R
RevIQ

PRIVACY POLICY

Privacy Policy

Effective: 3 June 2026Last updated: 3 June 2026Operator: RevIQ, Bangkok, Thailand

1Introduction

This Privacy Policy explains how RevIQ (“we”, “us”, “our”) collects, uses, discloses, and protects personal data when you use reviq.pro, app.reviq.pro, and any related services (the “Service”). It applies to vendors, referrers, organisation members, marketplace visitors, and prospective users.

We follow Thailand’s Personal Data Protection Act B.E. 2562 (2019) (“PDPA”) and, where applicable, the data protection laws of other jurisdictions where our users are located.

2Who we are

RevIQ is a product of D&G Staffing Co., Ltd.(บริษัท ดี แอนด์ จี สแตฟฟิ่ง จำกัด, trading as “Thai-Co”), a company registered in the Kingdom of Thailand. For all data-protection matters our contact details are:

  • Data controller: D&G Staffing Co., Ltd. (trading as Thai-Co)
  • Registered office: No. 3080 Sukhumvit 70/1, Bangna, Bangkok 10260, Thailand
  • Tax ID: 0105567080475
  • Service: RevIQ
  • Privacy contact: hello@reviq.pro
  • Website: reviq.pro

If you have questions about your personal data or wish to exercise any of the rights described in this policy, please contact us first at the email above.

3Information we collect

We collect personal data when you create an account, use the Service, interact with our website, or are introduced to RevIQ by another user (for example, as a vendor invited to claim a profile).

3.1Account information

  • Email address (used as your login identifier)
  • Full name and preferred display name
  • Phone number (optional, for contact and verification)
  • Authentication credentials managed by Firebase Authentication (passwords are hashed and stored by Google, never by us)
  • Language and currency preferences

3.2Identity and business information

  • Legal name (individual or company), trading name, and entity type
  • Thai Tax Identification Number (13 digits) or National ID / passport equivalent
  • VAT registration number (if applicable)
  • Registered business address and contact person
  • Office type (head office or branch) and branch number
  • Uploaded signature and corporate seal images (used to issue legally-valid Thai documents including the 50 ทวิ withholding tax certificate)
  • Logo, brand colour, social links, and other storefront customisation

3.3Financial information

  • Bank account name, account number, bank, and branch (used to print on the documents you issue — never to debit any account)
  • PromptPay identifier (for QR-code generation on your payment pages)
  • Stripe customer identifier and subscription status (we do not store full payment-card numbers; Stripe is the card processor)
  • Records of subscription invoices, plan changes, and refunds
  • Records of platform fees billed against your collected commissions

3.4Deal and referral data

Each referral you create or accept generates a deal record that may include:

  • The names and contact details of the parties involved (referrer, vendor, client)
  • Negotiated commission terms and amounts
  • The 13-stage progression of the deal, including timestamps
  • Files and chat messages exchanged inside the deal panel (Pro feature)
  • Tax documents you issue through RevIQ: quotes, tax invoices, billing notes, receipts, withholding-tax certificates, and proofs of payment
  • AI-generated coaching suggestions cached against the deal (Pro feature)

3.5Client information

When you refer a client through RevIQ, we store the client’s name, contact details, location, and the budget/notes you supply. This data is held under the lawful basis of contract performance for the referral relationship between you and the vendor you introduce them to.

Your responsibility as the referrer:you must have a lawful basis (typically the client’s consent) to share their personal data with us and the vendor. Inform clients before referring them.

3.6Communications

  • Support messages you exchange with our chat assistant or our team
  • Email correspondence with us
  • Notifications you receive in-app, by push, or by email
  • Conversations escalated to support tickets in our admin inbox

3.7Usage and device data

  • Browser type, operating system, and user-agent string
  • Approximate location derived from your IP address (truncated to a /16 block for prospect-page analytics — never the full IP)
  • Pages viewed and actions taken within the Service
  • Push-notification subscription identifiers when you opt in
  • Service-worker logs of delivery + click on push notifications you receive

4How we use information

We process personal data for these purposes, on the lawful bases stated:

