Legal
Privacy Policy
This policy explains what personal data Revyn collects, why we collect it, who we share it with, how long we keep it, and the rights you have over it.
1. Who we are
Revyn is an AI sales workspace operated by Revyn Labs Private Limited ("Revyn", "we", "us"). We are the Data Fiduciary for the personal data described in this policy, except where section 2 says otherwise.
- Registered address: Flat no. 2, Plot no. 1051, I-Block, 35th Street, Anna Nagar (Chennai), Egmore Nungambakkam, Chennai – 600040, Tamil Nadu, India
- Privacy contact: privacy@revyn.in
2. Scope of this policy
Revyn holds two different roles depending on whose data is involved.
- We are the Data Fiduciary (controller) for data about you as a user of Revyn — your account, your organisation membership, your practice sessions, and the enquiries you send us. This policy governs that data.
- We are a Data Processor for the data our customers upload about their own prospects, leads, and candidates. The customer decides why that data is processed; we act on their instructions. See section 5. If you are a prospect or candidate whose data was uploaded to Revyn by one of our customers, that customer is your first point of contact, but you can always write to us at privacy@revyn.in and we will route your request.
3. Personal data we collect
3.1 Account and profile
When you create an account we collect and store:
- Email address, username, and full name
- A password, stored only as a bcrypt hash — we never store your password in plain text
- Job title and seniority, if you provide them during onboarding
- Phone number and country code, if you provide them
- The use cases you select during onboarding
During signup, before your account exists, we temporarily hold your submitted details and a hashed one-time passcode so we can verify your email address. This staging record is discarded once verification completes or expires.
3.2 Authentication
- Magic links: we store the email address a sign-in link was issued to, and the link expires shortly after it is issued.
- Social sign-in: if you sign in with Google, GitHub, or Microsoft, we receive and store the provider name, your unique identifier at that provider, your email address, and your last sign-in time. We request identity scopes only. We do not receive your password, and we do not gain access to your mail, files, or calendar through sign-in.
- Enterprise SSO: if your organisation uses SAML or OIDC single sign-on, we store your organisation's identity-provider configuration, with any provider secret encrypted at rest.
- Multi-factor authentication: if you enable MFA, we store your TOTP secret encrypted at rest, and your recovery codes only as hashes.
3.3 Organisation and team
If you use Revyn as part of an organisation, we store your organisation's name, industry, and size band, your role and permissions within it, who invited you, and a billing customer reference. Invitations record the invitee's email address before that person has an account.
Your organisation's administrators can see your membership, role, activity in Revyn, practice scores, and assignments. If your employer provisioned your account, they may also be able to manage or remove it.
3.4 Waitlist, demo bookings, and marketing
Our public site collects the following, and sends it directly from your browser to our database provider, Supabase, rather than through our own backend:
- Waitlist: name, work email, personal email, organisation, country code, phone number, and any product feedback you write.
- Demo bookings: name, email, country code, phone number, your requested time, your time zone (detected from your browser), and any notes you add.
3.5 Content you create in the product
- Your conversations with Ask Revyn, including messages, summaries, and citations
- Practice and roleplay sessions, their configuration, transcripts, scores, and the AI analysis generated from them
- Files you attach to a conversation
- Deals, notes, and pipeline records you create
3.6 Technical data
Our hosting and infrastructure providers process your IP address and standard request metadata to deliver and secure the service. We keep audit records of security-relevant actions in your organisation, such as sign-ins, role changes, and deletion requests.
4. Voice, calls, and recordings
Live practice calls: we do not store your audio. When you run a voice roleplay in Revyn, your speech is streamed to our voice providers, converted to text in real time, and the resulting transcript is what we save. The audio itself is not written to disk and is not retained by us after the call.
Real calls you import are different. If you upload a recording of an actual sales call, we store that audio file in our cloud object storage and send it to Groq's Whisper service to be transcribed. We then store the transcript, speaker turns, and the AI analysis produced from it. Uploads are limited to 90 minutes of audio.
If you connect a conversation-intelligence tool such as Gong, we reference the recording held in that tool rather than copying it — we store a pointer and resolve a time-limited link when you play it back.
Your responsibility: recording a call, and uploading that recording to Revyn, may require notice to or consent from everyone on the call under the laws that apply to you. You are responsible for having that permission before you import a recording.
5. Data you upload about other people
Revyn lets you upload lead lists and build prospect profiles. This data is about third parties — people who are not our users and who have no relationship with us.
- Lead lists: when you upload a spreadsheet, we store the file and the rows in it, including name, company, website, job title, email, phone, LinkedIn URL, and notes. We also retain any additional columns your file contained, because we preserve unrecognised fields rather than dropping them. We cannot know in advance what those columns hold, so please do not upload sensitive categories of personal data.
