Privacy Policy
Effective Date: April 1, 2026 · Lead Labs Plus LLC
YOUR PRIVACY MATTERS. PLEASE READ THIS POLICY CAREFULLY.
This Privacy Policy explains how RevSquared AI (operated by Lead Labs Plus LLC, a Florida LLC) collects, uses, stores, and shares information in connection with the RevSquared AI Platform. It applies to Subscribers (businesses using the platform) and, where relevant, to third-party contacts whose data is processed through the platform.
This policy also covers our specific obligations around AI voice call processing, call recording, and the use of anonymized data for platform improvement — areas that carry unique legal requirements for a voice AI platform.
Questions? Contact us at privacy@revsquaredai.com
1. Who We Are and Definitions
Lead Labs Plus LLC, doing business as RevSquared AI ("Company," "we," "us," "our"), operates the RevSquared AI Platform — an AI-powered voice agent and communication automation SaaS platform. We are headquartered in Florida, United States.
| Term | Meaning |
|---|---|
| "Platform" | The RevSquared AI software platform, including all AI voice agents, dashboards, APIs, telephony integrations, and related services. |
| "Subscriber" | A business or individual that registers for and uses the Platform under a paid or trial subscription. |
| "Subscriber Data" | Data that Subscribers upload to or generate within the Platform, including contact lists, CRM records, and agent configurations. |
| "End-User Data" | Personal data relating to individuals contacted by or interacting with AI voice agents deployed through the Platform (e.g., a Subscriber's leads or customers). |
| "Usage Data" | Technical and behavioral data automatically generated by Platform use, including call logs, agent activity, session data, and dashboard interactions. |
| "Call Data" | Records generated during AI voice call processing, including call recordings, transcripts, metadata (duration, timestamps, phone numbers), and sentiment analysis. |
| "Personal Data" | Any information that identifies or could reasonably be used to identify a natural person, as defined under applicable privacy law (GDPR, CCPA/CPRA, or equivalent). |
| "Subprocessor" | A third-party service provider that processes Personal Data on our behalf in connection with delivering the Platform. |
2. Two Categories of People This Policy Covers
Because RevSquared AI is a B2B SaaS platform that powers outbound and inbound voice calls, this policy covers two distinct categories of individuals:
| Category | Description |
|---|---|
| Subscribers | Businesses and individuals who create an account, subscribe to a plan, and use the Platform to build and deploy AI voice agents. This is the primary audience for this policy. |
| End-Users / Contacts | Third parties — the Subscriber's leads, customers, or prospects — whose phone numbers and personal data are uploaded to the Platform and who may receive or make calls through AI agents deployed by the Subscriber. Subscribers, not Company, are responsible for having the legal right to contact these individuals. |
Company acts as a data processor with respect to End-User Data — we process it solely on the Subscriber's instruction to deliver the Platform service. Subscribers are the data controllers for End-User Data and are solely responsible for compliance with applicable laws (including TCPA, state telemarketing laws, and consent requirements) governing their use of that data.
3. Data We Collect
3.1 Account and Identity Data
When a Subscriber creates an account, we collect:
- Full name and business name
- Email address
- Phone number
- Business address and billing address
- Account credentials (username, hashed password)
- Role and permissions within the account
3.2 Payment and Billing Data
We collect and process billing information to charge for Subscription Fees, usage, and credit top-ups. Payment card data is processed and tokenized by Stripe, Inc. We do not store full card numbers on our own servers. We retain:
- Billing address
- Last four digits of payment card on file
- Payment history, invoice records, and credit balance transactions
- Auto Top-Up settings and threshold configurations
3.3 Subscriber Data (Uploaded Contact Lists and CRM Data)
Subscribers upload contact lists, phone numbers, CRM records, and other business data to configure AI voice campaigns. We process this data solely to deliver the Platform services on the Subscriber's behalf. We do not use this data for our own marketing or sell it to third parties.
