Our Privacy Philosophy
We believe in minimal data collection focused on what's necessary to provide our services. We do not sell your personal data, do not use behavioral advertising, and are transparent about how we handle your information.
1. Introduction
CleanRev ("CleanRev," "we," "us," or "our") operates the CleanRev platform, including the web application at app.cleanrev.io, mobile applications, and this marketing website at cleanrev.io (collectively, the "Services").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Services. By using CleanRev, you agree to this Privacy Policy.
2. Information We Collect
Information You Provide
- Account Information: Name, email, phone number, business name, business address
- Payment Information: Processed by Stripe; we do not store credit card numbers
- Business Data: Customer records, job schedules, invoices, employee information
- Communications: Support requests, feedback, and correspondence
Information Collected Automatically
- Device Information: Device type, operating system, unique identifiers
- Usage Data: Pages viewed, features used, time spent
- Location Data: GPS coordinates (only when you use GPS tracking features and consent)
- Log Data: IP address, browser type, timestamps
Sensitive Personal Information
We do not collect sensitive personal information as defined by California's CPRA or comparable state laws. We do not request or process government-issued IDs (SSN, driver's license, passport), precise geolocation of individuals outside GPS tracking features that you explicitly enable, race or ethnicity, religious beliefs, union membership, genetic or biometric data, health information, or information about sex life or sexual orientation. Do not submit this category of information to CleanRev; if you do, we may delete it.
3. Cookie Policy
Essential Cookies: We use minimal essential cookies for authentication and session management.
Analytics: We use privacy-respecting Cloudflare Web Analytics which does not use cookies or track individuals.
Not Used: We do not use Google Analytics, advertising cookies, social media tracking, or behavioral profiling.
4. How We Use Your Information
- Provide Services: Process jobs, scheduling, invoicing, and GPS tracking
- Improve Services: Analyze usage patterns, fix bugs, develop features
- Communicate: Send service updates and marketing (with consent)
- Security: Detect fraud and protect against abuse
- Legal Compliance: Meet regulatory requirements
5. How We Share Your Information
We share information with trusted service providers:
| Provider | Purpose | Data Shared |
|---|---|---|
| Cloudflare | Hosting, CDN, security (DDoS, WAF) | Usage data, IP addresses |
| Neon | PostgreSQL database hosting | All business data (encrypted at rest) |
| Stripe | Payment processing | Payment, billing info (we do not store card numbers) |
| Telnyx | SMS notifications and voice | Phone numbers, message metadata |
| Mapbox | Maps and routing | Addresses, coordinates |
| OpenAI | AI assistant features | Prompts you submit; not used for model training per OpenAI API policy |
All service providers are contractually required to protect your data and only use it for specified purposes.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until deletion + 30 days |
| Business records | 7 years (tax/legal) |
| GPS/location data | 90 days rolling |
| Payment records | 7 years (legal) |
| Security logs | 90 days |
7. Your Rights and Choices
- Access: View the information we hold about you through your account or by writing to privacy@cleanrev.io
- Portability: Export your business data (customers, jobs, invoices, time entries) in CSV format from Settings → Data Export. On written request we will also provide a structured JSON export suitable for transfer to another provider
- Correction: Update information through account settings or by contacting support
- Deletion: Request account deletion via Settings; processed within 30 days, subject to retention periods in §6 for tax, audit, and legal records
- Marketing Opt-Out: Unsubscribe via email links, SMS STOP reply, or Settings → Notifications
- GPS Consent: Disable GPS features anytime in mobile app settings; we stop recording new location data immediately
- Cookie Choices: Essential cookies only; no opt-out needed because we do not use tracking cookies
To exercise any right that is not self-serve in the product, email privacy@cleanrev.io. We verify requests against your account of record before releasing or deleting data. We do not charge a fee for reasonable requests and do not discriminate against users who exercise their rights.
8. GDPR Rights (EEA/UK Users)
Geographic scope: CleanRev does not currently offer its Services to residents of the European Economic Area (EEA), United Kingdom, or Switzerland and does not target those markets. We have not appointed an Article 27 EU Representative or a UK Representative. If you access the Services from those regions, this section describes the rights we honor on a good-faith basis while you hold an account.
Legal Bases for Processing (GDPR Article 6)
When we process personal data of EEA/UK users, we rely on one or more of:
- Performance of a contract (Art. 6(1)(b)): processing account, billing, job, scheduling, invoicing, and time-entry data required to deliver the Services you and your business subscribed to
- Legitimate interests (Art. 6(1)(f)): securing the Services against fraud and abuse, diagnosing errors, improving reliability and performance, and measuring usage in aggregate. We balance these interests against your rights and expectations, and you may object via privacy@cleanrev.io
- Consent (Art. 6(1)(a)): sending optional marketing email or SMS, enabling GPS tracking in the mobile app, and any other processing we specifically ask you to opt in to. You may withdraw consent at any time without affecting prior lawful processing
- Legal obligation (Art. 6(1)(c)): retaining tax and invoicing records, responding to valid law-enforcement requests, and meeting security breach notification duties
Your GDPR Rights (Articles 15-22)
- Access (Art. 15): Request all personal data we hold about you
- Rectification (Art. 16): Correct inaccurate or incomplete information
- Erasure (Art. 17): Request deletion of your data where no overriding legal basis applies
- Restriction (Art. 18): Limit processing while you contest accuracy or object to processing
- Portability (Art. 20): Receive data you provided to us in a structured, commonly used, machine-readable format
- Objection (Art. 21): Object to processing based on our legitimate interests or for direct marketing
- Automated decision-making (Art. 22): We do not subject EEA/UK users to solely-automated decisions that produce legal or similarly significant effects; AI-assisted features generate suggestions for human review, not binding decisions
To exercise these rights, contact privacy@cleanrev.io. We respond within 30 days and may extend by a further two months for complex requests, in which case we will tell you why. You also have the right to lodge a complaint with a supervisory authority (see §16).
