Privacy Policy

RevRepeat is a lead generation and paid advertising management service operating in the United Kingdom. For the purposes of UK GDPR and the Data Protection Act 2018, RevRepeat is the data controller in respect of personal data collected from clients and prospective clients who interact with our website, services, or communications.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at [email protected].

Depending on how you interact with RevRepeat, we may collect and process the following categories of personal data:

2.1 Client Data

• Identity data: full name, business name, job title;
• Contact data: email address, telephone number, WhatsApp number, business address;
• Financial data: billing details, payment method information processed via Stripe (we do not store card details directly);
• Account data: Meta Business Manager ID, Facebook Page ID, Meta ad account ID, and related platform access credentials provided to enable campaign management;
• Communications data: records of WhatsApp messages, emails, and other written communications between you and RevRepeat;
• Campaign data: ad creatives, copy, targeting parameters, performance data, and other information relating to your advertising campaigns;
• Onboarding data: business information, goals, target market, competitor information, and other details provided via the onboarding form;
• Call recordings: where calls are recorded for training and quality purposes, you will be notified at the start of the call.

2.2 Lead Data (Collected on Behalf of Clients)

Where RevRepeat manages advertising campaigns on behalf of clients, lead data is generated through those campaigns and delivered to clients via the RevRepeat CRM system. This data is processed by RevRepeat as a data processor on behalf of the client as data controller. Lead data is addressed separately in Section 7.

2.3 Website Visitor Data

• Technical data: IP address, browser type and version, device type, operating system, time zone setting;
• Usage data: pages visited, time spent on pages, referral source, click behaviour;
• Cookie data: data collected via cookies and tracking pixels, including the Meta Pixel. See Section 11 for further information.

We collect personal data through the following means:

• Directly from you: when you complete our onboarding form, book a strategy call, communicate with us via WhatsApp or email, or complete payment via Stripe;
• Automatically: when you visit our website, through cookies, the Meta Pixel, and similar tracking technologies that collect technical and usage data;
• Through our advertising campaigns: when individuals submit their details via forms attached to RevRepeat-managed advertising campaigns on Meta (Facebook and Instagram). This data is collected on behalf of our clients;
• From third parties: where you have granted access to Meta Business Manager, Facebook, or other third-party platforms, we may receive data from those platforms in connection with the management of your campaigns;
• Via Stripe: payment and billing information is collected and processed by Stripe on our behalf when you make a purchase.

RevRepeat uses personal data for the following purposes:

We will not use your personal data for any purpose that is incompatible with the purposes listed above without first informing you and, where required, obtaining your consent.

Under UK GDPR, RevRepeat relies on the following legal bases for processing personal data:

• Contract performance (Article 6(1)(b)): processing is necessary for the performance of the contract between RevRepeat and the client, including delivering the Services, managing the campaign, and processing payment;
• Legal obligation (Article 6(1)(c)): processing is necessary to comply with legal obligations, including financial record-keeping and responding to regulatory requests;
• Legitimate interests (Article 6(1)(f)): processing is necessary for RevRepeat's legitimate business interests, including improving services, preventing fraud, maintaining business records, and communicating with prospective clients. RevRepeat has assessed that these interests are not outweighed by the rights and interests of data subjects;
• Consent (Article 6(1)(a)): where RevRepeat relies on consent for processing, such as for marketing communications, consent will be sought separately and may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

RevRepeat uses a number of trusted third-party service providers to operate its business. These providers act as data processors and process personal data only on RevRepeat's instructions and in accordance with applicable data protection law. The key processors are as follows:

RevRepeat does not sell personal data to third parties. RevRepeat does not share personal data with third parties for their own marketing purposes.

Where RevRepeat manages advertising campaigns on behalf of clients, those campaigns generate leads — personal data submitted by individuals who respond to the client's advertisements on Meta (Facebook and Instagram). This data typically includes names, email addresses, telephone numbers, and postcode information submitted via lead generation forms.

In respect of this lead data:

• the client is the data controller in respect of lead data generated through their campaigns. The client determines the purpose and means of processing that data;
• RevRepeat acts as a data processor in respect of lead data, processing it solely for the purpose of delivering it to the client via the CRM system and in accordance with the client's instructions;
• clients are responsible for ensuring that their use of lead data complies with applicable data protection law, including UK GDPR and the Privacy and Electronic Communications Regulations 2003 (PECR);
• clients must not use lead data for purposes other than those disclosed to leads at the point of data collection;
• lead data is stored within the GoHighLevel CRM platform. Clients are responsible for managing the retention and deletion of lead data within their CRM account;
• RevRepeat is not responsible for how clients use, store, or process lead data once it has been delivered to them.

