Privacy Policy
Effective Date: May 22, 2026 Last Updated: June 3, 2026
This Privacy Policy ("Policy") describes how Reverge LLC ("Reverge," "we," "us," or "our") collects, uses, shares, and protects information in connection with our websites and services, including:
- www.reverge.com — our consulting and advisory practice and our public marketing site.
- Signal & Science (app.signalandscience.com) — our AI-assisted marketing platform (the "Platform").
- Any related applications, APIs, dashboards, communications, and offline interactions (collectively, the "Services").
The Services are intended for businesses operating in the United States and the people who run, manage, or work for those businesses. The Services are not intended for consumers, individuals under 18, or residents outside the United States. By using the Services, you represent that you are at least 18 years old, are using the Services on behalf of a business, and are accessing them from within the United States.
1. Summary
- We collect information you provide (account, business, payment, support communications), information generated when you use the Services, information from third-party tools you connect, and information about your business that is publicly available online.
- We use that information to operate the Services, diagnose your business's marketing, generate plans and content, execute work you authorize, secure the Services, and run our company.
- We do not sell your personal information. We do not use your business data, including Meta Platform Data, to train third-party AI models. We share data only with vendors who help us run the Services and only as described in this Policy.
- You can access, correct, delete, or export your information by contacting us.
2. Information We Collect
2.1 Information You Provide Directly
When you request access, sign up, onboard, use the Platform, or contact us, we may collect:
- Identity and contact: name, email address, phone number, business name, business website, business location, role/title.
- Account credentials: password (stored hashed), session tokens, multi-factor authentication data.
- Business profile: revenue range, vertical/industry, goals, marketing capabilities, brand assets, logos, product or service descriptions, pricing, customer descriptions, internal notes, and any other content you input.
- Payment information: name, billing address, last four digits of payment card, and tax/billing identifiers. Full card numbers are processed and stored by Stripe; we do not store them.
- Communications: support messages, survey responses, sales inquiries, beta-access requests, and any content you submit through forms or email.
2.2 Information We Collect Automatically
When you use the Services, we automatically collect:
- Device and connection data: IP address, browser type, operating system, device identifiers, language preferences, referring URLs, time stamps.
- Usage data: pages and features accessed, actions taken, content generated, errors encountered, session duration, and similar telemetry. We use Vercel Web Analytics for privacy-focused page-view analytics and may use PostHog to capture product analytics events. We do not enable session replay by default; if session replay is enabled for debugging, sensitive form fields (e.g., passwords, payment fields, API keys, and payment information) are masked.
- Cookies and similar technologies: see Section 7.
- Error and performance logs: captured via Sentry and Vercel for debugging and reliability. These logs may contain limited identifiers and request metadata.
2.3 Information from Third-Party Services You Connect
If you choose to connect a third-party service to the Platform via OAuth or API key, we receive the data you authorize. Currently supported integrations include:
- Google services: Google Business Profile and Google Analytics 4 (connected via OAuth). We also use Google Places and PageSpeed Insights as diagnostic data services (no account connection required).
- Meta: Facebook Pages and Instagram Professional accounts, including read-only insights.
- E-commerce platforms: Shopify, WooCommerce.
- LinkedIn: LinkedIn Company Pages you administer, including read-only Page analytics (follower, page, and share statistics).
- X (Twitter): X accounts you connect, including read-only account and post analytics (followers, impressions, and engagement statistics).
- Other platforms we add over time (disclosed in-product before connection).
We use connected data only to operate features you have requested (for example, pulling your GA4 traffic to analyze performance). These integrations are data sources you authorize; they are not sub-processors acting on our behalf. You may disconnect any integration at any time, which revokes ongoing access; previously synced data may be retained as described in Section 8.
2.4 Meta Platform Data (Facebook and Instagram)
If you connect a Facebook Page or Instagram Professional account, we use Meta Platform Data only to provide read-only marketing analytics inside your private Signal & Science dashboard and related reporting views. Depending on the account and permissions you grant, this may include:
- Facebook Page reach, post engagement, page views, video views, website clicks, and follower counts.
- Instagram reach, views or impressions, profile visits, website clicks, follower growth, account engagement, and total interactions.
