en
Get Touch
en
Get Touch
Introduction

We at Revenue Forge (https://revenueforge-ai.com) are committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data in connection with our website and the services we offer. By using our website or services, you consent to the collection and use of information as described in this policy. This Privacy Policy applies to all users of Revenue Forge services, both individuals and companies, and is written in clear language for easy understanding.

Our Role in Data Processing

Depending on the context, Revenue Forge may act as either a Data Controller or a Data Processor in processing your personal data:

  • Data Controller: For personal data we collect and use for our own purposes, such as marketing prospect data, direct customer data, or website analytics data. In these cases, we determine the purposes and means of processing such personal data.

  • Data Processor: For personal data belonging to our clients that we process on their behalf and on their instructions. For example, when we provide AI Sales System or Performance Social Ads services for clients, we may process their lead or customer data (e.g., contact information, chat/call history, or booking schedules). In this context, our clients act as Data Controllers, and we act as Data Processors, following their instructions under a Data Processing Addendum (DPA). We also maintain a list of authorized sub-processors who assist in processing data on behalf of our clients.

This Privacy Policy primarily governs the processing of data when we act as Data Controllers. For data we process as Data Processors for our clients (where the client is the Data Controller), the protection and use of that data will be subject to the terms of our contract with the client and the client's privacy policy.

Personal Data We Collect

We collect various types of personal data in running our site and services. The personal data we may collect includes:

  • Identity and Contact Information: Name, email address, phone/WhatsApp number, job title, and company name.

  • Language Preference: Information about your preferred language (e.g., Indonesian, English, Arabic) for more tailored communication.

  • Communication Content: The content of chat, email, or voice conversations between you and us. If phone calls or voice conversations are recorded (e.g., through a voice bot), this is only done with your consent.

  • Booking and Service Information: The date and time of your appointment or demo booking, and details of the service you requested or used.

  • Non-Payment Transaction Data: Information related to business transactions that does not include payment details (e.g., type of product/service ordered, amount, order status), primarily for campaign performance analysis or ROI (Return on Investment) reporting.

  • Advertising Identification and Analytics: Data related to your interactions with our advertising campaigns and sites, such as advertising IDs or ad user identifiers, UTM parameters, pixel and Conversions API (CAPI) data, and campaign metrics (e.g., Cost per Lead (CPL), Return on Ad Spend (ROAS)).

  • Technical Data & Cookies: IP address, device type, browser type, device identifiers, and cookies or similar tracking technologies that collect information about how you interact with our website. This data includes visit logs, access times, pages viewed, and click-to-WhatsApp navigation from ads.

Important Note: We do not knowingly target or collect personal data from children under the age of 18. Furthermore, we do not process any special categories of sensitive data (e.g., health information, unique biometric data, confidential financial information, information about religious beliefs, sexual orientation, or other sensitive data) as part of our services. Please do not provide us with such sensitive information.

Sources of Personal Data

We obtain your personal data through several different sources, including:

  • Online Forms: Data you enter on forms on our website or landing pages (e.g., when requesting a demo, signing up for a newsletter, or filling out a contact form).

  • Messaging Apps & Social Media: Your interactions with us through channels such as direct messages (DMs) on social media or the WhatsApp Business API. For example, if you contact or are contacted by our AI Sales system via WhatsApp, that chat data will be recorded.

  • Email and Phone: Information you provide when communicating with us via email, or data from phone calls/voice bots related to services (e.g., automated follow-up calls to confirm appointments).

  • Website Tracking: Data collected We collect data automatically through pixels on our site, cookies, or Conversion API (CAPI) integrations. This includes visitor behavior data and Click-to-WhatsApp ad interactions on platforms like Meta (Facebook/Instagram), Google, TikTok, or LinkedIn.

  • Advertising and Analytics Platforms: Data we obtain from third-party advertising and analytics platforms in connection with our campaigns (e.g., lead data from Facebook ads, or ad performance from TikTok/LinkedIn dashboards).

  • CRM & Management Systems: Data from our or our clients' customer relationship management (CRM) systems. For example, integrations with HubSpot, Pipedrive, Google Sheets, or similar platforms used to store and manage lead/customer information.

  • Payment or Retail Partners: If relevant to the service (e.g., for e-commerce campaigns), data may come from online payment platforms or connected media retailers (such as non-payment transaction data for purchase analysis, inventory status for advertising, etc.).

