal Data may be transferred to the acquiring entity, subject to the same privacy protections described in this Policy.
6.4 With Customer's Consent
We may share data in other circumstances with Customer's explicit prior consent.
6.5 Aggregated and Anonymized Data
We may share aggregated, anonymized data that cannot reasonably be used to identify any individual or Customer, for purposes such as industry analysis, benchmarking, or marketing.
7. International Data Transfers
Customer and End User data is primarily stored and processed in Brazil, on Google Cloud Platform (GCP) infrastructure located in the São Paulo region (southamerica-east1).
In limited circumstances, data may be transferred to other jurisdictions (e.g., when using sub-processors with global infrastructure). In such cases, we ensure that appropriate safeguards are in place in accordance with the LGPD, including standard contractual clauses or other valid transfer mechanisms recognized under applicable law.
8. Data Storage and Security
8.1 Infrastructure
Our Services are hosted on Google Cloud Platform (GCP) in São Paulo, Brazil. GCP maintains industry-standard security certifications, including SOC 2 and ISO 27001.
8.2 Security Measures
We implement and maintain administrative, physical, and technical safeguards designed to protect Personal Data, including:
- Encryption of data in transit (TLS) and at rest.
- Access controls based on role and least-privilege principles.
- Web application firewall (WAF) protection.
- Regular penetration testing by independent third parties.
- Monitoring and logging of system activity for anomaly detection.
- Secure password storage using one-way hashing algorithms.
For a detailed description of our security measures, please refer to Annex 1 (Security Measures) of our Terms of Service.
8.3 Incident Response
In the event of a Personal Data Breach, we will notify affected Customers without undue delay and within seventy-two (72) hours, in accordance with our Data Processing Addendum and applicable law.
9. Data Retention
We retain Personal Data only for as long as necessary to fulfill the purposes described in this Policy, or as required by applicable law.
| Data Type | Retention Period |
|---|---|
| Account information | Duration of the Agreement + 5 years (legal/tax obligations) |
| Billing and transaction records | 5 years from the date of the transaction (Brazilian tax law) |
| Dashboard usage and log data | 12 months |
| Analytics and cookie data | Up to 26 months (depending on the provider) |
| Support correspondence | Duration of the Agreement + 2 years |
| End User data (processed as Processor) | As instructed by Customer; deleted within 30 days of termination or Customer request |
Upon termination of the Agreement or upon Customer's written request, we will delete or return Customer Data within thirty (30) days, except where retention is required by law.
10. Your Rights Under the LGPD
Under the LGPD (Law No. 13,709/2018), you have the following rights with respect to your Personal Data:
- Confirmation and access — Request confirmation of whether we process your data, and access to such data.
- Correction — Request correction of incomplete, inaccurate, or outdated data.
- Anonymization, blocking, or deletion — Request anonymization, blocking, or deletion of unnecessary or excessive data, or data processed in violation of the LGPD.
- Portability — Request portability of your data to another service provider, subject to applicable regulations.
- Deletion — Request deletion of Personal Data processed with your consent.
- Information about sharing — Obtain information about public and private entities with which your data has been shared.
- Consent withdrawal — Withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
- Opposition — Object to processing carried out on legal bases other than consent, if there is non-compliance with the LGPD.
To exercise any of these rights, please contact us at privacy@revbridge.ai. We will respond to your request within fifteen (15) days, as required by the LGPD.
If you believe that your data protection rights have been violated, you have the right to file a complaint with the Autoridade Nacional de Proteção de Dados (ANPD) at https://www.gov.br/anpd.
11. End User Data — Customer Responsibility
RevBridge processes End User data exclusively as a Processor (Operador) on behalf of the Customer, who acts as the Controller (Controlador).
RevBridge does not:
- Independently collect End User data.
- Generate, acquire, purchase, or enrich End User databases.
- Determine the purposes or means of processing End User data.
- Maintain a direct relationship with End Users.
- Send communications to End Users except as instructed by Customer through Campaign configurations.
Customer is solely responsible for:
- Obtaining all necessary consents and legal bases for collecting, storing, and sharing End User data with RevBridge.
- Providing End Users with an appropriate privacy policy and transparency about data processing.
- Responding to End User rights requests (access, deletion, correction, portability, etc.).
- Ensuring compliance with all applicable data protection, consumer protection, and anti-spam laws.
If RevBridge receives a request directly from an End User regarding their Personal Data, RevBridge will direct the End User to the applicable Customer, unless prohibited by law.
For details on how we process End User data as a Processor, please refer to Addendum A (Data Processing Addendum) of our Terms of Service.
12. Children's Privacy
The RevBridge Platform and Services are designed for use by businesses and are not directed at individuals under the age of 18. We do not knowingly collect Personal Data from children. If we become aware that we have inadvertently collected data from a child, we will take steps to delete such data promptly.
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or applicable law. When we make material changes, we will notify Customers via email or through the Dashboard. The "Last Updated" date at the top of this page indicates when this Policy was last revised.
Continued use of the Services after the effective date of any update constitutes acceptance of the revised Privacy Policy.
14. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data protection rights, or need to report a concern, please contact us:
RevBridge AI Ltda.
Rua Pais Leme, nº 215, Conjunto 1713
Pinheiros, São Paulo/SP, CEP 05424-150
Brazil
Privacy inquiries: privacy@revbridge.ai
General support: support@revbridge.ai
Data Protection Officer (DPO): dpo@revbridge.ai
RevBridge AI Ltda. — CNPJ: 62.811.394/0001-15
RevBridge
The engagement platform that optimizes ROI in real-time using Agentic AI and adaptive optimization.
© 2026 RevBridge. All rights reserved.