- Account and page identifiers needed to keep the integration connected and display the selected account.
For the first Meta integration release, we do not publish content, send messages, read private messages or DMs, manage comments, run ads, manage ad accounts, or modify connected Facebook or Instagram accounts. We do not access your Meta password, private message content, follower content, message inbox content, or ad-account data.
Meta Platform Data is never used to train any AI or machine learning model, by us or by any third party. By default, we do not send Meta Platform Data to Gemini or any other AI provider. If that processing changes in the future, we will update this Policy and applicable sub-processor disclosures before enabling it.
If an agency or other representative connects a client-owned Facebook Page or Instagram account, that representative is responsible for confirming it has authority from the account owner to connect the account and authorize our processing.
2.5 Shopify and E-commerce Platform Data
If you connect a Shopify or WooCommerce store, we use the merchant's commerce data only to provide aggregated marketing and revenue analytics inside your private Signal & Science dashboard and related reporting views. Specifically, we read from the Shopify Admin API (or WooCommerce REST API) and process the following fields:
- Order ID, total price, currency, financial status, creation timestamp, and the numeric customer ID associated with each order — used in memory during sync to compute daily aggregate metrics (orders, revenue, average order value, distinct customer count), then discarded.
- Total customer count for the store — a single integer.
- Up to five top-selling product titles and IDs.
- Basic shop metadata (shop name, primary domain, default currency) used to label the integration and format displayed values.
We do not read or store customer names, customer email addresses, customer phone numbers, billing or shipping addresses, payment instrument details, order line items, or any product detail beyond best-selling titles and IDs.
We persist only the daily aggregated totals (orders, revenue, AOV, distinct customer count) in our database. Individual order responses, customer IDs, and any per-order detail are aggregated in memory during the sync job and discarded within seconds.
We do not sell, share, or transfer Shopify or WooCommerce data to advertisers, data brokers, or any party other than the infrastructure sub-processors listed in Section 5.1. We do not use this data to train machine learning models.
We participate in Shopify's mandatory data-protection program. When the merchant, an end customer, or Shopify itself requests data access, customer deletion, or shop deletion, we respond to the corresponding webhook (customers/data_request, customers/redact, shop/redact) within Shopify's required timeframes and maintain an audit record of each such request.
You can disconnect the integration at any time from the Integrations page in the Signal & Science dashboard. Disconnection immediately revokes or deletes the stored integration credentials and stops further sync. See Section 8 for retention timing.
2.6 LinkedIn Page Data
If you connect a LinkedIn Company Page you administer, we use LinkedIn data only to provide read-only marketing analytics inside your private Signal & Science dashboard and related reporting views. Depending on the Page and permissions you grant, this may include:
- Follower statistics (lifetime and time-bound follower counts and follower growth).
- Page statistics (page views and click metrics for the Page).
- Share statistics (impressions and engagement on the Page's posts, aggregated over selected date ranges).
- Organization and Page identifiers needed to keep the integration connected and display the selected Page.
We access only LinkedIn Company Pages that the connecting user administers. The LinkedIn permissions requested for this integration may include r_basicprofile, r_1st_connections_size, r_member_profileAnalytics, r_member_postAnalytics, r_organization_social_feed, and rw_organization_admin, depending on LinkedIn's current approval and consent screen. We use those permissions only to verify the connecting member, confirm Page administrator access, list administered Company Pages, and retrieve read-only Page and post analytics. We do not publish posts, send or read messages, manage comments, run or manage ads, or modify any connected LinkedIn Page or account. We do not access your LinkedIn password, private messages, or ad-account data.
LinkedIn data is never used to train any AI or machine learning model, by us or by any third party. By default, we do not send LinkedIn data to Gemini or any other AI provider. If that processing changes in the future, we will update this Policy and applicable sub-processor disclosures before enabling it.
If an agency or other representative connects a client-owned LinkedIn Company Page, that representative is responsible for confirming it has authority from the Page owner to connect the Page and authorize our processing.
You can disconnect the integration at any time from the Integrations page in the Signal & Science dashboard. Disconnection deletes the stored access token from Signal & Science and stops further sync; you can also revoke the app grant from LinkedIn. See Section 8 for retention timing.