We only collect data from the above sources in accordance with the permissions and privacy settings you or the relevant source have granted. If data is obtained from a third party (for example, from our clients or advertising platforms), we rely on that party having a legal basis for sharing your data with us.

Purpose of Data Use & Legal Basis

We process your personal data for various purposes aligned with the services we provide. Any data processing is based on an appropriate legal basis (e.g., consent, contract, legitimate interests, or legal obligation, depending on the context). Our primary purposes for collecting and processing personal data include:

  1. Providing Services to Clients: We use data to run and optimize our services, including automating sales follow-ups (AI Sales System), managing Performance Social Ads campaigns (e.g., Click-to-WhatsApp ads and retargeting), compiling campaign performance reports, and operating the Full-Funnel Automation features we offer. Legal basis: fulfillment of a contract (if data is required to execute a service agreement with you or your company) and/or our legitimate interest as a company to provide effective services to clients.

  2. Business Communications & Support: Your contact information (such as your email address or WhatsApp number) is used for operational communications, such as providing important service updates, responding to your questions or requests, offering product demos, and providing technical and non-technical support. We may also send you marketing information or newsletters about our new products and offerings, but this will only be done with your consent (for example, if you sign up for a newsletter). Legal basis: Our legitimate interest in maintaining good communication with customers and potential customers, and your consent to optional marketing communications.

  3. Billing and Administration: We process data necessary for billing, payment, and contract administration purposes. For example, we use your contact details and service history to issue invoices, process payments through payment partners, or complete other financial administration. Legal basis: Contractual (fulfilling our obligations to bill and collect payments under service agreements) and legal obligations (for example, maintaining financial records in accordance with accounting/tax regulations).

  4. Security and Service Improvement: Technical data and your interactions with our systems are used to maintain security, prevent fraud or abuse, and improve service quality. We may monitor activity logs, use data for performance analysis and creative testing (e.g., A/B testing of ads or AI content) to ensure our systems (including our AI engine and advertising infrastructure) are performing optimally. Legal basis: Our legitimate interest in protecting our platform and services, ensuring system integrity, and continuously innovating to improve the user experience.

  5. Legal Compliance: There are times when we need to process, retain, or disclose personal data to fulfill applicable legal or regulatory obligations. For example, to comply with a court order, an audit, a valid law enforcement request, or other legal requirements in the relevant jurisdiction (including data protection regulations in Indonesia and other regions where we operate, such as the GCC, the European Union, etc.). Legal basis: The legal obligation that requires us to process the data.

We always ensure that we have an appropriate legal basis before processing your personal data. In many cases, the legal basis will be clear from the context (e.g., we process data to perform a service contract you requested, or we separately ask for your consent for things like(i.e., marketing communications). If we process data based on legitimate interests, we will determine that those interests do not override your privacy rights and freedoms. You also have the right to object to processing based on certain legitimate interests, as described in the Your Rights section below.

Sharing Personal Data with Third Parties

We may share your personal data with trusted third parties only to the extent necessary to conduct our business and provide our services to you or our clients. Categories of third-party recipients (sub-processors) who may receive limited access to your personal data include:

  • Hosting & Cloud Service Providers: Companies that provide servers, cloud storage, and IT infrastructure that host our websites, applications, and databases. These services ensure data is securely stored and accessible as needed (e.g., cloud platforms or data centers).

  • Communication Services (Email, SMS, Voice, WhatsApp): Third parties that help us send emails, SMS messages, or make automated voice calls. This includes Email Service Providers for bulk emails, SMS gateways, voice bot/IVR service providers, and Official WhatsApp Partners (WhatsApp Business Solution Providers) that facilitate large-scale WhatsApp messaging.

  • Analytics and Advertising Providers: Analytics platforms or tools we use to monitor website and ad performance (e.g., Google Analytics), as well as advertising platforms (e.g., Meta/Facebook, Google Ads, TikTok, LinkedIn) that require specific data for conversion tracking and retargeting. We only share data necessary for these analytics or advertising integrations, such as anonymized conversion events or hashed customer data for custom audiences.

  • CRM and Productivity Tool Providers: Third-party services that help us manage customer relationships and workflows, such as Customer Relationship Management (CRM) software or online spreadsheets used to store prospect/client information. Only data relevant to managing your relationship or project will be stored in these systems.