- Prospect profiles: name, role, company, avatar, background, inferred personality traits, and the sources those details were drawn from.
- Candidate assessments: if you use Revyn for recruitment, we store the candidate's name and email, their session, and the AI-generated assessment, score, and percentile.
For all of the above, you are the Data Fiduciary and we are your processor. You are responsible for having a lawful basis to collect this data and to share it with us, and for giving those individuals any notice their local law requires. We process it only to provide the service to you, and we do not sell it or use it to train our own models.
6. Cookies and local storage
Revyn does not set any cookies. We do not use advertising or cross-site
tracking cookies, and there is no consent banner because there is nothing to consent to. Our
site also sends interest-cohort=(), which opts you out of interest-based
cohort tracking in browsers that support it.
Instead, the app stores a small amount of data in your browser's localStorage,
which stays on your device and is never sent to a third party:
| Key | What it holds |
|---|---|
| revyn-auth | Your sign-in tokens, so you stay signed in between visits |
| revyn-user | Your basic profile — id, email, username, name, account type — for display |
| revyn-workspace | Whether you are in your personal or organisation workspace |
| revyn-theme | Your light or dark theme preference |
| revyn-onboarding, revyn-runway-onboarding | Drafts of onboarding answers so you don't lose progress |
| revyn-command-recents | Your recently used commands |
Signing out clears your tokens. You can clear all of it at any time through your browser's settings for this site.
Analytics: we use Vercel Analytics for aggregate page-view counts on our public marketing pages only. It is not loaded inside the signed-in product, so your work in Revyn is not tracked by an analytics vendor. Our hosting provider, Cloudflare, may also record aggregate traffic statistics.
7. Why we process your data
| Purpose | Basis |
|---|---|
| Creating and running your account | Performance of our contract with you |
| Providing the product's features | Performance of our contract with you |
| Billing and collecting payment | Performance of our contract; legal obligation for tax records |
| Security, abuse prevention, and audit logging | Legitimate use; legal obligation |
| Responding to your support or sales enquiry | Your consent / steps at your request |
| Waitlist and demo booking | Your consent |
| Improving and debugging the service | Legitimate use |
We do not sell personal data. We do not use your data for advertising, and we do not share it with data brokers.
8. How AI models process your data
Revyn is built on AI models, some of which are operated by third parties. To generate a response, a roleplay turn, or an analysis, we send the relevant content — your message, the conversation so far, the persona and scenario, and, where applicable, transcript text — to the providers listed in section 9.
We do not train our own models on your data. We use these providers under their business or API terms. AI output is generated by statistical models: it can be wrong, incomplete, or fabricated, and any scoring or assessment Revyn produces is a training aid, not a professional judgement. Do not rely on it as the sole basis for an employment, financial, or legal decision.
9. Who we share data with
We share personal data with the service providers below, only as needed to run Revyn. This list reflects the providers wired into the product today; we will update it as it changes.
| Provider | Purpose | What it receives |
|---|---|---|
| Google (Gemini) | Primary AI model | Conversation content, personas, transcript text |
| OpenAI | AI model | Prompt and response content |
| Groq | Transcription (Whisper) and AI inference | Imported call audio; prompt content |
| Inworld | Real-time speech-to-speech for live roleplay | Live call audio. Inworld in turn uses AssemblyAI for speech recognition and Google Gemini for generation. |
| Sarvam AI | Speech-to-text and text-to-speech | Voice audio |
| ElevenLabs | Text-to-speech | Text to be spoken |
| Tavily | Web search inside Ask Revyn | Your search query |
| Supabase | Database for waitlist and demo bookings | The form fields in section 3.4 |
| Cloudflare | Website hosting, CDN, and object storage | Site traffic; stored files and recordings |
| Fly.io | Backend application hosting (Singapore region) | All data processed by the API |
| Razorpay | Payment and subscription processing | Billing details. Card details go to the processor directly — we never see or store them. |
| Google (Gmail / SMTP) | Sending transactional email | Your email address and the message content |
| Vercel Analytics | Aggregate analytics on public pages only | Page views. Not loaded in the signed-in product. |
Integrations you choose to connect. If you connect a CRM, calendar, or call tool — such as HubSpot, Salesforce, Pipedrive, LeadSquared, Gong, Google Calendar, or Outlook — data flows between Revyn and that tool at your direction and under its provider's own privacy policy. We store the access tokens for those connections encrypted at rest. You can disconnect an integration at any time in Settings.
