Privacy Policy

1. Introduction

AutoRevenue Systems LTD ("we", "us", or "our") operates AutoRevenueOS, a software platform that helps businesses recover missed revenue by re-engaging leads through messaging channels. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website, the AutoRevenueOS application, and related services. We are committed to handling personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We act as a data controller in respect of account and usage data, and as a data processor (on your behalf) where we process customer contact and messaging data that you control through the platform.

2. Information we collect

We may collect and process the following categories of information:

Account information

When you register and use AutoRevenueOS, we collect your email address, password (stored in hashed form), and any profile details you provide (e.g. full name, phone number). We may also store authentication and session data necessary to keep you logged in and to secure your account.

Business information

We collect and store information about the business(es) you create in the Service, such as business name, industry, website, booking or callback links, and messaging configuration (e.g. templates, phone numbers you connect). This allows us to provide the Service and personalise your experience.

Customer contact and messaging data

In order to provide the Service, we process data about your end customers that you submit or that flows through the platform: for example, phone numbers, names, and the content of missed-call events, inbound messages, and outbound messages sent via the Service. AutoRevenueOS is a platform provider: you (or your business) are the sender of communications; we process this data on your behalf to deliver the Service. You are responsible for ensuring you have a lawful basis and, where required, consent to process this data.

Technical information

We automatically collect certain technical data when you use our website or the Service, including IP address, browser type and version, device type, operating system, and approximate location (e.g. country or region). We may also collect logs of requests, errors, and performance data to operate, secure, and improve the Service.

3. How we use information

We use the information we collect to:

• Provide, operate, and maintain the AutoRevenueOS platform (e.g. account management, dashboards, inbox, recoveries, integrations).
• Process missed-call and messaging data so you can follow up with your customers via SMS, WhatsApp, and other supported channels.
• Send you service-related communications (e.g. account notifications, security alerts, product updates) where necessary for the performance of our contract or our legitimate interests.
• Improve the Service, diagnose issues, and analyse usage in an aggregated or anonymised way.
• Comply with legal obligations and enforce our Terms of Service.
• Protect the security and integrity of our systems and users.

We do not use your or your customers' data for marketing our own products to your end customers; we act as a platform provider supporting your communications.

4. Legal basis under UK GDPR

We process personal data only where we have a valid legal basis:

• Contract: Processing necessary to perform our contract with you (e.g. account creation, providing the Service, billing).
• Legitimate interests: Where necessary for our legitimate interests (e.g. security, fraud prevention, improving the Service, analytics) and not overridden by your rights.
• Legal obligation: Where required to comply with law (e.g. responding to lawful requests, retaining records).
• Consent: Where we rely on consent (e.g. optional marketing from us, non-essential cookies), you may withdraw it at any time.

Where we process personal data on your behalf as a processor (e.g. your end customers' contact and messaging data), you are responsible for establishing your own lawful basis (e.g. consent or legitimate interest) for that processing.

5. Data sharing with service providers

We share data only as necessary to operate the Service and as described in this policy. We use the following categories of service providers, who act as processors (or, where applicable, sub-processors) under written agreements that require them to protect personal data:

• Twilio: For telephony and SMS delivery. Message content and recipient identifiers may be processed by Twilio in accordance with their privacy policy and our instructions.
• Meta (Instagram / Facebook): Where you use our Meta integration, data necessary for messaging (e.g. identifiers, message content) may be processed by Meta in accordance with their terms and our configuration.
• Hosting and infrastructure: We use hosting and database providers (e.g. Supabase, Vercel or similar) to run the Service. These providers process data in the UK, EEA, or other locations where we have appropriate safeguards in place.

We do not sell personal data to third parties. We may disclose data if required by law, to protect our rights or safety, or in connection with a merger, sale, or restructuring, subject to confidentiality and data protection obligations.

6. Data retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this policy, including to provide the Service, comply with legal obligations (e.g. tax, regulatory), resolve disputes, and enforce our agreements. Account and business data are generally retained while your account is active and for a reasonable period after closure to allow for reactivation and legal compliance. Messaging and recovery data are retained in line with your use of the Service and our backup and retention schedules. You may request deletion of your account and associated data; we will honour such requests where consistent with our legal and operational requirements. Aggregated or anonymised data may be retained longer for analytics and improvement.

7. Security measures

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit and at rest where applicable, access controls, secure authentication, and regular review of our security practices. Our service providers are selected with regard to their security and compliance posture. No method of transmission or storage is completely secure; we encourage you to use strong passwords and to notify us promptly of any suspected unauthorised access.

8. International data transfers

Your data may be processed in the United Kingdom and, where we use service providers or systems located outside the UK (e.g. in the EEA or the US), we ensure appropriate safeguards are in place, such as UK adequacy decisions, standard contractual clauses, or other mechanisms approved under UK data protection law. You may request details of the safeguards we use for specific transfers by contacting us at the details below.

9. Your rights under UK GDPR

If you are in the UK (or our processing is subject to UK GDPR), you have the right to:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data in certain circumstances.
• Restrict processing: Request that we limit how we use your data in certain cases.
• Data portability: Receive your data in a structured, machine-readable format where applicable.
• Object: Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Where we rely on consent, withdraw it at any time.
• Complain: Lodge a complaint with the Information Commissioner's Office (ICO) in the UK.

To exercise these rights, contact us at support@autorevenueos.com. We will respond within the timeframes required by law. For data we process on your behalf as a processor (e.g. your end customers' data), we will assist you in responding to their requests where set out in our agreement with you.

10. Cookies and tracking technologies

We use a minimal set of cookies and browser storage. We use session and authentication cookies (set by our auth provider) to keep you logged in; these are strictly necessary. The website chat widget stores a single random visitor identifier in local storage only after you first open the chat, so we can associate your messages with the same conversation; we do not use this for tracking or advertising. We do not currently use analytics or marketing cookies. For a full list of what we use, why, and how to manage it, see our Cookie Policy. You can adjust your browser settings to refuse or delete cookies and local storage; disabling essential cookies may prevent you from staying logged in.

11. Policy updates

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or legal requirements. We will post the updated policy on this page and update the "Last updated" date. If we make material changes that affect how we use your personal data, we will provide additional notice (e.g. by email or a prominent notice in the Service) where appropriate. We encourage you to review this policy periodically.

12. Contact information

For questions about this Privacy Policy, your personal data, or to exercise your rights, please contact us:

AutoRevenue Systems LTD
Office 326, 18 Young St, UNIT LGE
Edinburgh EH2 4JB
Scotland

Email: support@autorevenueos.com