2.7 Information from Public Sources About Your Business
To diagnose marketing performance and produce recommendations, the Platform collects publicly available information about the business you ask us to analyze and, where relevant, about competitor businesses and the local market. This may include:
- Business listings and profiles (Google Business Profile, Yelp, business directories).
- Public web content (your website, competitor websites).
- Public social media profiles and posts associated with the business.
- Search engine results and on-page SEO signals.
- Page speed and technical performance data.
- Public review content and ratings.
We collect this information using a combination of official APIs (e.g., Google Places, PageSpeed Insights) and authorized scraping infrastructure (including Apify). We collect only public-facing business information and do not attempt to circumvent access controls, paywalls, or login requirements.
2.8 Information About People at the Business
When you onboard a business, we may collect publicly available information about its principals (for example, an owner's name appearing on a Google Business Profile, or a personal profile URL representing a professional services brand). We treat this information as business-context information used to perform the Services you have requested. Removal requests for such information are governed by Section 9.
3. How We Use Information
We use the information described above to:
- Provide the Services — create accounts, authenticate users, run diagnostics, generate plans and content, execute campaigns and tasks you authorize, deliver consulting work, and surface results.
- Process payments — bill subscriptions, manage trials and entitlements, prevent payment fraud (via Stripe).
- Communicate with you — send transactional messages (account verification, password reset, billing, security, beta access decisions, product updates), respond to support requests, and — where permitted — send occasional product news. You can opt out of non-transactional emails at any time.
- Improve the Services — analyze aggregated usage, debug errors, run experiments, develop new features, and refine our recommendations.
- Secure the Services — detect, prevent, and respond to fraud, abuse, security incidents, and policy violations.
- Comply with law and enforce our terms — meet legal obligations, respond to lawful requests, defend legal claims, and enforce our Terms of Service.
- Run our business — accounting, tax, audit, and corporate operations.
4. AI Processing
The Platform uses artificial intelligence to analyze businesses and generate content, plans, and recommendations. By using the Services, you acknowledge and agree to the following:
- We use Google Gemini as a primary AI provider and may add, change, or remove AI providers at any time without notice.
- Inputs you submit, and information we collect about your business, may be transmitted to AI providers and processed under those providers' published API or enterprise terms, except that Meta Platform Data is not sent to AI providers unless and until that processing is expressly reviewed, enabled, and disclosed.
- We select AI providers whose published terms restrict use of customer-submitted inputs to train general-purpose models. We do not independently warrant, guarantee, or assume responsibility for any AI provider's data-handling practices, and we are not liable for any AI provider's acts or omissions.
- AI Output can be inaccurate, incomplete, biased, fabricated, or out of date. You are solely responsible for reviewing, fact-checking, and editing any Output before relying on it. Any reliance you place on AI Output is at your own risk.
- The Services are not designed or intended to make legal, employment, credit, housing, healthcare, insurance, or other consequential decisions about individuals. If you choose to use Output for any such purpose, you do so at your own risk and assume all liability arising from that use.
5. How We Share Information
We do not sell or rent personal information. We share information only as described below:
5.1 Service Providers (Sub-Processors)
We share information with vendors who help us operate the Services, each under contractual confidentiality and security obligations. Current sub-processors include:
| Vendor | Purpose |
|---|---|
| Vercel | Application hosting, edge infrastructure, and privacy-focused page-view analytics |
| Supabase | Database, authentication, and file storage |
| Stripe | Payment processing and subscription billing |
| Resend | Transactional and product emails |
| Sentry | Error tracking and performance monitoring |
| PostHog | Product analytics and feature usage telemetry; session replay only if separately enabled and disclosed |
| Google (Gemini API) | AI processing; Meta Platform Data is excluded by default |
| Google (Places, GA4, GBP, Ads, PageSpeed APIs) | Marketing data sources |
| Apify | Public-data collection infrastructure |
We may add or replace sub-processors as the Services evolve. A current list is available on request.
5.2 Third-Party Integrations You Authorize
When you connect a third-party service (e.g., Shopify, Meta), data flows between that service and the Platform as needed to operate the integration. Those services have their own privacy practices, which we do not control.