We may also disclose personal data where we are legally required to, or to establish, exercise, or defend a legal claim. If Revyn is involved in a merger or acquisition, data may transfer to the successor entity, and we will notify you before it becomes subject to a different policy.
10. International transfers
Revyn is operated from India, but our infrastructure and AI providers are not all located here. Our backend runs in Singapore, and several of the providers in section 9 process data in the United States and other countries. Your data will therefore be transferred outside India, and, where you are in the EEA or UK, outside those regions. We rely on our providers' contractual protections, including standard contractual clauses where applicable.
11. How long we keep data
- Your account and its content: for as long as your account is open. If you delete your account, see section 14.
- Organisation data: organisations can configure their own retention windows for chat sessions and audit records. If no window is set, we keep this data until it is deleted by you, your administrator, or by account deletion. There is no automatic expiry by default.
- Sign-in links and one-time passcodes: minutes — they expire quickly by design.
- Waitlist and demo bookings: until we no longer need them for the enquiry, or until you ask us to delete them.
- Billing records: as long as tax and accounting law requires.
12. Security
- All traffic is encrypted in transit over TLS.
- Passwords are stored only as bcrypt hashes.
- Integration access tokens, MFA secrets, and enterprise identity-provider secrets are encrypted at rest.
- Access is scoped per user and per organisation, and enforced on every request; optional MFA and enterprise SSO are available.
- Security-relevant actions are written to a tamper-evident audit log.
No system is perfectly secure. One trade-off worth naming plainly: your sign-in tokens are
kept in your browser's localStorage, so anyone with access to your device or
browser profile could use your session. Sign out on shared machines, and keep your device
locked.
13. Your rights
Under India's Digital Personal Data Protection Act, 2023, you have the right to:
- Access a summary of the personal data we process about you
- Correct data that is inaccurate, and complete data that is incomplete
- Erase your personal data where we no longer need it
- Grievance redressal — a response from us before you escalate
- Nominate another person to exercise these rights on your behalf if you die or become incapacitated
- Withdraw consent where our processing relies on it
If you are in the EEA or UK, you additionally have rights to portability, restriction, and objection, and the right to complain to your local supervisory authority. If you are in California, you have rights to know, delete, correct, and opt out of "sale" or "sharing" — note that we do neither. We honour these requests regardless of where you live.
Exercising your rights is free, and we will not treat you differently for doing so.
14. How to exercise your rights
Export your data
You can download your data from the product at any time, as a JSON file. To be precise about what that export contains, it includes your profile, your linked sign-in identities, your organisation membership, your practice scores, and your most recent 500 chat sessions with their messages.
It does not currently include lead lists, prospect profiles, candidate assessments, imported call recordings and their transcripts, chat attachments, or deal records. If you want any of those, email privacy@revyn.in and we will provide them.
Delete your account
You can request deletion from Settings. What happens then:
- We schedule the deletion for 7 days in the future and tell you the date.
- You can cancel it at any time within those 7 days — this window exists so an accidental or impulsive deletion is recoverable.
- After 7 days, your account and its data are permanently and irreversibly deleted. This is a hard deletion, not anonymisation, and we cannot restore it.
- If you are the sole owner of an organisation that still has other active members, we will block the request until you transfer ownership or remove them — otherwise deleting your account would delete theirs too.
Backups are cycled out on their own schedule after the purge. We may retain the minimum records needed for legal or accounting obligations.
Anything else
Write to privacy@revyn.in. We will verify your identity against your account and respond within 30 days.
15. Children
Revyn is a workplace tool and is not intended for children. Under the DPDP Act, a child is anyone under 18. We do not knowingly collect personal data from children, and we do not conduct tracking, behavioural monitoring, or targeted advertising directed at children. If you believe a child has given us personal data, contact privacy@revyn.in and we will delete it.
16. Changes to this policy
We will update this policy as the product changes — for example, when we add or remove a provider from section 9. We will revise the "Last updated" date at the top, and for material changes we will notify you by email or in the product before they take effect.
17. Contact and grievance redressal
For any question, request, or complaint about your personal data, contact us first — we would rather fix it directly.
- Privacy contact: privacy@revyn.in
- Grievance Officer (DPDP Act, s. 13): Harshidha Utthaman, Founder & CEO — harshidha@revyn.in
- Post: Revyn Labs Private Limited, Flat no. 2, Plot no. 1051, I-Block, 35th Street, Anna Nagar (Chennai), Egmore Nungambakkam, Chennai – 600040, Tamil Nadu, India
If you are not satisfied with our response, you may complain to the Data Protection Board of India. If you are in the EEA or UK, you may complain to your local supervisory authority.