Privacy Policy

When you sign up as a restaurant operator, we collect: business name + legal entity, EIN, business address, owner contact (name + email + phone), payment-method details (via Stripe), and the brand-DNA inputs you provide during onboarding (hero item, revenue targets, food-cost percentage, slow days, primary goal, etc.). We also store your customer list + transaction history when you upload it.

When your customers opt in to your messaging program (via QR, web form, wallet pass, or POS sync), we collect: phone number, first name, email (optional), visit history, and consent provenance (timestamp, IP, exact consent text). This data is processed on your behalf — you are the data controller, we are the processor.

We use this data to operate the platform: scoring guests with RFM math, generating campaign drafts via our AI agents, sending your messages through Twilio and SendGrid, processing payments, and reporting performance back to you. We do NOT sell, rent, or share your data with third parties for their marketing.

We rely on a small number of trusted sub-processors:

• Supabase — database + authentication (US-East)
• Stripe — payment processing
• Twilio — SMS delivery + A2P 10DLC carrier registration
• SendGrid — email delivery
• Anthropic — AI agent inference (Vera CMO + CFO + Data Scientist)
• OpenAI — image-generation for ad creative (when used)
• Vercel — application hosting

Each is contractually bound to handle data only as we direct.

Our AI agents process your brand-DNA inputs + campaign history to generate drafts, project ROI, and recommend pipelines. We do NOT use your data to train AI models — Anthropic and OpenAI provide zero-data-retention API tiers under our contract, which we use exclusively. Inference happens; training does not.

You can export your data at any time, request correction of inaccuracies, or delete your account. Account deletion is honored within 30 days, subject to legally-required retention (typically tax records). Email privacy@getrevenueos.io to exercise any of these rights.

Your customers see a separate, restaurant-specific privacy notice at rvnos.me/p/{your location_id}/privacy. That page describes how YOUR customers' data is used by your business. You remain the controller of your customer list.

We notify operators by email at least 30 days before any material change to this policy.