PAGE 1 OF 3 — PRIVACY POLICY — foxrevo.com/privacy 🦊 FoxRevo Privacy Policy Last updated: 1 May 2026 | Effective date: 1 May 2026 Your privacy is important to us. This policy explains what data we collect, why we collect it, how we use it, and your rights under UK GDPR and the Data Protection Act 2018. FoxRevo is operated by Kenneth Arinze, a sole trader registered in England. If you have any questions, contact us at privacy@foxrevo.com.

1. Who We Are FoxRevo ("FoxRevo", "we", "us", or "our") is a revenue intelligence platform operated by Kenneth Arinze, trading as FoxRevo, based in England and Wales. FoxRevo is accessible at foxrevo.com. We are the data controller for all personal data processed through the FoxRevo platform. You can contact us at: • Email: privacy@foxrevo.com • General enquiries: hello@foxrevo.com • Website: foxrevo.com
2. What Data We Collect 2.1 Account Data When you create a FoxRevo account, we collect: • Your full name • Your email address • Your password (stored as a secure hash — we never see your actual password) • Company name, website, industry, estimated annual revenue, and team size (provided during onboarding) • Your timezone and email notification preferences 2.2 Stripe Connection Data When you connect your Stripe account, we collect and store: • Your Stripe Restricted API Key — this is encrypted using AES-256-GCM before storage. We never store it in plain text. • Your Stripe account name, account ID, and default currency (retrieved when testing your connection) 🦊 FoxRevo.com | Privacy Policy, Terms of Service & Help Centre FoxRevo.com | hello@foxrevo.com | Find Your Leaks. Fix Your Revenue. • The number of customers in your account (retrieved at connection time and at each autopsy run) We do NOT store your customers' personal data, card numbers, or payment details. We retrieve billing data temporarily during an autopsy run and store only aggregate findings — not raw customer records. 2.3 Autopsy and Findings Data When you run a Revenue Autopsy, we store: • The date, time, and settings of each autopsy run • The findings from each check: number of items found, estimated revenue impact, and the specific data relevant to each finding (such as invoice IDs, subscription IDs, customer email addresses from your Stripe account, amounts, and dates) • Your Revenue Health Index score • Actions you take on findings (marking as resolved, in progress, or snoozed) • Generated report files (CSV and TXT) stored in encrypted file storage 2.4 Billing and Payment Data FoxRevo uses Stripe to process subscription payments. We do not handle your payment card data directly. Stripe collects and processes your payment information subject to Stripe's own Privacy Policy (stripe.com/privacy). We receive and store: • Your Stripe customer ID • Your subscription plan, status, and renewal dates • Invoice references and payment status (not card numbers) 2.5 Usage and Technical Data When you use FoxRevo, we automatically collect: • IP address and approximate location (country/city) • Browser type, operating system, and device type • Pages visited, features used, and time spent in the app • Error logs and performance data • Referring website or link This data is collected via Vercel Analytics and Sentry for performance monitoring and error tracking. We do not sell this data. 2.6 Email Communications We track email delivery and engagement (opens and link clicks) for emails sent via Resend. This helps us understand whether important emails (such as autopsy completion notifications and billing alerts) are being received. You can opt out of marketing emails at any time.
3. How We Use Your Data 3.1 Lawful Bases for Processing 🦊 FoxRevo.com | Privacy Policy, Terms of Service & Help Centre FoxRevo.com | hello@foxrevo.com | Find Your Leaks. Fix Your Revenue. Under UK GDPR, we process your data on the following lawful bases: Lawful Basis What We Use It For Contract Performance Running the FoxRevo service you have subscribed to — processing autopsies, storing findings, generating reports, sending transactional emails Legitimate Interests Security monitoring, fraud prevention, improving the platform, sending relevant product updates to existing customers Legal Obligation Retaining financial records for HMRC compliance (6 years), responding to lawful requests from authorities Consent Sending marketing emails and newsletters — you can withdraw consent at any time 3.2 Specific Uses • To provide and operate the FoxRevo service, including running autopsy jobs and generating reports • To authenticate you and maintain your session • To process subscription payments and send billing notifications • To send transactional emails (autopsy results, account alerts, billing notices) • To calculate and display your Revenue Health Index and growth trends • To generate your AI Revenue Grade Report (Pro and Elite plans) • To improve FoxRevo by analysing how features are used (using anonymised aggregate data) • To detect and prevent fraud, abuse, and security incidents • To comply with legal and regulatory obligations
4. How We Share Your Data We do not sell your personal data. We share it only with the following categories of third parties, each of which provides a service essential to operating FoxRevo: Service Provider What We Share / Why Supabase (US/EU) Hosts our database and authentication system. Stores all user account data, findings, and reports. Data processed under Supabase's Data Processing Agreement. Vercel (US) Hosts our web application. Processes your IP address and request data as part of serving the application. Stripe (US) Processes subscription payments. Receives billing information you provide. Subject to Stripe's own Privacy Policy. Resend (US) Sends transactional and notification emails. Receives your email address and email content. 🦊 FoxRevo.com | Privacy Policy, Terms of Service & Help Centre FoxRevo.com | hello@foxrevo.com | Find Your Leaks. Fix Your Revenue. Sentry (US) Error monitoring. May receive anonymised error data including page URLs and browser information. OpenAI / Anthropic (US) Powers AI Grade Reports (Pro/Elite). Receives anonymised audit findings data to generate written analysis. No personal identifiers are sent. Inngest / Trigger.dev Processes background autopsy jobs. Receives job instructions including your Stripe connection reference (not the key itself). HMRC and UK Authorities We may disclose data if required by law, court order, or regulatory investigation. All third-party processors are bound by data processing agreements. Where data is transferred outside the UK or EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decisions).
