RevStack Privacy Policy
Effective Date: June 29, 2026 Last Updated: June 29, 2026
This Privacy Policy explains how RevStack LLC ("RevStack," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our website at https://www.revstackapp.com (the "Site") and the AI front-of-house services we provide (collectively, the "Services").
1. Who We Are and Scope of This Policy
RevStack LLC provides a managed, AI-run front office for residential and commercial contractors and other home-services businesses. Our Services include an AI voice agent that answers and returns calls, books estimates and appointments, recovers missed calls, requests reviews, and manages CRM records, social posting, billing, and lead attribution on behalf of our business customers. Our Services are built on and delivered through the GoHighLevel platform and other third-party providers.
This Policy applies to two distinct categories of information, which are treated very differently:
- Information about our business customers and Site visitors — for example, the contractor businesses that subscribe to RevStack, the individuals who run them, and people who visit our Site. For this information, RevStack acts as a controller (we decide how and why it is used).
- Information we process on behalf of our business customers — the personal data of our customers' leads, prospects, and customers (for example, the homeowner who calls a contractor for an estimate). For this information, our business customer is the controller and RevStack acts as a processor / service provider, handling the data only on the customer's documented instructions and under our Data Processing Agreement. If you are a lead or customer of a business that uses RevStack and you have questions about how your data is handled, please contact that business directly; we will assist them in responding to your request.
This Policy does not govern the privacy practices of our business customers or of third-party platforms that have their own privacy policies.
2. Information We Collect
2.1 Information You Provide to Us
When you inquire about, sign up for, or use the Services, we may collect:
- Account and contact details — name, business name, email address, phone number, mailing/business address, and role.
- Billing information — billing contact, billing address, and subscription plan. Payment card details are collected and processed directly by our payment processor (Stripe); we do not store full card numbers.
- Onboarding and configuration information — details about your business, services, hours, scripts, call-handling preferences, and other information you supply to configure your AI front office.
- Communications — messages, support requests, and other correspondence you send to us, including by email to support@ or through https://support.revstackapp.com.
2.2 Information We Collect Automatically
When you visit the Site or use the Services, we and our providers may automatically collect:
- Device and technical data — IP address, browser type, operating system, device identifiers, and language settings.
- Usage data — pages viewed, features used, links clicked, referring/exit pages, and timestamps.
- Cookies and similar technologies — see Section 6 (Cookies and Tracking).
2.3 Information We Process on Behalf of Our Business Customers
In delivering the Services, we process personal data about our customers' leads, prospects, and customers ("Customer End-User Data") on the customer's behalf and instructions. This may include:
- Names, phone numbers, email addresses, and physical/project addresses.
- The content of messages exchanged with the business (calls, SMS, web chat, social messages, and email).
- Appointment, estimate, project, and lead-attribution details.
- Call recordings and call transcripts, where calls are recorded and transcribed as part of the Services (see Sections 4 and 5).
RevStack processes Customer End-User Data as a processor / service provider, only to provide the Services and only as instructed by the business customer. We do not sell this data and do not use it for our own independent purposes.
3. How We Use Information
We use information we collect as a controller to:
- Provide, operate, maintain, and improve the Site and Services.
- Set up, configure, and manage customer accounts.
- Process subscriptions, billing, and payments.
- Communicate with you about your account, support requests, service updates, and (where permitted) marketing.
- Monitor, secure, and troubleshoot the Services, and detect and prevent fraud or abuse.
- Comply with legal obligations and enforce our agreements.
We process Customer End-User Data as a processor only to deliver the Services on the business customer's behalf — for example, to answer and return calls, book and confirm appointments, recover missed calls, request reviews, update CRM records, and produce lead-attribution reporting — and as otherwise instructed by that customer under our Data Processing Agreement.
4. AI and Automated Processing Disclosure
The Services rely on artificial intelligence and automated processing. Specifically:
- AI voice agent. Calls placed to or from numbers connected to the Services may be answered, screened, returned, or handled by an automated AI voice agent rather than a human.
- Recording and transcription. Calls and messages may be recorded, transcribed, and analyzed by automated systems to operate the Services, generate appointments and CRM records, and improve call handling.
- Automated responses. The AI agent may generate and send automated responses, book or reschedule appointments, route inquiries, and update records without human intervention.
- Human oversight. Outputs of the AI may be reviewed or supplemented by humans at the business customer's discretion.
AI systems can make mistakes and may produce inaccurate or incomplete results. The business customer remains responsible for its communications with, and obligations to, its own leads and customers.
The AI/voice processing in our Services is delivered through HighLevel Inc. (GoHighLevel) — including its native AI voice and conversational features, which acts as our sub-processor (see Section 7).
