Privacy Policy
1. Overview
This Privacy Policy describes how Waldroid Digital Ltd ("we", "us", "RevHapi") collects, uses, stores, protects, and shares information about you when you use the RevHapi platform at app.revhapi.com and marketing site at revhapi.com.
RevHapi is a software-as-a-service platform that allows users to connect their advertising accounts (Meta Ads, Google Ads, Google AdSense, Google Ad Manager) via OAuth, and view aggregated revenue, spend, and ROAS analytics in a single unified dashboard. Our use of data obtained through these platform integrations is strictly limited to providing the service you have requested.
By using RevHapi, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the service.
2. Data Controller
The data controller responsible for your personal data is:
- Company: Waldroid Digital Ltd
- Registered in: England and Wales
- Platform: RevHapi (revhapi.com)
- Privacy contact: [email protected]
For any privacy-related questions, data subject rights requests, or concerns, please contact us at [email protected]. We respond to all privacy enquiries within 5 business days and no later than 30 days as required by law.
3. Data We Collect
3.1 Account & registration data
When you create an account we collect your email address, display name (optional), and a securely hashed password. We also store your subscription tier, billing status, and account creation timestamp.
3.2 Advertising platform credentials (OAuth tokens)
When you connect an advertising platform — Meta Ads, Google Ads, Google AdSense, or Google Ad Manager — we store the OAuth access and refresh tokens issued by those platforms. These tokens are the mechanism by which we are authorised to fetch your ad performance data on your behalf. See Section 5 and Section 4 for the specific protections applied to these credentials.
3.3 Advertising performance data
We retrieve and store the following categories of data from connected platforms, on your behalf:
- Ad spend, impressions, clicks, and conversions
- Revenue and earnings figures (AdSense, Ad Manager)
- Campaign-level and date-level breakdowns
- URL/placement-level performance (AdSense, Ad Manager)
This data relates to your advertising business activity and does not include personal data about your end-users or ad audiences.
3.4 Billing data
Subscription payments are processed by Stripe. We do not store full card numbers or CVVs. We retain billing records including invoice amounts, dates, plan tier, and Stripe customer IDs for accounting and legal compliance purposes.
3.5 Usage and technical data
We collect anonymised usage data such as feature interactions, error logs, and page load timing to improve platform reliability and performance. This data does not identify individual users.
3.6 Support communications
If you contact us via email or the in-app support system, we retain the content of those communications to resolve your issue and improve the service.
3.7 Cookies and local storage
We use cookies to maintain your authenticated session and remember your preferences. See our Cookie Policy and Section 14 of this policy for full details.
4. Sensitive Data & Protection Mechanisms
The following table describes every category of sensitive data we handle and the specific technical and organisational protections applied to it:
| Data Category | What It Contains | Storage Protection | Access Control | Retention |
|---|---|---|---|---|
| OAuth Access Tokens Google, Meta |
Short-lived credentials authorising read-only API access to your ad accounts | AES-256 Encrypted at rest | Accessible only to the authenticated user's server-side session. Never exposed in client-side code or logs. | Deleted immediately on account disconnection or deletion |
| OAuth Refresh Tokens Google, Meta |
Long-lived tokens used to obtain new access tokens without requiring re-authentication | AES-256 Encrypted at rest | Stored server-side only. Never transmitted to front-end clients. Rotated automatically by the platform issuer. | Deleted on account disconnection or within 90 days of account deletion |
| Account Passwords | RevHapi account login credential | bcrypt Hashed (salted) | Only the hash is stored. Original password is never retained or recoverable. Managed by Supabase Auth. | Deleted on account deletion |
| Ad Revenue & Spend Data | Daily/campaign level revenue, spend, impressions, ROAS figures fetched from your connected platforms | Encrypted at rest (database-level) | Row-Level Security (RLS) enforced at database level — each user can only query their own rows. Supabase service role key is server-side only. | Retained while account is active; deleted within 90 days of account deletion |
| Payment Information | Subscription billing data | Not stored by RevHapi | Processed entirely by Stripe. RevHapi stores only Stripe customer ID, plan tier, and invoice history. No card numbers or CVVs ever touch our servers. | Invoice records retained 7 years (legal/tax requirement) |
| Email Address | Account identifier and communication address | Encrypted at rest | Accessible only to the authenticated user and authorised Waldroid Digital Ltd staff. Never sold or shared with advertisers. | Deleted within 90 days of account deletion request |
| Google Ads Developer Token | API key required for Google Ads API access at the application level | Environment variable only | Stored exclusively as a server-side environment variable in Vercel. Never committed to source code, logged, or exposed to clients. | Rotated on security events; not associated with individual users |
| Meta App Secret | Application secret for Meta Marketing API authentication | Environment variable only | Server-side environment variable only. Used exclusively to validate and exchange tokens server-side. Never transmitted to front-end. | Rotated on security events; not associated with individual users |
4.1 Encryption standards
All data in transit is protected using TLS 1.2 or higher. Data at rest is encrypted using AES-256 encryption provided by our database infrastructure (Supabase / PostgreSQL). OAuth tokens stored in the database receive an additional application-level encryption layer before being written.
