Privacy Policy
Last Updated: April 30, 2026
RevvTen ("we," "our," or "us"), a company registered in Delaware, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our Chrome extension, desktop application, web application, and enterprise AI Brain platform.
Sites Where This Extension Operates
The RevvTen Chrome extension reads text you type in input fields on the following websites only:
- •ChatGPT – chat.openai.com, chatgpt.com
- •Claude – claude.ai
- •Google Gemini – gemini.google.com
- •Perplexity – perplexity.ai, www.perplexity.ai
- •Grok – grok.com, grok.x.ai, x.com/i/grok
- •Replit – replit.com
- •Lovable – lovable.dev
- •Bolt – bolt.new
- •RevvTen – revvten.com, www.revvten.com (for account synchronization only)
The extension does not operate on or collect data from any other websites.
Browser Permissions We Use
The RevvTen extension requests the following Chrome permissions:
activeTab
Allows the extension to read the text you type in AI chat input fields when you interact with the extension. This permission is only active on the supported AI platforms listed above.
storage
Allows the extension to store your login session, preferences, and local usage statistics in your browser's local storage. This data stays on your device.
alarms
Allows the extension to automatically refresh your authentication tokens in the background, keeping you logged in without manual intervention.
What We Collect
Account Information
Email address and name provided during account creation for authentication purposes.
Prompt Content
Text you submit when using the "Enhance Prompt" feature. This content is processed in-memory and not stored. Only metadata is logged for analytics: prompt length, token count, cost, source site, source URL, and client type. The actual prompt text is never stored.
Usage Data
Number of prompts enhanced, subscription status, and timestamps to manage your account and provide usage statistics.
Authentication Tokens
Encrypted session tokens stored locally in your browser to keep you signed in securely.
Source Site Metadata
The AI platform where you trigger enhancement (e.g., "chatgpt.com", "claude.ai", "gemini") to optimize the enhancement for that specific platform.
Source URL
A sanitized version of the page URL where enhancement is triggered. Query parameters are stripped for your privacy—only the base URL is collected.
Client Identifier
Which RevvTen tool was used (Chrome extension or desktop app) to help us improve platform-specific experiences.
Attachment Metadata
When you have files attached to your prompt, we detect the count and type of attachments (e.g., "2 images"). We do not access or transmit the actual file contents.
Local Browser Storage
Enhancement count and last-used timestamp stored only on your device via Chrome's storage API. This data is not sent to our servers—it stays local to your browser.
What We Do NOT Collect
To be completely transparent, here is what RevvTen does not collect:
- •Browsing history or websites you visit
- •Passwords or login credentials for any website
- •Data from websites other than the supported AI platforms listed above
- •Content of file attachments (only count and type)
- •Chat history or previous conversations on AI platforms
- •Keystrokes or text typed anywhere except when you click "Enhance Prompt"
- •Any data when the extension is disabled or not actively used
User Consent & Data Collection
🛡️ Your Data, Your Control
RevvTen operates on an explicit, user-initiated transmission model. The extension reads text locally to enable the enhancement feature, but no data leaves your browser until you click "Enhance Prompt".
How the extension works: The extension monitors text in AI chat input fields to enable the "Enhance Prompt" feature. This text is stored temporarily in your browser's memory only. No data is transmitted to our servers until you explicitly click the "Enhance Prompt" button.
Before you click: Text you type is read locally to display the enhancement option, but no data leaves your browser until you actively choose to enhance.
What gets sent when you click: When you click "Enhance Prompt", we transmit the prompt text, which AI platform you're using, a sanitized page URL, your user ID for authentication, and attachment metadata (count and type only). We do not access chat history, previous conversations, or file contents.
Desktop Application
The RevvTen desktop app provides prompt enhancement across any application on your computer. Because it operates at the system level, we want to be fully transparent about what it does and does not do.
What the Desktop App Monitors
The app monitors keyboard activity using operating system accessibility APIs to detect when you pause typing. This allows the enhancement indicator to appear at the right time. Keystroke data is held only in memory — it is never written to disk, never transmitted to any server, and never logged. The app also periodically checks which application is in the foreground to determine whether you are using a supported AI tool. When you click Enhance, the app briefly accesses your clipboard to read the selected text, then restores the previous clipboard contents.
