Privacy Policy

Revuity Systems operates the Agentic Engineering Academy at guide.revuitysys.com. For privacy questions, contact us at jay@revuitysys.com.

Account Information

• Email address — required for account creation and communication.
• Name (first and last) — used for personalization and display.

Profile Information (Optional)

• Job title, company, referral source — provided voluntarily during profile setup. Used for personalization and aggregate analytics.

Usage Data

• Reading progress — which chapters you have completed.
• Notes — text notes you save per chapter (Pro: cloud-synced; Free: browser localStorage only, never sent to our servers).
• Favorites/Pinboard — resources you pin (same local/cloud split as notes).
• AI usage count — daily count of AI assistant questions, used for rate limiting. Reset daily.
• AI chat messages — logged in your account (if signed in) to power your conversation history on /account. You can delete your account to remove all messages.

Technical Data

• IP address — captured in infrastructure logs (Netlify). Retained per Netlify's data retention policy.
• Browser and device type — standard web server logs.

Payment Data

Payment processing is handled by Stripe. We do not store credit card numbers, CVV codes, or full payment card data. We store only your Stripe customer ID and subscription status in our database to manage your account tier.

Data We Do Not Collect

• We do not run advertising tracking pixels or fingerprinting.
• We do not use Google Analytics, Facebook Pixel, or similar advertising tools.
• Free-tier notes and favorites are stored only in your browser's localStorage — they are never transmitted to our servers.

• Provide the Service — authenticate your account, sync progress, deliver AI assistant responses.
• Personalize your experience — track reading progress, surface relevant content.
• Process payments — manage your subscription tier via Stripe.
• Service communications — send billing notifications, trial reminders, and account-related emails. These are essential and cannot be opted out of while you have an active account.
• Marketing communications — weekly digest emails and product updates, only if you opt in at signup. Unsubscribe anytime via the link in any email.
• Improve the Service — aggregate, anonymized usage patterns help us understand which chapters are most read and improve the guide.
• Safety and compliance — detect abuse, enforce acceptable use policies, and comply with legal obligations.

We do not sell your personal information. Period.

We share data only with the following service providers, who process it on our behalf:

• Supabase — database and authentication infrastructure (US-based). Data processing is governed by Supabase's DPA.
• Netlify — hosting and CDN (US-based). Standard web hosting data processing.
• Stripe — payment processing. Stripe processes payment data under their own privacy policy.
• OpenAI — your AI chat messages are sent to the OpenAI API for processing. OpenAI's Privacy Policy governs their handling of API data.

We may disclose information if required by law, court order, or to protect the rights, property, or safety of Revuity Systems, our users, or others.

[ATTORNEY REVIEW: If you plan to share data with additional vendors (e.g., email marketing platform, analytics), list them here. Consider a formal Data Processing Agreement with each vendor before going live with EU users.]

• All data is stored in Supabase, hosted on AWS infrastructure in the United States.
• Data is encrypted in transit using TLS and encrypted at rest.
• Row-Level Security (RLS) policies are enforced on all database tables — users can only access their own data.
• Access to production systems is limited to authorized personnel.
• We do not guarantee absolute security. No system is completely secure. In the event of a breach, we will notify affected users as required by applicable law.

• Access: View your profile data and AI usage on your /account page.
• Export: Download all your data (profile, progress, notes, chat history) from /account → Export My Data.
• Correction: Update your profile information on the /account page.
• Deletion: Delete your account and all associated data from /account → Delete Account. Deletion is permanent and processed within 30 days.
• Opt out of marketing: Click the unsubscribe link in any marketing email, or contact us at jay@revuitysys.com.
• Objection: Contact us to object to specific data processing activities.

We use a minimal set of cookies. See our Cookie Policy for the full list.

• Authentication cookie (essential): Set by Supabase to maintain your login session. Required for the Service to function.
• Analytics: We do not currently use analytics cookies. If we add analytics in the future, we will update this policy.
• YouTube embeds: The /learn page uses youtube-nocookie.com, which limits YouTube's tracking until you interact with a video.

Because we use only essential cookies, no cookie consent banner is required under GDPR.

The Service is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a user is under 13, we will delete their account and associated data promptly.

If you believe we have inadvertently collected information from a child under 13, please contact us immediately at jay@revuitysys.com.

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

• Right to Know: Request information about what personal data we collect, use, and disclose about you.
• Right to Delete: Request deletion of your personal data (use Delete Account on /account).
• Right to Opt Out of Sale: We do not sell your personal information. There is nothing to opt out of.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

To exercise your rights, contact us at jay@revuitysys.com.

[ATTORNEY REVIEW: Confirm whether Revuity Systems meets the CCPA threshold (over $25M annual revenue, or processes data of 100K+ consumers). If below threshold, CCPA may not apply, but including these rights is good practice.]

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Lawful basis: We process your data under legitimate interest (providing the Service you signed up for) and consent (marketing emails).
• Right to access, rectification, and erasure (use /account or contact us).
• Right to data portability (use Export My Data on /account).
• Right to restrict processing: Contact us at jay@revuitysys.com.
• Right to lodge a complaint: You may file a complaint with your local data protection authority.
• Data transfers: Your data is stored in the United States. By using the Service, you consent to this transfer. We rely on our service providers' Standard Contractual Clauses (Supabase, Netlify) for lawful data transfer.

[ATTORNEY REVIEW: Formally designate a legal basis for each processing activity. Consider appointing an EU representative if you have significant EU users. Verify adequacy decisions and SCCs with Supabase and Netlify are current.]

• Account data: Retained until you delete your account.
• AI chat messages: Stored in our database while your account exists. Deleted when you delete your account.
• Infrastructure logs (IP, access logs): Retained per Netlify and Supabase default policies (typically 30–90 days).
• After account deletion: All personal data is removed from active systems within 30 days. Backup purge may take an additional 30 days.
• Legal holds: We may retain data longer if required by law or active legal proceedings.

We may update this Privacy Policy periodically. The “Last updated” date at the top of this page reflects when the policy was last revised. For material changes, we will notify users with active accounts via email at least 14 days before the changes take effect.

Privacy questions, data requests, or concerns:

• Email: jay@revuitysys.com
• Company: Revuity Systems, Los Angeles, CA

We will respond to privacy requests within 30 days.