5.3 Professional Advisors
We may share information with our attorneys, accountants, auditors, and insurers, each under confidentiality obligations.
5.4 Legal and Safety
We may disclose information when we believe in good faith that disclosure is necessary to: (a) comply with applicable law, regulation, subpoena, or other legal process; (b) protect the rights, property, or safety of Reverge, our customers, or others; (c) detect, investigate, or prevent fraud, abuse, or security incidents; or (d) enforce our Terms of Service.
5.5 Business Transfers
If Reverge is involved in a merger, acquisition, financing, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you (by email or in-Service notice) of any such transfer that materially affects your information.
5.6 With Your Direction
We share information when you instruct us to — for example, when you ask us to publish content to a connected social account, or to share a report with a teammate.
6. Marketing Communications
- Transactional messages (account, security, billing, beta access, service notices) are sent regardless of marketing preferences because they are required to operate the Services.
- Product and marketing emails are sent only where permitted. Every marketing email contains an unsubscribe link. You can also email us at the address in Section 13 to opt out.
- We do not currently send marketing SMS. If we add SMS in the future, we will obtain prior express consent and provide opt-out instructions in compliance with the Telephone Consumer Protection Act (TCPA) and applicable rules.
7. Cookies and Tracking Technologies
We use cookies, local storage, and similar technologies to:
- Strictly necessary: keep you logged in, maintain your session (Supabase auth), provide CSRF protection, rate limiting, and operate core security features.
- Functional: remember preferences such as theme and dismissed notices.
- Analytics: measure how the Services are used so we can improve them. We use Vercel Web Analytics for page views and basic traffic analytics. Vercel Web Analytics does not use cookies and is designed to report aggregated usage without identifying individual visitors across applications or websites. If enabled, we may also use PostHog for product analytics, including event capture (page views, feature usage, button clicks). PostHog cookies and identifiers are first-party where technically feasible.
- Diagnostics: detect and debug errors (Sentry).
We do not currently use third-party advertising cookies, behavioral retargeting pixels, or cross-site advertising trackers on our marketing site or the Platform. If we add advertising technologies in the future, we will update this Policy and, where required, present a cookie banner or consent control.
Session replay. We do not enable session replay by default. If we enable it for debugging or product improvement, it may record in-app interactions (clicks, navigation, scroll, page content). We configure session replay to mask password fields, payment fields, API keys, integration credentials, and other sensitive inputs. Replays are stored on PostHog's infrastructure under our account and are subject to PostHog's retention.
You can control cookies through your browser. Blocking essential cookies will break authentication and core functionality.
We do not respond to "Do Not Track" browser signals at this time. Where required by law, we honor the Global Privacy Control (GPC) signal as an opt-out of any "sale" or "sharing" of personal information (we do not engage in either). When our application detects GPC, it does not load Vercel Web Analytics for that browser session.
8. Data Retention and Deletion
We retain information for as long as needed to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:
- Account and business data: retained while your account is active.
- After account closure: retained for up to 90 days to allow recovery, then deleted or anonymized, except where longer retention is required by law.
- Billing and tax records: retained for at least 7 years to meet tax and accounting requirements.
- Beta and access requests: retained for up to 24 months from submission, then deleted.
- Sentry error logs: retained per Sentry's default retention (typically 30–90 days).
- Vercel Web Analytics events: retained in aggregated form per our Vercel plan and Vercel's Web Analytics retention settings.
- PostHog analytics events: retained per our PostHog plan retention (typically 12 months for events; session replays typically 30 days).
- Meta Platform Data: cached while the Meta integration is connected and deleted within 30 days after disconnect or a verified deletion request, except for limited security, legal, or audit records we are required or permitted to retain.
- Shopify and WooCommerce data: aggregated daily metrics retained while the integration is connected; deleted within 48 hours after disconnect, app uninstall, or a verified deletion request (including the Shopify
shop/redactwebhook), except for limited security, legal, or audit records we are required or permitted to retain. Individual order responses and customer IDs are never persisted — they exist only in memory during the sync job. - Backups: purged on a rolling basis, generally within 35 days.
We may retain information beyond these periods where necessary to comply with legal obligations, resolve disputes, prevent fraud or abuse, enforce our agreements, or defend legal claims.