3.4 Call Data — AI Voice Processing
IMPORTANT — CALL RECORDING AND AI VOICE PROCESSING: The Platform processes, records, and transcribes AI voice calls. Call recordings and transcripts may contain Personal Data of the individuals your AI agents contact. Subscribers are solely responsible for obtaining any legally required consent from the individuals they contact before initiating AI voice calls, including compliance with TCPA, state call recording laws, and applicable AI voice disclosure requirements.
When AI voice calls are processed through the Platform, we collect and retain:
- Call recordings (audio files) — stored by our telephony provider Retell AI and also pulled and stored independently on Company infrastructure
- Call transcripts — text renderings of call audio, generated automatically
- Call metadata — including phone numbers (caller and called party), call duration, timestamps, agent ID, call outcome, and disposition
- Sentiment analysis and conversation analytics derived from call content
Call recordings and transcripts are retained for a default period of 90 days following the call date. Subscribers may request extended retention or earlier deletion subject to platform capabilities and applicable law.
3.5 Usage and Technical Data
We automatically collect data about how the Platform is accessed and used:
- IP address, browser type, operating system, and device identifiers
- Session duration, pages visited within the dashboard, and feature interactions
- API request logs and error logs
- Agent configuration data and prompt settings
- Credit balance events, billing triggers, and Auto Top-Up activity logs
3.6 Communications Data
We collect and retain communications between Subscribers and Company, including:
- Support tickets and email correspondence
- Chat logs if live support chat is used
- Survey responses and product feedback
4. How We Collect Data
| Source | Examples | Data Types |
|---|---|---|
| Directly from you | Account signup, checkout, dashboard usage, support requests | Account data, billing data, agent configs, communications |
| Automatically | Platform use, API calls, browser activity | Usage data, IP addresses, session logs, call metadata |
| From Retell AI | AI voice call processing via telephony infrastructure | Call recordings, transcripts, call metadata |
| From Stripe | Payment processing and billing events | Payment status, billing events, card metadata |
| From you on behalf of your contacts | Uploaded contact lists and CRM data | End-User Data (phone numbers, names, custom fields) |
5. How We Use Your Data
5.1 To Deliver the Platform
The primary use of all data we collect is to operate and deliver the Platform. This includes:
- Creating and managing your account
- Processing subscription and usage-based billing
- Provisioning and managing AI voice agents and telephony numbers
- Processing outbound and inbound AI voice calls
- Generating call recordings, transcripts, and analytics
- Delivering the Platform dashboard, reporting, and CRM integrations
5.2 Billing and Payment Processing
We use Account, Billing, and Usage Data to charge Subscription Fees, process credit purchases, execute Auto Top-Up triggers, and issue invoices. This processing is necessary to perform our contract with you.
5.3 Platform Improvement Using Anonymized Data
Anonymized Data Use for AI Improvement
We may use anonymized and aggregated Call Data — from which all personally identifiable information has been removed — to analyze platform performance, improve AI agent response quality, and develop new features. This data cannot be used to identify any individual Subscriber, caller, or contacted person.
We do not use raw call recordings, identified transcripts, or Subscriber contact lists to train AI models. Only de-identified, aggregated data is used for this purpose.
Subscribers who wish to opt out of having their anonymized Call Data used for platform improvement may contact us at privacy@revsquaredai.com.
5.4 Security, Fraud Prevention, and Compliance
We use technical and usage data to monitor for unauthorized access, detect abuse, enforce our Terms of Service, and comply with applicable legal obligations including law enforcement requests where required.
5.5 Communications
We use your email address to send:
- Transactional emails — receipts, invoices, trial conversion reminders, auto-renewal notices, password resets (always sent; cannot be opted out of)
- Product updates and feature announcements (can be opted out of)
- Marketing communications if you have opted in (can be opted out of at any time)
5.6 Legal Basis for Processing (GDPR)
For Subscribers in the European Economic Area, our legal bases for processing are:
- Contract performance — processing necessary to deliver the Platform and fulfill our agreement with you
- Legitimate interests — security monitoring, fraud prevention, platform improvement using anonymized data, and analytics
- Legal obligation — compliance with applicable law and response to lawful government requests
- Consent — marketing communications and optional data uses where indicated
6. Call Recording — Subscriber Compliance Obligations
CRITICAL — THIS SECTION APPLIES TO ALL SUBSCRIBERS: The Platform records AI voice calls. Call recording laws vary by state and country. Some jurisdictions require that ALL parties to a call be notified and consent to recording before the call begins. Violations can result in significant civil and criminal penalties. Company provides the recording infrastructure. Subscribers are solely responsible for ensuring their use of call recording complies with all applicable laws.