4.2 Principle of least privilege
We request only the minimum OAuth scopes required to fetch your advertising performance data. Specifically:
- Google Ads: Read-only access to campaign performance metrics (
https://www.googleapis.com/auth/adwords— read only) - Google AdSense: Read-only access to AdSense reporting (
https://www.googleapis.com/auth/adsense.readonly) - Google Ad Manager: Read-only reporting access (
https://www.googleapis.com/auth/dfp) - Meta Ads: Read-only access to ad account insights (
ads_read)
We do not request scopes that would allow creating, modifying, or deleting any campaigns, ad sets, or account settings on any connected platform.
4.3 No use for secondary purposes
Data obtained through Google APIs and Meta APIs is used solely to provide the RevHapi dashboard to the authenticated user who granted access. This data is never:
- Used for advertising or marketing purposes
- Sold, rented, or licensed to third parties
- Used to build profiles on users for any purpose beyond service delivery
- Shared with other RevHapi users or any party outside the user's own account
- Used to train machine learning models
5. OAuth & API Access Data
5.1 How OAuth works in RevHapi
When you connect a platform (e.g. Google Ads), you are redirected to that platform's own authentication page. You log in and grant RevHapi specific, limited permissions. The platform issues OAuth tokens to RevHapi, which we store securely to fetch data on your behalf automatically without requiring you to log in again.
5.2 What we can and cannot do with OAuth access
RevHapi's OAuth integration is strictly read-only. We use your tokens to:
- Fetch historical and current performance data (spend, impressions, revenue, ROAS)
- Retrieve account and campaign structure for display purposes
We cannot and do not use your tokens to:
- Create, pause, modify, or delete campaigns, ad sets, or creatives
- Make any changes to your billing, payment methods, or account settings
- Access data on any account other than those you explicitly authorised
- Share, export, or republish your data outside the RevHapi platform
5.3 Revoking access
You can revoke RevHapi's access to any connected platform at any time in two ways:
- From RevHapi: Go to the relevant platform settings page within the app and click "Disconnect". This immediately deletes the stored OAuth tokens.
- From the platform directly: Visit your Google Account permissions (myaccount.google.com/permissions) or Meta Business settings to revoke access at the source.
Revoking access stops all future data fetching and triggers deletion of the associated tokens from our systems within 24 hours.
5.4 Google API Limited Use disclosure
6. How We Use Your Data
We use the information we collect for the following purposes:
- Service delivery: To operate your account, authenticate your session, fetch your ad platform data, and display analytics in your dashboard
- Billing: To process subscription payments and issue invoices via Stripe
- Support: To respond to your support tickets and help resolve issues
- Security: To detect and prevent fraud, abuse, and unauthorised access
- Service improvement: To identify bugs, improve performance, and develop new features — using anonymised, aggregated data only
- Communications: To send essential transactional emails (security alerts, billing notifications, service updates). Marketing emails are sent only with your explicit consent and you can unsubscribe at any time.
- Legal compliance: To meet our obligations under applicable laws including UK GDPR, EU GDPR, and tax/accounting regulations
We do not use automated decision-making or profiling that produces legal or similarly significant effects on users.
7. Legal Basis for Processing (UK & EU GDPR)
For users in the UK and European Economic Area, we rely on the following legal bases:
- Contract (Article 6(1)(b)): Processing necessary to deliver the service you have subscribed to — including account management, platform data fetching, and billing
- Legitimate interests (Article 6(1)(f)): Security monitoring, fraud prevention, and anonymous analytics for service improvement. Our legitimate interests do not override your rights.
- Legal obligation (Article 6(1)(c)): Retaining billing records for tax and accounting compliance
- Consent (Article 6(1)(a)): Marketing emails and optional analytics cookies — you can withdraw consent at any time
8. Data Sharing & Third Parties
We do not sell, rent, or trade your personal data. We share data only with the following sub-processors, each bound by data processing agreements:
8.1 Infrastructure sub-processors
- Supabase Inc. — Database, authentication, and storage. Your data is stored in Supabase's PostgreSQL infrastructure with row-level security and encryption at rest. Supabase Privacy Policy
- Vercel Inc. — Application hosting and serverless API functions. Requests and server-side processing may transit Vercel's infrastructure. Vercel Privacy Policy
- Stripe Inc. — Payment processing. All payment data is handled directly by Stripe under their own PCI-DSS compliance. Stripe Privacy Policy
8.2 Platform APIs (acting on your behalf)
- Google LLC — We interact with Google Ads API, AdSense API, and Ad Manager API on your behalf using the OAuth tokens you grant. We do not share your RevHapi account data with Google.
- Meta Platforms Inc. — We interact with the Meta Marketing API on your behalf. We do not share your RevHapi account data with Meta.