What Data Leaves Your Device
The desktop app communicates with exactly two domains: revvten.com (for prompt enhancement, account status, and authentication) and downloads.revvten.com (for checking for updates). The only content sent to our servers is your prompt text when you click Enhance, your user ID for authentication, and the name of the application you are using. No other data leaves your device.
What is Stored Locally
Authentication tokens, preferences (hotkey, enhancement style), and usage statistics are stored locally on your device. We recommend securing your device with a password or biometric lock. Log files are stored locally but never contain prompt text, clipboard content, or keystroke data.
Permissions Required
macOS: Accessibility permission is required for the app to function. Input Monitoring and Automation permissions may also be requested. Revoking Accessibility will disable the enhancement feature.
Windows: No explicit permission prompts are required. A User Account Control dialog may appear once during installation.
No Third-Party Analytics
The desktop app contains zero third-party analytics or tracking tools. No crash reporting services, no usage analytics, no telemetry. Only local log files exist.
Auto-Updates
The app periodically checks for updates. Updates are not installed automatically — the app opens the download page in your browser, and your operating system's security verification handles installer integrity.
Development Tool Integrations
RevvTen may integrate with third-party development tools through a local-only interface that runs entirely on your device. This interface requires you to be signed in and uses the same enhancement service as the desktop app. It is not accessible from other devices or the network.
Enterprise AI Brain
For enterprise customers, RevvTen provides an AI Brain — a knowledge management system that enhances prompts with company-specific context. Enterprise data is stored in a separate, isolated database from consumer data.
What Enterprise Admins Can Upload
Documents (PDF, DOCX, PPTX, XLSX, TXT), context rules, and quick notes. These are chunked, and processed and indexed for intelligent retrieval during prompt enhancement.
External Data Connections
Enterprise accounts can connect external data sources to keep their AI Brain current. Connected data is synced in the background, chunked, and embedded for retrieval. Data is never synced during enhancement — it is pre-indexed on a schedule.
| Source | Auth Method | Data Retained |
|---|---|---|
| Slack | OAuth 2.0 with PKCE | 14 days (rolling) |
| HubSpot | OAuth 2.0 with PKCE | 90 days |
| Attention | API Key (encrypted) | 60 days |
| Circleback | Webhook | 60 days |
OAuth tokens are encrypted at rest using industry-standard encryption and stored on secure cloud infrastructure. Tokens are never accessible to the web application directly. Data older than the retention period is automatically purged.
Visibility Controls
Enterprise admins control which employees can see which knowledge. The three-tier visibility system (Everyone, Select, Upon Request) ensures sensitive data is only accessible to authorized team members. Visibility is enforced server-side during context retrieval — employees cannot bypass these controls.
Enterprise Data Isolation
Consumer and enterprise data are stored in completely separate databases. The web application never directly accesses enterprise data — all enterprise operations are proxied through authenticated API workers. Company data from one enterprise customer is never accessible to another.
How Your Data Flows
Here is the exact path your data takes when you use RevvTen:
- 1.You type a prompt on ChatGPT, Claude, Gemini, Perplexity, Grok, Replit, Lovable, or Bolt
- 2.You click "Enhance Prompt" in the RevvTen interface
- 3.Your prompt is sent to our server at revvten.com via encrypted HTTPS
- 4.Our server sends your prompt to Anthropic's Claude API for enhancement
- 5.The enhanced prompt is returned to your browser
- 6.Usage metadata is logged (prompt length, tokens, cost)—not the prompt text itself
How We Use Your Data
- •Process prompt enhancement requests through our AI service
- •Manage your account, subscription, and usage limits
- •Improve and optimize our service
- •Send important service-related communications
We do NOT:
- • Sell your personal data to third parties
- • Use your prompts to train AI models
- • Share your data for advertising purposes
Third-Party Services & Data Sharing
We use trusted third-party services to provide our product. Here is exactly what we share:
| Third Party | What We Share | Purpose |
|---|---|---|
| Anthropic | Prompt text | AI processing for prompt enhancement |
| Supabase | Account & usage data | Database and authentication |
| Vercel | Server logs | Hosting infrastructure |
| Stripe | Payment information | Payment processing |
| Resend | Email address | Transactional emails (verification, password reset) |
| Google Analytics | Page views, session data | Website analytics (no PII) |
| Cloudflare | Enterprise data processing | Enterprise data processing and delivery |
We do NOT sell your data to any third parties.