5. Call Recording and Monitoring Notice
Calls handled through the Services may be recorded and/or monitored for purposes including answering and returning calls, booking and confirming appointments, quality assurance, training, record-keeping, and improving the Services.
Consent and Illinois law. Illinois is an "all-party consent" state for the recording of private electronic communications. Where calls are recorded, all parties to the call must consent to the recording. RevStack provides functionality to deliver a recording disclosure (for example, an audible notice at the start of a call), but the business customer, as controller of its own calls, is responsible for ensuring that recording and monitoring comply with all applicable federal, state, and local laws — including Illinois' all-party consent requirement and the recording-consent laws of any other state in which the customer or the called party is located. Callers who do not consent to recording should not continue the call or should request that the business handle the matter without recording.
6. Cookies and Tracking Technologies
We and our providers use cookies, web beacons, local storage, and similar technologies on the Site to:
- Keep you logged in and remember preferences.
- Measure and analyze Site traffic and usage.
- Secure the Site and prevent fraud.
You can control cookies through your browser settings; disabling some cookies may affect Site functionality. Where required by law, we will request your consent for non-essential cookies. We honor Global Privacy Control (GPC) signals where required by applicable law.
7. How We Share Information and Sub-Processors
We do not sell personal information. We share information only as described below:
- Service providers and sub-processors. We use trusted third parties to provide the Services. Our current sub-processors include:
| Sub-processor | Purpose |
|---|---|
| HighLevel Inc. (GoHighLevel) — including its native AI voice and conversational features | CRM, marketing automation, AI agent platform, native AI voice/chat, and data hosting |
| Twilio / LeadConnector | Telephony, call routing, and SMS |
| Stripe | Payment processing |
| Cloudflare | Website hosting, CDN, and security |
| Resend | Transactional and notification email |
| Google (Google Workspace) | Email and productivity |
- Our business customers. Customer End-User Data is made available to the business customer that controls it.
- Legal and safety. We may disclose information to comply with law, respond to lawful requests, enforce our agreements, or protect the rights, property, or safety of RevStack, our customers, or others.
- Business transfers. In connection with a merger, acquisition, financing, or sale of assets, information may be transferred subject to this Policy.
8. Data Retention
We retain information for as long as needed to provide the Services, maintain business records, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include: account data — for the life of the account plus 90 days after termination; call recordings and transcripts — 12 months by default (or per the business customer's configured settings); and billing and transaction records — 7 years (for tax and legal purposes). Customer End-User Data is retained per the business customer's instructions and our Data Processing Agreement, and is deleted or returned on termination as described there.
9. Security
We maintain administrative, technical, and physical safeguards designed to protect information, including encryption in transit, access controls, and reliance on reputable infrastructure providers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Your Rights and Choices
Depending on where you live and your relationship with us, you may have rights to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your information.
- Opt out of marketing communications (via the unsubscribe link or by contacting us).
- Opt out of "sale" or "sharing" of personal information and limit certain uses, where applicable.
California (CCPA/CPRA). If you are a California resident, you may have rights to know, access, delete, correct, and opt out of sale/sharing of personal information, and not to be discriminated against for exercising these rights. RevStack does not sell or share personal information; where the CCPA/CPRA applies, RevStack acts as a "service provider" and does not sell or share personal information.
EEA/UK (GDPR). If you are in the European Economic Area or the United Kingdom, you may have rights to access, rectification, erasure, restriction, portability, and objection, and to lodge a complaint with a supervisory authority. We are primarily US-facing; where GDPR or UK GDPR applies to your data, we will honor these rights, and any international transfers are handled via Standard Contractual Clauses where applicable.
If you are a lead or customer of a business that uses RevStack, please direct rights requests to that business (the controller); we will assist them. To exercise rights for which RevStack is the controller, contact us using Section 14.
11. Children's Privacy
The Site and Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will take appropriate steps to delete it.
12. Third-Party Links
The Site and Services may link to third-party websites and services that we do not control. This Policy does not apply to those third parties, and we encourage you to review their privacy policies.
13. Data Location and International Transfers
We and our providers are based in the United States, and information is processed and stored in the United States and other countries where our sub-processors operate. If you access the Services from outside the United States, you understand that your information may be transferred to and processed in the United States. Where required, international transfers are handled via Standard Contractual Clauses where applicable.
14. Contact Us
For privacy questions or to exercise your rights, contact:
RevStack LLC Email: kevin@revstackapp.com Support: https://support.revstackapp.com
15. Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the "Last Updated" date above and, where appropriate, provide additional notice. Your continued use of the Site or Services after changes take effect constitutes acceptance of the updated Policy.