8.3 Legal disclosure
We may disclose your data to law enforcement or regulatory authorities where required by law, or to protect our legal rights, property, or the safety of our users — and only to the minimum extent required.
8.4 Business transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will provide notice and, where required by law, seek your consent before any such transfer.
9. Security Measures
We implement the following technical and organisational security measures to protect your data:
9.1 Technical measures
- Encryption in transit: All communications between your browser and our servers use TLS 1.2 or higher (HTTPS enforced on all endpoints)
- Encryption at rest: Database storage is encrypted at rest using AES-256. OAuth tokens receive additional application-layer encryption before database storage.
- Password hashing: User passwords are hashed using bcrypt with a unique salt per user. Original passwords are never stored or recoverable.
- Row-Level Security (RLS): Supabase database policies enforce that each authenticated user can only read and write their own data. Cross-user data access is impossible at the query level.
- Environment variable isolation: All API secrets, developer tokens, and service role keys are stored as server-side environment variables, never in source code, never transmitted to browsers.
- API authentication: All internal API endpoints require valid JWT authentication. Cron job endpoints require a separate secret header to prevent unauthorised invocation.
- Minimal API scopes: OAuth tokens are requested with read-only scopes only, minimising the blast radius of any potential compromise.
9.2 Organisational measures
- Access to production systems is restricted to authorised Waldroid Digital Ltd personnel only
- Third-party sub-processors are reviewed for security and privacy compliance before use
- Security incidents are investigated promptly and affected users are notified in accordance with GDPR breach notification requirements (within 72 hours of discovery where applicable)
9.3 Responsible disclosure
If you discover a security vulnerability in RevHapi, please disclose it responsibly by emailing [email protected] with the subject "Security Disclosure". We will acknowledge receipt within 2 business days and work to resolve confirmed vulnerabilities promptly.
10. Data Retention
We retain data only for as long as necessary for the purposes described in this policy:
- Account data (email, name): Retained while your account is active. Deleted within 90 days of a verified account deletion request.
- OAuth tokens: Deleted immediately on platform disconnection or within 90 days of account deletion.
- Ad performance data: Retained while your account is active. Deleted within 90 days of account deletion.
- Billing records: Retained for 7 years from the date of transaction to comply with UK tax and accounting law.
- Support communications: Retained for 2 years after the ticket is resolved.
- Security and access logs: Retained for up to 90 days for security monitoring purposes.
- Encrypted database backups: Automatically purged after 30 days.
To request deletion of your data, email [email protected]. We will process your request within 30 days and confirm deletion in writing.
11. International Data Transfers
RevHapi is operated by Waldroid Digital Ltd, registered in England and Wales. Our infrastructure providers (Supabase, Vercel) may process data in data centres located in the United States and other countries outside the UK and European Economic Area (EEA).
Where such transfers occur, we ensure that appropriate safeguards are in place, including:
- UK International Data Transfer Agreements (IDTAs) or UK Addendum to EU Standard Contractual Clauses
- EU Standard Contractual Clauses (SCCs) where applicable
- Transfers to countries with an adequacy decision from the UK Secretary of State or European Commission
You may request details of the specific safeguards in place for any transfer by contacting [email protected].
12. Your Rights
Under UK GDPR and EU GDPR, you have the following rights regarding your personal data. To exercise any of these rights, contact us at [email protected].
We will respond to all rights requests within 30 days. In complex cases we may extend this by a further two months but will notify you within the initial 30-day period.
You also have the right to lodge a complaint with a supervisory authority. In the UK: Information Commissioner's Office (ICO). In the EU: your national data protection authority.
13. Cookies
We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the platform is used. Cookies are categorised as:
- Essential: Required for authentication and security (cannot be disabled)
- Functional: Remember your preferences such as currency and layout
- Analytics: Anonymous usage data to improve the platform (optional, consent required)
For full details of the cookies we set, including names, durations, and opt-out instructions, see our Cookie Policy.
14. Children's Privacy
RevHapi is a business-to-business advertising analytics platform and is not directed at or intended for use by children under the age of 18. We do not knowingly collect personal data from anyone under 18.
If you believe a child has provided personal data to us, please contact us immediately at [email protected] and we will take steps to delete such data promptly.
15. Changes to This Policy
We may update this Privacy Policy from time to time as our practices evolve or legal requirements change. When we make material changes we will:
- Update the "Last updated" date at the top of this page
- Send a notification email to all registered users
- Display a notice in the application for at least 14 days
Your continued use of RevHapi after any changes take effect constitutes acceptance of the revised policy. If you do not agree to the revised policy, please discontinue use and contact us to request account deletion.
Previous versions of this policy are available on request by emailing [email protected].
16. Contact & Data Requests
For all privacy-related enquiries, data subject rights requests, security disclosures, or questions about this policy, please use the details below. All requests are handled by Waldroid Digital Ltd.