  • Operating the Service — provisioning accounts, running the deal pipeline, generating documents, processing subscription payments through Stripe. Lawful basis: performance of our contract with you.
  • Tax and accounting compliance — producing invoices, receipts, billing notes, withholding-tax certificates, and audit trails as required by Thai law. Lawful basis: legal obligation and your legitimate interest.
  • Communications — sending you operational notifications (payment received, billing note issued, etc.), responses to support requests, and important policy updates. Lawful basis: contract and our legitimate interest in operating the Service.
  • AI-assisted features — the in-app chat assistant, AI Deal Coach (Pro), onboarding tour, and support-ticket classification. See section 6 for details.
  • Service improvement and security — diagnosing errors, preventing abuse, and improving the product based on aggregated usage signals. Lawful basis: our legitimate interest, balanced against your privacy.
  • Marketing to you — only with your consent, or on legitimate-interest grounds for existing users about service updates. You can opt out at any time.

5Google API services

The Service integrates with Google APIs to let you send emails from your own Gmail account and (when enabled) schedule meetings in your own Google Calendar. These integrations rely on OAuth 2.0 — you grant scoped permission to RevIQ from within your Google account, and you can revoke it at any time.

5.1Scopes we request

  • https://www.googleapis.com/auth/gmail.send — send-only access to your Gmail
  • https://www.googleapis.com/auth/calendar.events — create + manage your own Calendar events (currently disabled in production pending Google verification)
  • openid email profile — basic identity

5.2Gmail send

We use the gmail.send scope strictly to send emails on your behalf when you take an explicit in-app action — for example, sharing a billing note, sending a quote, or issuing a receipt to your client.

We never read your inbox, search your messages, or access any email that you did not author through RevIQ. The scope we hold does not grant read access. Messages we send through your Gmail are sent fromyour address, with your Reply-To, and remain in your Sent folder on Google’s servers.

5.3Calendar events

When the Calendar feature is enabled, we use the calendar.events scope to create events on your primary Google Calendar when you explicitly schedule a meeting from inside a deal. We do not read other events on your calendar and we do not modify or delete events we did not create.

5.4Limited use commitment

RevIQ’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We use Google user data only to provide or improve user-facing features that are prominent in the Service.
  • We do not sell Google user data or transfer it to third parties for advertising or any other secondary purpose.
  • We do not allow humans to read Google user data unless we have your explicit consent, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or for operations where the data is aggregated and anonymised.
  • We do not use Google user data to train, develop, or improve any generalised or non-personalised AI or machine-learning model.

You can revoke RevIQ’s access to your Google account at any time through your Google Account permissions page or by clicking Disconnect Gmail in our Settings.

6Artificial intelligence

6.1Where we use AI

RevIQ uses large-language-model AI from Anthropic, PBC (the “Claude” family of models) in a small number of explicit features:

  • In-app chat assistant — answers your product questions and (optionally) guides you through setup with on-screen highlights.
  • AI Deal Coach (Pro feature) — generates tactical next-step suggestions for each active deal.
  • Support-ticket classification — when you escalate a conversation to the RevIQ team, AI extracts a title, summary, and priority for our admin inbox.
  • Onboarding tour — proposes values to fill into your profile fields based on what you tell the assistant; you review and tap “Apply” for each suggestion.

6.2What data goes to the AI

For each AI call, we send only what is needed to answer your request:

  • The current message(s) in the chat conversation, with up to ~20 prior turns of context.
  • Your name, email, current plan, and the page you are on (so the AI knows which user it is helping).
  • For the Deal Coach: a structured 18-field summary of the deal in question — stage, days idle, contact attempts, amounts, and progress flags. We do not send the deal’s full chat or attachments.
  • The product knowledge corpus (a static document we maintain about how RevIQ works).

We do not send your bank details, signature image, seal image, or full client contact list to the AI.

6.3AI training

Anthropic’s commercial API terms commit that customer prompts and completions are not used to train Anthropic’s models. We do not independently train any model on your data.

6.4Opting out

You can avoid AI processing entirely by not using the chat assistant, the Deal Coach, or the onboarding tour. Operational features of the Service do not require AI to function.