RevRepeat retains personal data only for as long as is necessary for the purposes for which it was collected, or as required by law. The following retention periods apply as a general guide:

When personal data is no longer required, it is securely deleted or anonymised in accordance with RevRepeat's internal data handling procedures.

RevRepeat takes the security of personal data seriously and implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

• use of secure, password-protected systems and platforms;
• use of industry-standard payment processing via Stripe, which is PCI DSS compliant;
• restricting access to personal data to those team members and contractors who need it to perform their role;
• use of two-factor authentication on key systems where available;
• regular review of access permissions and data handling practices.

While RevRepeat takes all reasonable steps to protect personal data, no method of electronic transmission or storage is completely secure. RevRepeat cannot guarantee the absolute security of personal data transmitted to it or stored within third-party platforms.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, RevRepeat will notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of the breach, and will notify affected individuals where required by law.

Under UK GDPR and the Data Protection Act 2018, you have the following rights in respect of your personal data:

• Right of access: you have the right to request a copy of the personal data RevRepeat holds about you (a Subject Access Request). RevRepeat will respond within one calendar month of receiving a valid request;
• Right to rectification: you have the right to request that inaccurate or incomplete personal data held by RevRepeat be corrected;
• Right to erasure: you have the right to request that RevRepeat delete your personal data in certain circumstances, for example where the data is no longer necessary for the purpose for which it was collected. This right is subject to RevRepeat's legal obligations to retain certain records;
• Right to restrict processing: you have the right to request that RevRepeat restricts its processing of your personal data in certain circumstances, for example while a dispute about the accuracy of your data is resolved;
• Right to data portability: where processing is based on consent or contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format;
• Right to object: you have the right to object to processing based on legitimate interests. RevRepeat will cease processing unless it can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless processing is necessary for legal claims;
• Rights in relation to automated decision-making: you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. RevRepeat does not currently make decisions about clients or leads on a solely automated basis;
• Right to withdraw consent: where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of the above rights, please contact RevRepeat at [email protected]. RevRepeat may require you to verify your identity before processing your request.

RevRepeat's website uses cookies and similar tracking technologies to operate the website, understand how visitors use it, and to support advertising activities.

11.1 What Are Cookies

Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work more efficiently and to provide information to website owners about how their site is used.

11.2 Cookies We Use

• Essential cookies: necessary for the website to function. These cannot be disabled;
• Analytics cookies: used to understand how visitors interact with the website, including which pages are visited most frequently and how visitors navigate between pages. This data is used in aggregated, anonymised form to improve the website;
• Meta Pixel: RevRepeat uses the Meta Pixel on its website. This is a piece of code that allows RevRepeat to measure the effectiveness of its advertising, build audiences for future advertising, and remarket to website visitors on Facebook and Instagram. The Meta Pixel collects data about your visit to the website, including pages viewed and actions taken, and sends this data to Meta Platforms Inc. in accordance with Meta's data policy. By visiting revrepeat.com, you acknowledge that the Meta Pixel may collect data about your visit as described above.

11.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies or to be notified when a cookie is being set. Please note that disabling certain cookies may affect the functionality of the website. You can also opt out of Meta's use of your data for advertising purposes through your Facebook account settings or by visiting the Digital Advertising Alliance's opt-out tool at aboutads.info.

RevRepeat's services are directed at businesses and are not intended for individuals under the age of 18. RevRepeat does not knowingly collect personal data from children. If RevRepeat becomes aware that it has inadvertently collected personal data from a child under the age of 18, it will take steps to delete that data as soon as reasonably practicable. If you believe RevRepeat has collected personal data from a child, please contact us at [email protected].

RevRepeat reserves the right to update this Privacy Policy from time to time to reflect changes in our data processing practices, legal obligations, or business operations. The current version of this Privacy Policy will always be available at the URL provided in client onboarding materials and on the RevRepeat website.

Where changes are material, RevRepeat will notify existing clients by email or via the WhatsApp group. The date of the most recent update is displayed at the top of this page. Your continued use of RevRepeat's services following any update to this Privacy Policy constitutes your acceptance of the revised policy.

We recommend that you review this Privacy Policy periodically to stay informed about how we handle your personal data.

If you have any questions, concerns, or requests relating to this Privacy Policy or RevRepeat's handling of your personal data, please contact us using the details below. RevRepeat will respond to all data protection enquiries within one calendar month of receipt.

If you are not satisfied with RevRepeat's response to your data protection enquiry, you have the right to escalate your complaint to the Information Commissioner's Office (ICO) at ico.org.uk.