GDPR

GDPR Compliance

RevCPQ is committed to protecting personal data and complying with the General Data Protection Regulation.

Our Commitment to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs how organizations handle the personal data of EU residents. RevCPQ is fully committed to GDPR compliance and protecting the privacy rights of all our users.

As both a data controller (for our own customer data) and a data processor (for data our customers store in RevCPQ), we implement appropriate technical and organizational measures to ensure compliance.

Your Rights Under GDPR

As an EU resident, you have specific rights regarding your personal data.

Right to Access

Request a copy of the personal data we hold about you.

Right to Rectification

Request correction of inaccurate or incomplete data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

Request limitation of how we process your data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing of your data for certain purposes.

To exercise any of these rights, contact us at privacy@revcpq.com

We will respond to your request within 30 days.

How We Protect Your Data

Our technical and organizational measures to ensure GDPR compliance.

Data Protection by Design

Privacy considerations are built into our product development process from the start.

Data Minimization

We only collect and process data that is necessary for providing our services.

Secure Processing

Technical and organizational measures protect data throughout its lifecycle.

Lawful Basis

We process data only with valid legal grounds: consent, contract, or legitimate interest.

International Transfers

Data transfers outside the EU use Standard Contractual Clauses (SCCs).

Documentation

We maintain comprehensive records of all data processing activities.

Data Processing Agreement

For customers who need a Data Processing Agreement (DPA), we provide a comprehensive agreement that covers:

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Types of personal data processed
  • Categories of data subjects
  • Obligations and rights of the controller
  • Sub-processor requirements
  • Security measures
  • Data breach notification procedures

Sub-processors

We use the following sub-processors to provide our services:

Amazon Web Services

Cloud infrastructure

EU & US

Stripe

Payment processing

US

HubSpot

CRM integration

US

Intercom

Customer support

US

Datadog

Application monitoring

US

All sub-processors are bound by appropriate data protection agreements.

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected.

Account data

Service provision and account recovery

Duration of account + 30 days

Transaction data

Legal and tax compliance

7 years

Usage analytics

Service improvement

24 months

Support tickets

Customer service quality

3 years

Marketing data

Marketing communications

Until consent withdrawn

Data Protection Officer

For GDPR-related inquiries or to exercise your data rights, contact our Data Protection Officer.

Data Protection Officer

RevCPQ, Inc.

123 Market Street, Suite 400

San Francisco, CA 94105

dpo@revcpq.com