  • Payment Partners and Business-Related Services: If, in some context, our services involve payment processing or integration with an e-commerce platform, we may share necessary data with the payment provider (e.g., name, email address, or order ID to facilitate the transaction) or the relevant retail platform. However, please note that we do not process or store credit card or bank account details unless specifically arranged; this is typically handled directly by a verified payment provider.

Each of the third parties mentioned above will only process your personal data for the purposes specified and in accordance with our instructions. We ensure that these service providers are bound by contractual obligations to maintain the confidentiality and security of your personal data (for example, by signing a Data Processing Agreement (DPA) and implementing data protection clauses in our contracts). We also implement security controls and conduct due diligence on our sub-processors to ensure they meet high privacy and security standards. Revenue Forge will never sell your personal data to any third party. We only share data as described above, or when required by applicable law. In certain cases, we may disclose personal data if necessary to comply with legal obligations, enforce our terms and conditions, or protect the rights, property, or safety of Revenue Forge, our clients, you, or the public. Any legitimate requests for access to data (for example, from law enforcement) will be carefully evaluated and will only be responded to in accordance with applicable legal procedures.

International Data Transfers

As a technology company serving clients in various countries (including Indonesia, the GCC region such as the United Arab Emirates, Saudi Arabia, Qatar, Kuwait, Oman, Bahrain, and other regions such as the European Union and the United States), your personal data may be transferred to or stored on servers located in other countries. For example, we may utilize global cloud infrastructure or collaborate with international sub-processors. If we transfer your personal data outside your home country, we will take the necessary steps to ensure that it remains protected according to data protection standards equivalent to those in your jurisdiction. These steps include implementing internationally recognized contractual mechanisms and safeguards, such as using Standard Contractual Clauses (SCCs) and/or an International Data Transfer Agreement (IDTA) for data transfers from the European Union/UK. We also conduct a transfer impact assessment ifrequired to assess risks and ensure that your privacy rights are maintained in the destination country. You can be assured that, regardless of where your data is stored or processed, we will handle it in accordance with this Privacy Policy and all applicable data protection regulations. If adequate safeguards are not in place, we will not transfer your personal data unless you have been notified and consented to the transfer.

Personal Data Security

We implement a variety of technical and organizational security measures to protect your personal data from unauthorized access, disclosure, or unauthorized modification. Our security measures include, but are not limited to:

  • Encryption: We use encryption to protect your personal data, both while it is being transmitted (in transit, for example, via the secure HTTPS protocol) and while it is being stored (at rest, if encryption technology is available in our storage).

  • Access Control & Authentication: Access to internal systems that store personal data is restricted to employees or those who need to (the principle of least privilege). We also implement multi-factor authentication (MFA) for our staff to access sensitive systems, providing an additional layer of security beyond just passwords.

  • Monitoring and Logging: We log activity on our systems and monitor data access or usage to detect suspicious activity. Every access to personal data is recorded, and we review these logs regularly for proactive security.

  • Backup and Recovery: Critical data is regularly backed up to prevent data loss due to system failures or other unforeseen incidents. We have data recovery procedures that allow for data restoration in the event of an incident.

  • Vendor Due Diligence: Before engaging with any vendor or sub-processor who will handle personal data, we evaluate their security and compliance standards. We select trusted partners and ensure they have signed data protection agreements.

  • Incident Response Procedures: We have plans and procedures in place for handling security incidents or suspected data breaches. If (despite our best efforts to prevent such a breach) a personal data breach occurs that affects you, we will take the necessary mitigation measures and, if required by law, will notify you and the relevant authorities within the statutory timeframe.

While we strive to maintain maximum data security, it's important to remember that no system for transmitting data over the internet is 100% secure. However, we continually enhance our security measures as technology and threats evolve, and we are committed to handling your personal data with the highest level of security and care.

Data Retention (Retention Period)

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws and regulations. Our retention policy is divided based on our role as data controller or processor:

  • Data We Control: For personal data we collect directly (e.g., marketing lead data, site user data, or information about clients who interact directly with Revenue Forge), we typically retain that data for the reasonable duration of our relationship or as long as necessary for legitimate operational purposes. For example, lead or potential customer data is retained for up to 24 months from the last interaction, unless you request earlier deletion or withdraw your consent to be contacted. If you opt out of marketing communications, we will remove or anonymize your contact information from our marketing lists.