More details about each service:
Supabase
Authentication and database services. View their privacy policy
Anthropic
AI processing for prompt enhancement. Prompts are sent to their API for processing. View their privacy policy
Vercel
Web application hosting. View their privacy policy
Stripe
Payment processing for subscriptions. We do not store your payment card details directly; all payment information is handled securely by Stripe. View their privacy policy
How We Store Your Data
Account Data & Usage Statistics
Stored in a managed cloud database hosted on secure US-based servers.
Local Browser Storage Keys
The extension stores a small number of items in your browser's local storage: your authentication session (to keep you logged in), your extension preferences (enabled/disabled state), and local usage statistics. This data stays on your device and is not sent to our servers except for authentication tokens during login and session refresh.
Prompt Text
Processed in-memory during enhancement and not stored. Only metadata is logged for analytics: prompt length, token count, cost, source site, source URL, and client type. The actual prompt text is never stored — not for consumer users and not for enterprise users. Enhancement results are delivered to you and not retained on our servers.
Security
All data transmission between your browser and our servers is encrypted using HTTPS/TLS.
Data Retention
- •Account data: Retained until you delete your account
- •Usage logs: Retained for the life of your account
- •Session tokens: Managed by our authentication provider; refreshed automatically during active use
- •Local browser data: Persists until you uninstall the extension or clear browser data
- •Enterprise external data: Slack messages: 14 days. HubSpot records: 90 days. Call transcripts: 60 days. Meeting summaries: 60 days. Data older than the retention period is automatically purged.
- •Enterprise documents: Retained until deleted by an admin. All associated processed data is purged when the source document is deleted.
- •Verification codes: Expire after 15 minutes and are deleted
Cookies
We use a limited number of cookies for the following purposes:
- •Essential cookies: Authentication and session management. These are required for the service to function and cannot be disabled.
- •Analytics cookies: Google Analytics uses cookies to collect anonymous usage data (page views, session duration, device information). No personally identifiable information is sent to Google.
You can control cookie preferences through your browser settings. We do not use cookies for advertising or tracking across other websites.
Your Rights
You have the right to:
- •Access – Request a copy of your personal data by emailing [email protected]
- •Delete – Request deletion of your account and all associated data by emailing [email protected]
- •Export – Request an export of your data in a portable format by contacting [email protected]
- •Opt Out – Uninstall the extension and delete your account at any time. Local data is removed when you uninstall; server-side data is removed upon account deletion request.
- •Response Timeline – We respond to verified data access, export, and deletion requests within 30 days. For enterprise users, data requests should be directed to your organization's admin, who can manage data through the enterprise dashboard.
Data Security
We implement industry-standard security measures to protect your data:
- •In transit: All data is transmitted over HTTPS (TLS 1.2+). No mixed HTTP/HTTPS content.
- •At rest: Database encryption managed by our cloud database provider. OAuth tokens encrypted at rest using industry-standard encryption.
- •Passwords: Securely hashed and salted. Never stored in plaintext.
- •OAuth security: PKCE (Proof Key for Code Exchange) for all OAuth flows, with cryptographically signed state parameters to prevent CSRF.
- •Access control: Fine-grained access controls ensure each user can only access their own data. Administrative operations are restricted to server-side processes only.
International Users & Compliance
GDPR (European Economic Area)
If you are in the EEA, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. Our legal basis for processing is your consent (for prompt enhancement) and legitimate interest (for service operation and improvement). For consumer users, RevvTen acts as the data controller. For enterprise accounts, RevvTen acts as a data processor on behalf of the enterprise customer (the data controller). To exercise these rights, contact [email protected].
CCPA (California)
If you are a California resident, you have the right to know what personal information we collect, request deletion, and opt out of any sale of personal information. We do not sell personal information. To exercise these rights, contact [email protected].
Do Not Track
RevvTen does not currently respond to Do Not Track (DNT) browser signals. We do not engage in cross-site tracking.
Data Location
Your data is primarily stored on US-based servers. Enterprise data processing occurs on globally distributed cloud infrastructure. By using RevvTen, you consent to the transfer and processing of your data in the United States.
Children's Privacy
RevvTen is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected] and we will take steps to delete such information.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:
Policy Updates
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Effective Date" above.
For material changes: If we make any significant changes to how we collect or use your data, we will provide you with a prominent in-app notice or other direct communication and seek your explicit consent before the new terms take effect.
Your continued use of RevvTen after any minor, non-material changes constitutes acceptance of the updated policy.