6.1 All-Party Consent States
The following U.S. states currently require the consent of all parties to a call before recording (this list is not exhaustive and may change):
- California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, Washington
Subscribers must implement compliant call disclosure language (e.g., "This call may be recorded for quality and training purposes") at the start of every AI voice call in these jurisdictions. Company's sample disclosure language is available in the Platform help documentation.
6.2 AI Voice Disclosure
The FCC confirmed in February 2024 that AI-generated voices constitute "artificial or prerecorded voice" under the TCPA. Subscribers are responsible for:
- Obtaining prior express consent (informational calls) or prior express written consent (marketing calls) from individuals before initiating AI-generated outbound calls
- Implementing in-call AI disclosure language as required or recommended under applicable state law and proposed FCC rules
- Honoring opt-out requests within 10 business days as required by FCC rules effective April 2025
6.3 Company's Role
Company is a technology provider. We do not control who Subscribers call, what disclosures they make, or whether required consents have been obtained. Subscribers indemnify Company for any claims, fines, or penalties arising from Subscriber's non-compliant use of the Platform.
7. How We Share Data
7.1 We Do Not Sell Your Data
Company does not sell, rent, or trade Subscriber Data or End-User Data to third parties for their own marketing or commercial purposes. California residents: this satisfies the CCPA "Do Not Sell or Share" disclosure requirement.
7.2 Subprocessors
We share data with the following third-party subprocessors as necessary to deliver the Platform. Each subprocessor is bound by data processing agreements requiring appropriate data protection:
| Subprocessor | Purpose | Data Shared |
|---|---|---|
| Stripe, Inc. | Payment processing, subscription billing, Auto Top-Up | Billing data, payment card metadata, transaction records |
| Retell AI | AI voice agent infrastructure, telephony processing | Phone numbers, call audio, transcripts, call metadata |
| Google Analytics | Website and platform usage analytics | IP addresses, session data, page views, device info |
| Meta (Facebook) | Marketing analytics and ad performance measurement | Hashed email (if opted in), page visit events, conversion data |
| PostHog / Mixpanel | Product analytics, feature usage tracking | Session events, feature interactions, account-level usage patterns |
| Cloud infrastructure | Hosting, storage, and platform infrastructure | All data stored on the Platform (encrypted at rest) |
We maintain a current subprocessor list. Subscribers may request notification of subprocessor changes by emailing privacy@revsquaredai.com.
7.3 Legal Disclosures
We may disclose Personal Data if required by law, court order, or lawful government request, or when we believe disclosure is necessary to protect the rights, property, or safety of Company, Subscribers, or the public. We will notify affected Subscribers of such requests where legally permitted.
7.4 Business Transfers
If Company is involved in a merger, acquisition, or sale of assets, Subscriber Data may be transferred to the successor entity. We will notify Subscribers via email prior to any such transfer and explain their options.
7.5 Professional Advisors
We may share data with attorneys, accountants, auditors, and insurance providers under confidentiality obligations, solely for professional services.
8. Data Retention
We retain different categories of data for different periods based on business necessity and legal requirements:
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data | Duration of subscription + 2 years post-cancellation | Legal and contractual records |
| Billing and payment records | 7 years from transaction date | Tax and financial compliance |
| Call recordings | 90 days (default); extended if Subscriber opts in | Service delivery; Subscriber preference |
| Call transcripts | 90 days (default); extended if Subscriber opts in | Service delivery; analytics |
| Call metadata (logs) | 3 years from call date | Dispute resolution; compliance |
| Usage and technical logs | 3 years | Security; dispute resolution |
| Support communications | 3 years from last interaction | Service quality; legal records |
| Anonymized/aggregated data | Indefinitely | Platform improvement; no personal data retained |
| Terminated account data | 90 days post-cancellation, then deleted | Data recovery window |
Subscribers may request earlier deletion of specific data categories by contacting privacy@revsquaredai.com. Deletion requests are processed within 30 days subject to legal holds and technical feasibility.