5. Data Retention Data Type Retention Period Account and profile data For the duration of your account, plus 90 days after deletion request Autopsy findings and reports For the duration of your subscription, plus 90 days after cancellation, then permanently deleted Billing and invoice records 6 years from date of transaction (HMRC requirement) Email communication logs 12 months Usage and analytics data 24 months in aggregate form Security logs (login attempts, errors) 90 days Stripe connection keys (encrypted) Until you disconnect or delete your account — immediately deleted on either event
6. Your Rights Under UK GDPR You have the following rights regarding your personal data. To exercise any of them, contact us at privacy@foxrevo.com. We will respond within 30 days. • Right to Access — You can request a copy of all personal data we hold about you. • Right to Rectification — You can ask us to correct inaccurate or incomplete data. • Right to Erasure — You can ask us to delete your data. We will comply except where we are required to retain it by law (e.g. billing records). • Right to Restrict Processing — You can ask us to pause processing your data in certain circumstances. 🦊 FoxRevo.com | Privacy Policy, Terms of Service & Help Centre FoxRevo.com | hello@foxrevo.com | Find Your Leaks. Fix Your Revenue. • Right to Data Portability — You can request your data in a structured, machine-readable format (JSON or CSV). • Right to Object — You can object to processing based on legitimate interests or for direct marketing purposes. • Right to Withdraw Consent — For any processing based on consent (marketing emails), you can withdraw at any time via the unsubscribe link or by contacting us. • Right to Lodge a Complaint — You have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we have mishandled your data.
7. Security We take data security seriously and implement the following technical and organisational measures: • All data is encrypted in transit using TLS 1.2 or higher • All data at rest is encrypted using AES-256 • Stripe API keys are encrypted using AES-256-GCM before storage and never returned in plain text after saving • Row Level Security (RLS) is enforced at the database level — users can only access their own data • Passwords are hashed using bcrypt via Supabase Auth — we never see plain-text passwords • Access to production systems is restricted to authorised personnel only • We conduct periodic security reviews and respond to responsible disclosure reports If you believe you have found a security vulnerability in FoxRevo, please email security@foxrevo.com. We will acknowledge your report within 48 hours. In the event of a data breach affecting your personal data, we will notify you and the ICO within 72 hours as required by UK GDPR.
8. Cookies FoxRevo uses the following cookies: Cookie Name / Type Purpose sb-access-token (Session) Supabase authentication session token. Required for you to stay logged in. Cannot be disabled. sb-refresh-token (Session) Supabase session refresh token. Required for authentication. Cannot be disabled. _vercel_insights (Analytics) Vercel anonymous analytics. Helps us understand how the app is used. No personal identifiers. Can be disabled. __stripe_mid (Payment) Stripe fraud prevention cookie. Set when you visit a page with Stripe elements. Cannot be disabled on billing pages. foxrevo-preferences (Functional) Stores your in-app preferences (e.g. selected analysis window). Functional cookie. Can be disabled. 🦊 FoxRevo.com | Privacy Policy, Terms of Service & Help Centre FoxRevo.com | hello@foxrevo.com | Find Your Leaks. Fix Your Revenue. We do not use advertising, tracking, or third-party analytics cookies beyond those listed above. We do not share cookie data with advertisers.
9. Children's Privacy FoxRevo is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact privacy@foxrevo.com and we will delete it immediately.
10. Changes to This Policy We may update this Privacy Policy from time to time. When we make material changes, we will: • Update the 'Last updated' date at the top of this page • Send an email notification to all registered users • Display an in-app banner for 14 days after the change takes effect Your continued use of FoxRevo after a change takes effect constitutes acceptance of the updated policy. If you do not accept the updated policy, you may delete your account.
11. Contact Us For any questions, requests, or complaints regarding this Privacy Policy or our data practices: • Email: privacy@foxrevo.com • General: hello@foxrevo.com • Website: foxrevo.com We aim to respond to all privacy-related enquiries within 5 business days and all subject access requests within 30 calendar days. 🦊 FoxRevo.com | Privacy Policy, Terms of Service & Help Centre FoxRevo.com | hello@foxrevo.com | Find Your Leaks. Fix Your Revenue.