9. California Privacy Rights (CCPA/CPRA)
We do not sell or "share" personal information as those terms are defined by the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and we have not done so in the preceding 12 months. We do not knowingly sell or share the personal information of anyone under 16.
Categories of Personal Information We Collect
| Category (Cal. Civ. Code § 1798.140) | Collected? | Examples |
|---|---|---|
| A. Identifiers | Yes | Name, email, phone, account ID, IP address |
| B. Customer records (Cal. Civ. Code § 1798.80(e)) | Yes | Business address, billing contact |
| C. Protected classifications | No | – |
| D. Commercial information | Yes | Subscription plan, invoice history |
| E. Biometric information | No | – |
| F. Internet/network activity | Yes | Pages viewed, features used, device/browser data |
| G. Geolocation (precise) | Only with consent | GPS when you enable mobile tracking features |
| H. Sensory (audio, visual, thermal) | No | – |
| I. Professional/employment | Yes | Job title, employee role within your business |
| J. Education | No | – |
| K. Inferences | Limited | Aggregate usage patterns for product improvement; no profiling |
| Sensitive PI (CPRA) | No | See §2 above |
Sources and Purposes
We collect these categories directly from you, automatically as you use the Services, and from our service providers listed in §5. We use them for the business purposes described in §4 (providing, improving, and securing the Services; communicating with you; and meeting legal obligations). We disclose them only to the service providers in §5 under written contracts that restrict their use to those business purposes.
Your California Rights
- Right to know what personal information we collect, use, disclose, and the categories of sources and recipients
- Right to delete personal information, subject to exceptions in Cal. Civ. Code § 1798.105(d)
- Right to correct inaccurate personal information
- Right to opt-out of sale or sharing — not applicable because we do not sell or share personal information for cross-context behavioral advertising
- Right to limit use of sensitive personal information — not applicable because we do not collect or use sensitive PI for purposes that would trigger the right to limit (see §2)
- Right to non-discrimination for exercising any of these rights
- Right to an authorized agent to submit requests on your behalf with valid authorization
To exercise these rights, email privacy@cleanrev.io. We verify requests against the email address of record and respond within 45 days, which we may extend by another 45 days with notice for complex requests. If we deny your request you may appeal by replying to our response.
"Shine the Light" (Cal. Civ. Code § 1798.83)
California residents may request information about our disclosure of personal information to third parties for those parties' direct marketing purposes. We do not share personal information with third parties for their own direct marketing purposes.
Other US State Privacy Laws
Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states with comprehensive consumer privacy laws have rights similar to those above, including rights of access, deletion, correction, portability, and opt-out of targeted advertising, sale, and certain profiling. Because we do not conduct targeted advertising, sell personal information, or engage in profiling that produces legal or similarly significant effects, several of these opt-outs do not apply to our Services — but we honor access, deletion, correction, and portability requests from residents of any US state on the same process described above. Email privacy@cleanrev.io and identify the state whose rights you are invoking.
10. Data Breach Notification
In the event of a data breach affecting your personal information:
- Supervisory authority notification within 72 hours (GDPR)
- Direct user notification if high-risk breach
- Notification includes breach nature, consequences, and mitigation measures
Report suspected incidents to security@cleanrev.io.
11. Security
- Encryption: TLS 1.3 in transit, AES-256 at rest
- Access Control: Role-based permissions, MFA
- Monitoring: 24/7 security monitoring
- Infrastructure: Cloudflare DDoS protection, WAF
12. Children's Privacy
CleanRev is professional business software not directed at children. We do not knowingly collect information from users under 13 (US) or under 16 (EU). If we discover child data, it will be immediately deleted.
13. International Data Transfers
Our Services are hosted in the United States. For EU/UK users, we protect transfers through Standard Contractual Clauses, encryption, and access controls.
14. Changes to This Policy
- Material Changes: Email notification 30 days before implementation
- Minor Updates: Posted here with updated date
- Continued Use: Constitutes acceptance of changes
15. Contact Us
CleanRev, Inc.
- Privacy: privacy@cleanrev.io
- Support: support@cleanrev.io
- Security: security@cleanrev.io
- Legal: legal@cleanrev.io
- Accessibility: accessibility@cleanrev.io
CleanRev, Inc.
Attn: Legal
601 16th Street, C448
Golden, CO 80401
United States
EU / UK Representative: CleanRev does not currently offer Services in the EEA, United Kingdom, or Switzerland and has not appointed an Article 27 EU Representative or UK Representative. If regulatory scope changes, this policy will be updated and a representative appointed before Services are offered in those regions.
16. Supervisory Authorities
EU Residents: Contact your local data protection authority (Find authority)
UK Residents: Information Commissioner's Office (Lodge complaint)