9. Cookies and Tracking Technologies
9.1 Types of Cookies We Use
| Cookie Type | Purpose | Can Be Disabled? |
|---|---|---|
| Essential | Session management, authentication, security. Required for Platform to function. | No |
| Analytics | Google Analytics — understanding how Subscribers use the Platform and website. | Yes |
| Marketing | Meta Pixel — measuring ad campaign performance and attribution. | Yes |
| Product Analytics | PostHog / Mixpanel — tracking feature usage to improve the Platform. | Yes |
9.2 Managing Cookies
You can control non-essential cookies through:
- Your browser settings — most browsers allow you to block or delete cookies
- Our cookie preference center (available via the cookie banner on the website)
- Opting out of Google Analytics: https://tools.google.com/dlpage/gaoptout
- Opting out of Meta tracking: your Meta ad settings
Disabling essential cookies will impair Platform functionality. Disabling analytics and marketing cookies will not affect your ability to use the Platform.
10. Your Privacy Rights
10.1 Rights Available to All Subscribers
Regardless of your location, you have the right to:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate personal data
- Deletion — request deletion of your personal data, subject to legal retention requirements
- Data portability — receive your data in a structured, machine-readable format
- Opt out of marketing — unsubscribe from marketing emails at any time via the unsubscribe link or by contacting support@revsquaredai.com
10.2 California Residents — CCPA/CPRA Rights
California residents have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to Know — the categories and specific pieces of personal information collected, the purposes for collection, and the categories of third parties with whom data is shared
- Right to Delete — request deletion of personal information, subject to exceptions
- Right to Correct — request correction of inaccurate personal information
- Right to Opt Out of Sale or Sharing — Company does not sell or share personal information as defined under CCPA. No opt-out mechanism is required, but you may confirm this in writing by contacting us.
- Right to Limit Use of Sensitive Personal Information — we do not use sensitive personal information beyond what is necessary to deliver the Platform
- Right to Non-Discrimination — we will not deny services, charge different prices, or provide lower quality service because you exercised your privacy rights
California residents may submit requests to: privacy@revsquaredai.com. We will respond within 45 days (extendable by an additional 45 days with notice).
10.3 EEA and UK Residents — GDPR Rights
Individuals in the European Economic Area or United Kingdom have rights under GDPR including: access, rectification, erasure, restriction of processing, data portability, objection to processing, and withdrawal of consent where consent is the legal basis. To exercise these rights, contact privacy@revsquaredai.com. You also have the right to lodge a complaint with your local supervisory authority.
10.4 How to Submit a Request
Submit any privacy rights request to privacy@revsquaredai.com with:
- Your full name and account email address
- The specific right you wish to exercise
- Any relevant details about the data in question
We will verify your identity before processing requests and respond within 30 days (or 45 days for CCPA requests).
11. Data Security
11.1 Security Measures
Company implements industry-standard security measures to protect Personal Data from unauthorized access, disclosure, alteration, or destruction:
- Encryption in transit — all data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
- Encryption at rest — data stored on our servers is encrypted using AES-256 or equivalent
- Access controls — access to production systems and Personal Data is restricted to authorized personnel on a least-privilege basis
- Payment security — payment card data is handled exclusively by Stripe, a PCI DSS Level 1 certified processor. We do not store raw card data.
- Call recording security— recordings stored on Company infrastructure are encrypted at rest and accessible only to the Subscriber's account and authorized Company personnel
11.2 Data Breach Notification
In the event of a data breach that is reasonably likely to result in risk to Subscribers or their contacts, Company will:
- Notify affected Subscribers via email without undue delay and within 72 hours of discovery where required by law (e.g., GDPR)
- Describe the nature of the breach, data affected, likely consequences, and measures taken
- Provide guidance on steps Subscribers can take to protect themselves
11.3 Your Role in Security
You are responsible for maintaining the confidentiality of your account credentials and for all activity that occurs under your account. Use strong passwords, enable multi-factor authentication where available, and notify us immediately of any unauthorized account access at support@revsquaredai.com.