You may request deletion of your account and associated data at any time by following the process in Section 9.
9. Your Rights and Choices
Depending on the state in which you reside, you may have the following rights regarding personal information we hold about you:
- Access / Know — request confirmation of, and a copy of, the personal information we hold about you.
- Correct — request correction of inaccurate or incomplete information.
- Delete — request deletion of your information, subject to legal exceptions.
- Portability — request a copy of certain information in a portable format.
- Opt out of "sale" or "sharing" — we do not sell or share personal information for cross-context behavioral advertising; this opt-out has no practical effect for our Services, but you may submit one anyway.
- Limit use of sensitive personal information — we do not use sensitive personal information for purposes that would trigger this right.
- Non-discrimination — we will not deny services, charge different prices, or provide a different level of service because you exercised a privacy right.
- Appeal — if we deny a request, you may appeal by replying to our denial.
These rights are recognized under, among others, the California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Utah Consumer Privacy Act, the Texas Data Privacy and Security Act, the Oregon Consumer Privacy Act, and similar laws in other US states. Specific rights vary by state.
How to Exercise Your Rights
Email privacy@reverge.com with the subject line "Privacy Request" and describe your request. You can also review deletion instructions at https://app.signalandscience.com/data-deletion. We will:
- Acknowledge your request promptly.
- Verify your identity (typically by confirming control of the email on your account or other reasonable means).
- Respond within 45 days, or notify you if we need an additional 45 days.
You may designate an authorized agent to make a request on your behalf, subject to verification.
Other Removal Requests
If you believe your publicly available business information has been processed by the Services in error and you want it removed, you may email privacy@reverge.com with the URL or other identifier. We evaluate such requests in our sole discretion and consistent with our customer obligations and applicable law. We do not guarantee that we will honor any particular request, and our decision is final.
10. Security
We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information, consistent with the nature of the Services and the type of information processed. The specific controls we use evolve over time as the Services and the threat landscape evolve.
No system is fully secure, and we do not guarantee the security of any information transmitted to or stored by the Services. You are solely responsible for safeguarding your account credentials and for promptly notifying us at security@reverge.com if you suspect unauthorized access. We are not liable for any unauthorized access, loss, or disclosure caused by your or your authorized users' acts or omissions, by your failure to use available security features (including multi-factor authentication), by your connection of insecure third-party services, or by events outside our reasonable control.
11. Children's Privacy
The Services are not directed to children. We do not knowingly collect personal information from anyone under 18. If we learn we have collected information from a person under 18, we will delete it. If you believe a minor has provided us information, contact privacy@reverge.com.
12. Geographic Scope
The Services are offered to and intended for use by businesses located in the United States. Information is processed in the United States. We do not target the Services to residents of the European Economic Area, the United Kingdom, Switzerland, or other jurisdictions outside the United States, and we do not undertake to comply with the data protection laws of those jurisdictions. If you access the Services from outside the United States, you do so at your own initiative and are responsible for compliance with local law.
13. Contact Us
For privacy questions, requests, or complaints:
Reverge LLC Email: privacy@reverge.com Web: https://www.reverge.com Platform: https://app.signalandscience.com
For security issues: security@reverge.com
14. Changes to This Policy
We may update this Policy at any time, in our sole discretion. The "Last Updated" date at the top reflects the most recent version. For material changes, we will use reasonable efforts to notify you (for example, by posting on the Services, by email, or by an in-product notice) before the changes take effect. Non-material changes (including clarifications, formatting, and updates to Sub-processor lists) take effect when posted. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy. If you do not agree, your sole remedy is to stop using the Services.
15. Roles Under State Privacy Laws
For purposes of US state privacy laws:
- When you provide your own personal information to use the Services, we act as a business (CCPA) or controller (other state laws) of that information.
- When you upload information about your customers, leads, employees, or contacts to the Platform, you are the business / controller of that information, and we act as a service provider / processor under our Terms of Service and any applicable Data Processing Addendum. We process such information only on your documented instructions and only to provide the Services.
*This Policy is provided for informational purposes and does not constitute legal advice. Reverge recommends that businesses consult independent counsel regarding their own privacy obligations.*