RevenueHQ Privacy Policy

Effective date: July 14, 2026 · Last updated: July 14, 2026

RevenueHQ ("RevenueHQ," "we," "us") is a contribution-margin analytics platform for e-commerce merchants, operated by The Alchemy Group, LLC, a Colorado limited liability company, PO Box 4611, Cerritos, CA 90703, USA. This policy explains what data we collect, how we use it, where it is stored, and the choices you have. Questions: privacy@withalchemy.com.

RevenueHQ is a business-to-business tool. Our customers are merchants ("you"). In providing the service we also process data about your customers ("shopper data") on your behalf and under your instructions.

1. What RevenueHQ does

You connect your e-commerce and marketing accounts to RevenueHQ through each platform's official, read-only authorization flow. RevenueHQ analyzes that data to show you contribution-margin, cohort, and marketing-efficiency analytics. RevenueHQ cannot modify anything in your connected accounts.

2. Data we collect

Account data (from you directly): name, email address, business name, and login credentials for your RevenueHQ account; billing details if and when the service becomes paid.

Connected-platform data (via read-only APIs, only after you authorize each connection):

Usage data: standard technical logs when you use the app (IP address, browser type, pages viewed), used for security and to operate the service.

We practice data minimization: we request only the read-only scopes needed to provide the analytics described above, and nothing else.

3. How we use data

We use the data described in §2 solely to provide and improve the RevenueHQ service to you: computing your analytics, displaying your dashboards and audits, detecting and fixing problems, securing the service, and communicating with you about it.

We do not:

4. Google user data — Limited Use disclosure

Where you connect Google Analytics 4, RevenueHQ accesses Google user data via the Google Analytics Data API under the read-only scope https://www.googleapis.com/auth/analytics.readonly.

RevenueHQ's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically: we use Google user data only to provide the user-facing analytics features described in §1; we do not transfer it to third parties except as necessary to provide those features (see subprocessors, §5), to comply with law, or as part of a merger/acquisition with prior notice; we do not use it for advertising; and no humans read this data except with your permission, for security purposes, to comply with law, or where the data is aggregated for internal operations.

5. Who else touches the data (subprocessors)

We share data only with the infrastructure providers required to run the service:

ProviderPurposeLocation
Supabase (on AWS)Database hostingUnited States (N. Virginia)
CloudflareApplication hosting, CDN, TLSUnited States / global edge
GitHub (Microsoft)Data-pipeline computeUnited States

Each is bound by its own security and data-protection commitments. We may also disclose data where required by law, with notice to you unless prohibited.

6. Where data lives, and how it's protected

All connected-platform data is stored in the United States (AWS us-east-1 via Supabase). Protections include: encryption in transit (TLS) and at rest; per-tenant database isolation enforced with row-level security on every table and verified by automated tests; OAuth tokens encrypted at rest with access restricted to the data pipeline's service role; audit-logged administrative access; and separation of production data from all development and test environments.

7. Retention

We keep connected-platform data while your account is active and the relevant connection remains authorized. If you disconnect a platform, close your account, or request deletion, we delete the associated data from production within 30 days; encrypted backups expire on our provider's standard cycle shortly after. Account data is kept as long as your account exists and as required for legal/accounting obligations.

8. Deleting your data

How to request deletion — for merchants and for shoppers:

9. Your privacy rights

Depending on where you live (including under the Colorado Privacy Act and the California Consumer Privacy Act), you may have rights to access, correct, delete, or receive a copy of personal data, and to opt out of sale or targeted advertising — noting that we do not sell personal data or use it for targeted advertising. To exercise any right, email privacy@withalchemy.com. We will respond within the timeframe required by applicable law and will not discriminate against you for exercising your rights. We process shopper data as a processor/service provider; requests regarding shopper data are fulfilled through the relevant merchant.

10. Children

RevenueHQ is a business tool, not directed at children, and we do not knowingly collect data from anyone under 16.

11. Changes

We will post updates to this policy at this URL and update the "Last updated" date; material changes will be announced to account holders by email before they take effect.

12. Contact

The Alchemy Group, LLC · PO Box 4611, Cerritos, CA 90703, USA · privacy@withalchemy.com