12. Children's Privacy
The Platform is designed for business use and is not directed at individuals under the age of 18. We do not knowingly collect Personal Data from children under 18. If we learn that we have inadvertently collected Personal Data from a minor, we will delete it promptly. If you believe we have collected data from a minor, contact privacy@revsquaredai.com immediately.
13. International Data Transfers
Company is based in the United States. If you access the Platform from outside the United States, your data will be transferred to and processed in the United States and potentially other countries where our subprocessors operate. These countries may not have data protection laws equivalent to those in your jurisdiction.
For transfers of Personal Data from the European Economic Area or United Kingdom to the United States, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, and/or other lawful transfer mechanisms as applicable. For more information on the safeguards in place, contact privacy@revsquaredai.com.
14. Third-Party Links and Integrations
The Platform may contain links to third-party websites or integrate with third-party tools (e.g., CRM platforms, GoHighLevel, HubSpot). This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you connect to the Platform. Company is not responsible for the privacy practices of third parties.
15. Subscriber Obligations as Data Controller
When Subscribers upload contact data, configure AI voice agents, and deploy calling campaigns through the Platform, they act as data controllers for the Personal Data of their contacts (End-Users). As data controller, each Subscriber is responsible for:
- Having a lawful basis to contact each individual in their contact list
- Obtaining all legally required consents before initiating AI-generated calls under TCPA, state telemarketing laws, and applicable state AI disclosure laws
- Providing required privacy notices to their contacts about how their data is used
- Honoring opt-out and Do Not Call requests from their contacts
- Maintaining records of consent obtained
- Ensuring their use of the Platform does not violate GDPR, CCPA, or other applicable privacy laws with respect to their contacts' data
Company processes End-User Data as a data processor on behalf of Subscribers. Company is not liable for Subscriber non-compliance with privacy or telemarketing laws. Subscribers indemnify Company for any claims arising from their non-compliant use of End-User Data.
16. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, Platform features, or applicable law. When we make material changes, we will:
- Post the updated policy at https://revsquaredai.com/privacy with a new effective date
- Send an email notification to Subscribers at their address on file at least 14 days before the changes take effect
Your continued use of the Platform after the effective date of any updated policy constitutes your acceptance of the changes. If you object to any changes, your sole remedy is to cancel your subscription before the effective date.
17. Contact Us
For privacy questions, rights requests, subprocessor inquiries, or data breach reports:
| Legal Entity | Lead Labs Plus LLC |
| DBA | RevSquared AI |
| Privacy Inquiries | privacy@revsquaredai.com |
| Support | support@revsquaredai.com |
| Website | https://revsquaredai.com |
| Jurisdiction | Florida, United States |
We aim to respond to all privacy inquiries within 5 business days and to complete rights requests within 30 days.
18. Quick Reference Summary
WHAT WE COLLECT: Account data, billing data, call recordings + transcripts, call metadata, uploaded contact lists, usage/analytics data
WHAT WE DON'T DO: Sell your data. Use raw identified call data to train AI. Share your data with advertisers.
CALL RECORDINGS: Stored by Retell AI and on Company servers. Default 90-day retention. You control your agents' use of recordings.
AI MODEL TRAINING: We may use anonymized, de-identified, aggregated call data only. No identified subscriber or contact data. Opt-out available.
YOUR RIGHTS: Access, correct, delete, and port your data. California residents have additional CCPA/CPRA rights. EEA/UK residents have GDPR rights.
SUBPROCESSORS: Stripe (billing), Retell AI (voice), Google Analytics, Meta Pixel, PostHog/Mixpanel, cloud infrastructure.
CONTACT: privacy@revsquaredai.com
RevSquared AI · Lead Labs Plus LLC
Effective April 1, 2026