  • Data We Process for Clients: For personal data we manage on behalf of clients (as a Data Processor), the retention period is subject to the client's instructions and contractual terms. Generally, we will delete or return the data to the client upon termination of the service or contract, or sooner if requested by the client. We will not retain client data longer than necessary unless required for specific legal purposes (e.g., recording transactions for audits).

We periodically review the data we retain. If we determine that personal data is no longer necessary for the purposes described or that we no longer have a legal basis to process it, we will endeavor to delete the data from our systems or convert it to an aggregated/anonymized form (so that it no longer identifies an individual). Please note that there may be a reasonable delay between the time you delete (or request deletion) the data being lost from our backup systems, due to the following mechanisms:However, during this period, the data will remain secure and will not be used for any other purpose.

Your Rights to Personal Data

As a data subject, you have various privacy rights regarding the personal data we store and process about you. We respect these rights and are committed to making it easy for you to exercise them. Your rights include:

  • Right of Access: You have the right to request confirmation whether we process your personal data, and if so, you have the right to access a copy of the personal data we hold about you and information about how that data is used.

  • Right of Correction: You have the right to request that we correct or update your personal data if it is inaccurate or has changed. We value data accuracy, so if you discover an error in the data we hold, please let us know so we can correct it.

  • Right of Erasure: You can request the erasure of your personal data in certain circumstances – for example, if the data is no longer necessary for the purposes for which it was collected, or if you have withdrawn your consent and there is no other legal basis for us to process it. We will process erasure requests in accordance with applicable law.

  • Right to Data Portability: For personal data you provide to us and that is processed based on your consent or to fulfill a contract, you have the right to obtain that data in a structured, commonly used digital format, so that you can transfer it to another service provider (portability). If technically feasible, you can also request that we transmit the data directly to another data controller you designate.

  • Right to Object to Processing: You have the right to object to or object to the processing of your personal data in certain situations. For example, you can object to processing for our legitimate interests if you feel it significantly impacts your privacy rights. In particular, you have the right to object to the use of your data for direct marketing purposes; if you object or opt-out, we will no longer process your data for those purposes.

  • Right to Withdraw Consent: Where data processing is based on your consent, you have the right to withdraw your consent at any time. For example, if you have previously agreed to receive marketing emails from us, you can click the unsubscribe link or contact us to unsubscribe. This withdrawal of consent does not affect the lawfulness of the data processing before the withdrawal of consent.

To exercise the above rights, you can contact us through the contact channels provided below. Please clearly state the rights you wish to exercise and the details of your request. We may need to verify your identity before fulfilling the request to ensure that the data has not been altered or accessed by unauthorized parties.

We strive to respond to each request promptly, generally within 30 calendar days or within the timeframes set by applicable regulations. If your request is complex or you have submitted multiple requests, we may require additional time, but we will notify you of any extension. Please note that these rights may be subject to certain exceptions under local law – for example, we cannot delete data that is legally required to be retained, or we may refuse access requests that compromise the privacy of others. However, we will explain any reasons we cannot fulfill your request.

Contact & Company Information

If you have any questions, concerns, or requests regarding this Privacy Policy or regarding your personal data, please do not hesitate to contact us. Below is our contact information and the officer responsible for data protection:

Company Name: Revenue Forge
Address: Ampel, Surabaya, East Java, Indonesia
Email (Privacy/DPO): abdurrakhman@revenueforge-ai.com
Phone/WhatsApp: +62 857-8438-3656

We welcome any questions or requests you may have. Communications can be made in Indonesian (or other available languages, such as English or Arabic), and we will strive to provide responses as clearly and quickly as possible. For legitimate purposes, such as requests for data access or deletion, please include sufficient information for us to verify your identity and identify your data in our systems.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time as we reflect changes to our data processing practices or changes to applicable regulations. If we make material (significant) changes to the way we manage your personal data, we will notify you by appropriate means, such as by email (if you have provided us with an email address) or by means of a prominent notice on our website. Each version is updated Changes to this policy will be marked with an updated effective date at the bottom of this document.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your personal data. By continuing to use our services after the policy changes become effective, you are deemed to have accepted the updated Privacy Policy.

Effective date: October 4, 2025

Privacy Policy

Get in touch

Contacts

+628578438XXXX
abdurrakhman@XXXXXX

Address

3721 Ampel Street
Surabaya, ID 60151