RevenueHQ Privacy Policy
RevenueHQ ("RevenueHQ," "we," "us") is a contribution-margin analytics platform for e-commerce merchants, operated by The Alchemy Group, LLC, a Colorado limited liability company, PO Box 4611, Cerritos, CA 90703, USA. This policy explains what data we collect, how we use it, where it is stored, and the choices you have. Questions: privacy@withalchemy.com.
RevenueHQ is a business-to-business tool. Our customers are merchants ("you"). In providing the service we also process data about your customers ("shopper data") on your behalf and under your instructions.
1. What RevenueHQ does
You connect your e-commerce and marketing accounts to RevenueHQ through each platform's official, read-only authorization flow. RevenueHQ analyzes that data to show you contribution-margin, cohort, and marketing-efficiency analytics. RevenueHQ cannot modify anything in your connected accounts.
2. Data we collect
Account data (from you directly): name, email address, business name, and login credentials for your RevenueHQ account; billing details if and when the service becomes paid.
Connected-platform data (via read-only APIs, only after you authorize each connection):
- Shopify: orders and order history (including order edits and refunds), products, customer records associated with orders (name, email, shipping/billing address, phone where present), and Shopify Payments payout/fee data. We do not receive payment card numbers.
- Meta (Facebook/Instagram) Ads: ad account performance data — spend, campaign/ad set/ad structure, and results metrics. We do not access your personal Facebook or Instagram profile content.
- Google Analytics 4: website analytics data from the GA4 properties you choose to connect (sessions, traffic sources, conversion events). See §4 for our Google-specific commitments.
Usage data: standard technical logs when you use the app (IP address, browser type, pages viewed), used for security and to operate the service.
We practice data minimization: we request only the read-only scopes needed to provide the analytics described above, and nothing else.
3. How we use data
We use the data described in §2 solely to provide and improve the RevenueHQ service to you: computing your analytics, displaying your dashboards and audits, detecting and fixing problems, securing the service, and communicating with you about it.
We do not:
- sell your data or your shoppers' data to anyone;
- share it with advertisers, ad networks, or data brokers;
- use it for advertising or retargeting;
- use one merchant's data for any other merchant's benefit (no cross-merchant benchmarking without your explicit written consent);
- send it to, process it with, or train any artificial-intelligence or large-language-model system. RevenueHQ's analytics are deterministic calculations.
4. Google user data — Limited Use disclosure
Where you connect Google Analytics 4, RevenueHQ accesses Google user data
via the Google Analytics Data API under the read-only scope
https://www.googleapis.com/auth/analytics.readonly.
RevenueHQ's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically: we use Google user data only to provide the user-facing analytics features described in §1; we do not transfer it to third parties except as necessary to provide those features (see subprocessors, §5), to comply with law, or as part of a merger/acquisition with prior notice; we do not use it for advertising; and no humans read this data except with your permission, for security purposes, to comply with law, or where the data is aggregated for internal operations.
5. Who else touches the data (subprocessors)
We share data only with the infrastructure providers required to run the service:
| Provider | Purpose | Location |
|---|---|---|
| Supabase (on AWS) | Database hosting | United States (N. Virginia) |
| Cloudflare | Application hosting, CDN, TLS | United States / global edge |
| GitHub (Microsoft) | Data-pipeline compute | United States |
Each is bound by its own security and data-protection commitments. We may also disclose data where required by law, with notice to you unless prohibited.
6. Where data lives, and how it's protected
All connected-platform data is stored in the United States (AWS us-east-1 via Supabase). Protections include: encryption in transit (TLS) and at rest; per-tenant database isolation enforced with row-level security on every table and verified by automated tests; OAuth tokens encrypted at rest with access restricted to the data pipeline's service role; audit-logged administrative access; and separation of production data from all development and test environments.
7. Retention
We keep connected-platform data while your account is active and the relevant connection remains authorized. If you disconnect a platform, close your account, or request deletion, we delete the associated data from production within 30 days; encrypted backups expire on our provider's standard cycle shortly after. Account data is kept as long as your account exists and as required for legal/accounting obligations.
8. Deleting your data
How to request deletion — for merchants and for shoppers:
- Merchants: email privacy@withalchemy.com from your account email with the subject "Delete my data," or disconnect the platform connection in-app / revoke RevenueHQ's access from the platform's own settings (Shopify admin, Facebook Business Integrations settings, or Google Account permissions at myaccount.google.com/permissions). We will delete the associated data within 30 days and confirm by email.
- Shoppers (customers of a merchant using RevenueHQ): RevenueHQ processes your data on behalf of the merchant you shopped with — please direct requests to that merchant. When a merchant or platform forwards a deletion request (for example, Shopify's customer-redaction webhooks, or a Meta data-deletion request), we honor it automatically within the platform's mandated timeframe.
9. Your privacy rights
Depending on where you live (including under the Colorado Privacy Act and the California Consumer Privacy Act), you may have rights to access, correct, delete, or receive a copy of personal data, and to opt out of sale or targeted advertising — noting that we do not sell personal data or use it for targeted advertising. To exercise any right, email privacy@withalchemy.com. We will respond within the timeframe required by applicable law and will not discriminate against you for exercising your rights. We process shopper data as a processor/service provider; requests regarding shopper data are fulfilled through the relevant merchant.
10. Children
RevenueHQ is a business tool, not directed at children, and we do not knowingly collect data from anyone under 16.
11. Changes
We will post updates to this policy at this URL and update the "Last updated" date; material changes will be announced to account holders by email before they take effect.
12. Contact
The Alchemy Group, LLC · PO Box 4611, Cerritos, CA 90703, USA · privacy@withalchemy.com