7Third-party processors

We rely on the following processors. Each has its own privacy policy that governs how it handles data we share with it:

  • Stripe Payments Europe Ltd. / Stripe, Inc. — subscription payments, customer billing, invoicing.
  • Google LLC (Firebase, Cloud Firestore, Cloud Storage, Firebase Auth) — application database, file storage, authentication.
  • Google LLC (Gmail API, Calendar API) — sending email and creating calendar events on your behalf, only when you have connected your Google account.
  • Anthropic, PBC — large-language-model API for the AI features described in section 6.
  • Vercel Inc. — hosting + global delivery of the web application.

We do not sell personal data. We share with processors only what they need to perform the service we have contracted them for.

8International transfers

Some processors above operate servers outside Thailand (in the EU, the United States, and other regions). Where personal data is transferred across borders we rely on appropriate safeguards — typically the processor’s standard contractual clauses, certifications, or equivalent measures consistent with Thai PDPA cross-border transfer rules.

9Data retention

We retain personal data only as long as we need it for the purposes we collected it, then delete or anonymise:

  • Financial documents (invoices, receipts, billing notes, withholding-tax certificates, proofs of payment): retained for at least 5 years per §87 of the Thai Revenue Code. We do not delete these earlier even on user request.
  • Governance audit log (the append-only record of comp / permission / platform-fee / payout / grant / marketplace-consent mutations, including the actor identity behind each change): retained for 7 years. This covers the §87 Revenue Code minimum (5 years) plus a 2-year buffer for audit, dispute, and PDPC-investigation windows. Subject to the same legal-hold treatment as financial documents above.
  • Account profile data: while your account is active, plus 30 days after closure to allow for re-activation.
  • Deal records without financial documents: while your account is active.
  • Push notification subscriptions: until you disable notifications or the subscription becomes invalid.
  • Support conversations + AI chat history: 12 months from last activity.
  • Server logs + IP-prefix records: 90 days.
  • Anonymised aggregate analytics: indefinitely (the data is no longer personal).

10Your rights under PDPA

If you are located in Thailand, the PDPA gives you the following rights with respect to your personal data:

  • Right to be informed — what we collect and why (this policy).
  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure — ask us to delete your personal data, subject to the retention obligations in section 9 (tax documents in particular cannot be deleted while the legal retention period is still running).
  • Right to restriction — ask us to suspend processing in certain cases.
  • Right to data portability — receive your data in a structured, commonly used format.
  • Right to object — object to processing based on our legitimate interest.
  • Right to withdraw consent — where processing relies on your consent, withdraw it at any time.
  • Right to lodge a complaint with Thailand’s Personal Data Protection Committee (PDPC) — please contact us first so we have an opportunity to address your concern.

To exercise any of these rights, email hello@reviq.pro from the email address tied to your account. We respond within 30 days.

11Security

We protect personal data with technical and organisational measures including:

  • Encryption in transit (HTTPS / TLS 1.3) for all traffic
  • Encryption at rest on Firebase / Google Cloud storage
  • OAuth-based authentication; passwords are not stored by us in plain text
  • Granular Firestore security rules that scope each user’s reads and writes
  • Server-side Admin SDK gating on every write to financial or audit-log collections
  • Principle of least privilege on administrative access

No system is perfectly secure. If a breach affecting your personal data occurs, we will notify you and the PDPC where the law requires it.

12Cookies and tracking

We use cookies and equivalent technologies for: keeping you signed in (session cookies), remembering your preferences (preference cookies), and basic anti-abuse / error diagnostics (functional cookies). We do not use third-party advertising or cross-site tracking cookies.

13Children

The Service is not directed to anyone under 18. We do not knowingly collect personal data from minors. If you believe we hold data about a minor, contact us and we will delete it.

14Changes to this policy

We may update this Privacy Policy from time to time. The “Effective” and “Last updated” dates at the top of the page reflect the most recent version. Where changes are material, we will notify you through the Service or by email before they take effect.

15Contact us

Questions about this policy, requests to exercise your rights, or privacy concerns of any kind:

📧 hello@reviq.pro
🏢 D&G Staffing Co., Ltd. · No. 3080 Sukhumvit 70/1, Bangna, Bangkok 10260, Thailand
Tax ID: 0105567080475

End of Privacy Policy. This document is reviewed periodically; please check the dates at the top of the page for the current version.