Legal

Privacy Policy

We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, use, and safeguard your information.

Last updated: 26 May 2025

1. Who We Are

This Privacy Policy applies to The Revenue Crew and its platform CrewCloud. References to "we", "us", or "our" in this policy refer to The Revenue Crew and its related entities.

The Revenue Crew is a digital marketing agency with operations in South Africa, Portugal, and Australia. CrewCloud is our client reporting and marketing management platform built for agencies and their clients.

We act as a data controller for information you provide to us directly (e.g. via our website or when registering for CrewCloud). We act as a data processor on behalf of our agency clients when processing their clients' data through the CrewCloud platform.

2. Data We Collect

Website Visitors

  • Usage data: pages visited, time on site, referring URLs, browser and device type
  • IP address (anonymised where required by applicable law)
  • Cookies and similar tracking technologies (see Cookies section)

Contact Form & Enquiries

  • Name, email address, phone number, and website URL
  • Details of your business, project, or enquiry
  • Any additional information you voluntarily provide

CrewCloud — Agency Users

  • Account information: name, company name, email address, and password (hashed)
  • Billing and subscription information (processed by our payment provider — we do not store card details)
  • Platform usage data: features used, login history, settings preferences

CrewCloud — Client Users

  • Account information: name, email address, and password (hashed)
  • Third-party platform data accessed via OAuth integrations you explicitly authorise: Google Ads, Google Analytics 4, Google Search Console, Meta Ads, Meta social accounts, LinkedIn Ads, LinkedIn company pages, WooCommerce, and Shopify
  • Marketing performance metrics, campaign data, and audience insights fetched on your behalf
  • Content and creative assets uploaded for social media scheduling

We only access third-party platform data (Google, Meta, LinkedIn, etc.) after you explicitly grant us permission through each platform's OAuth consent flow. You can revoke this access at any time from within the platform or directly through the third-party service.

3. How We Use Your Data

  • To respond to enquiries and communicate with you about our services
  • To provide, operate, and improve the CrewCloud platform
  • To authenticate your identity and maintain account security
  • To fetch and display your marketing performance data from connected integrations
  • To schedule and publish social media content on your behalf
  • To generate reports and insights for agency clients and their end-clients
  • To send transactional communications (account confirmation, password reset, integration alerts)
  • To comply with our legal obligations
  • To detect, prevent, and investigate fraud, abuse, or unauthorised access

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling that produces legal or similarly significant effects.

4. Legal Basis for Processing

We process personal data under the following legal bases as required by the General Data Protection Regulation (GDPR) and the Protection of Personal Information Act (POPIA):

  • Contract performance — processing necessary to provide the CrewCloud platform and deliver our agency services
  • Legitimate interests — security monitoring, fraud prevention, platform improvement, and analytics (where not overridden by your rights)
  • Consent — cookies, marketing communications, and third-party platform integrations (you may withdraw consent at any time)
  • Legal obligation — record-keeping, tax compliance, and responding to lawful requests from authorities

5. Third-Party Services

To deliver our services we work with the following categories of third-party providers. Each is bound by their own privacy policies and applicable data protection law:

Platform Integrations (user-authorised)

  • Google — Google Ads, Google Analytics 4, Google Search Console. Governed by Google's Privacy Policy and API Terms of Service.
  • Meta — Meta Ads and Meta Business Suite (Facebook / Instagram). Governed by Meta's Privacy Policy.
  • LinkedIn — LinkedIn Ads and LinkedIn Pages API. Governed by LinkedIn's Privacy Policy.
  • WooCommerce / Shopify — ecommerce data for sales and revenue reporting. Governed by the respective platforms' policies.

Infrastructure & Operations

  • Cloud hosting and database providers (servers located in EU/EEA where possible)
  • Email delivery services for transactional emails
  • Analytics services for platform usage insights (configured without third-party advertising)

We do not permit third-party service providers to use your personal data for their own marketing purposes. We execute data processing agreements with all processors who handle personal data on our behalf.

6. Data Retention

  • Active accounts: data is retained for as long as your account is active or as needed to provide services
  • Closed accounts: account data is deleted or anonymised within 90 days of account closure, unless we are required by law to retain it longer
  • Contact enquiries: retained for up to 3 years for business relationship management purposes
  • Financial records: retained for 7 years to comply with tax and accounting obligations
  • OAuth tokens: stored securely and deleted immediately when you disconnect an integration
  • Log and audit data: retained for up to 12 months for security monitoring purposes

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Rectification — ask us to correct inaccurate or incomplete data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — ask us to pause processing while a dispute is resolved
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior lawful processing
  • Complaint — lodge a complaint with your national data protection authority

To exercise any of these rights, email us at privacy@therevenuecrew.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

Supervisory Authorities

  • South Africa: Information Regulator — inforegulator.org.za
  • Portugal / EU: CNPD (Comissão Nacional de Proteção de Dados) — cnpd.pt
  • Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au

8. Cookies

We use cookies and similar technologies to ensure our website and platform function correctly and to understand how they are used.

Essential Cookies

Required for core functionality such as authentication, session management, and security. These cannot be disabled without breaking the service.

Analytics Cookies

Used to understand how visitors use our website (pages visited, time on site, error rates). We configure analytics tools to anonymise IP addresses and not share data for advertising purposes. You can opt out of analytics cookies via our cookie banner.

Managing Cookies

Most browsers allow you to control cookies through their settings. Disabling cookies may affect the functionality of the CrewCloud platform. For more information on managing cookies, visit allaboutcookies.org.

9. Security

We implement industry-standard security measures to protect your personal data, including:

  • Encryption of data in transit using TLS 1.2+
  • Encryption of sensitive fields (OAuth tokens, credentials) at rest using AES-256
  • Password hashing using bcrypt with a suitable cost factor
  • Role-based access controls limiting who can access data within the platform
  • Regular security reviews and dependency updates
  • HTTPS enforcement with HSTS headers on all endpoints

No method of transmission over the internet is 100% secure. If you believe your account has been compromised, please contact us immediately at privacy@therevenuecrew.com.

10. International Data Transfers

As a business operating across South Africa, Portugal, and Australia, your data may be transferred between jurisdictions. Where data is transferred from the EEA to countries without an adequacy decision, we rely on the European Commission's Standard Contractual Clauses (SCCs) or other appropriate safeguards.

Third-party services (Google, Meta, LinkedIn) may process data in the United States or other jurisdictions. These providers maintain compliance frameworks such as the EU-U.S. Data Privacy Framework and implement SCCs where required.

11. Children's Privacy

Our website and platform are not directed at children under 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Notify registered CrewCloud users via email or an in-platform notice
  • Where required by law, seek fresh consent

Continued use of our services after the effective date of any changes constitutes acceptance of the revised policy.

13. Contact Us

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

The Revenue Crew

Email: privacy@therevenuecrew.com

Website: therevenuecrew.com/contact