Privacy Policy

Last Updated: June 2026

Overview

RevPilot (“we”, “our”, or “the extension”) is a browser extension that provides sales enablement features including keyword highlighting and training videos.

Data Collection

What We Collect

1. Configuration Data

  • Your account email and password, entered in the extension's sign-in form and transmitted securely to authenticate you. Your password is used only to sign in and is never stored by the extension — only a session token is kept locally
  • Your name, email address, and organization name, returned after sign-in and stored locally to display your account
  • API keys and dashboard URLs you provide during setup
  • Your keyword and domain configuration preferences
  • Extension settings (enabled/disabled status)

2. Usage Analytics

  • Keyword click events, including the full URL of the CRM page at the time of the click
  • Video view events, including the full URL of the CRM page at the time of the view
  • Video watch time (in seconds)
  • Session identifiers (anonymized random strings, no personally identifiable information)

3. Onboarding Progress

  • Completion flags stored locally in your browser and in the localStorage of your configured CRM domain to track which onboarding videos you have completed

What We DO NOT Collect

  • Your CRM login credentials
  • Customer data from your CRM
  • Page content, form data, or keystrokes
  • Browsing history
  • Personal financial information
  • Your stored password — it is used only at the moment of sign-in to authenticate you and is never saved by the extension (only a session token and your own RevPilot API key are stored locally)
  • Your physical location, GPS coordinates, or IP address

Data Storage

Local Storage

  • API configuration, session data, and UI preferences are stored locally in your browser using Chrome's storage API
  • Onboarding completion flags are also written to the localStorage of your configured CRM domain (e.g. Salesforce, HubSpot) and remain on your device

Server Communication

  • Analytics events (keyword clicks, video views, watch time) are sent to your organization's RevPilot dashboard server
  • All communication with the RevPilot server uses HTTPS
  • Video playback is handled via embedded iframes from YouTube, Vimeo, or Loom depending on how your administrator configured the videos — the extension does not transmit user data to these services
  • No data is sent to third-party analytics services, advertising networks, or data brokers

Data Retention

  • Account information and analytics events are retained on your organization's RevPilot dashboard server for as long as your account and organization remain active
  • This data is deleted when your account is deleted, when your organization removes it, or upon request to your administrator
  • Data stored locally by the extension (session token, settings, onboarding flags) is removed when you log out or uninstall the extension

Data Usage

We use collected data to:

  • Provide keyword highlighting and training video features
  • Display relevant training videos
  • Track your onboarding progress
  • Power your organization's analytics dashboard (keyword engagement, video views, watch time)

Data Sharing

We do not sell your data, and we do not share it with advertisers, data brokers, or any party for advertising purposes.

To operate the service, your data is processed by the following service providers (sub-processors) acting on RevPilot's behalf. They are permitted to process your data only to provide their service to us:

  • Supabase: database hosting — stores your account information (name, email, encrypted password) and analytics events (keyword clicks, video views, watch time, and the CRM page URLs associated with those events)
  • Netlify: application and dashboard hosting — serves the RevPilot dashboard and API your organization uses
  • Resend: transactional email delivery — sends account emails such as welcome messages, team invitations, and password resets (receives your email address for this purpose)

Extension Permissions Explained

PermissionPurpose
storageSave your API configuration, preferences, and session data locally
host_permissions (all_urls)RevPilot is CRM-agnostic — your administrator configures which domains the extension activates on (Salesforce, HubSpot, Close, etc.). Because each organization uses different CRM domains, the extension cannot be restricted to a fixed list of URLs at install time. The extension loads on all pages but only activates on domains your administrator has configured.

Content Script Behavior

The extension's content script is loaded on all pages due to the host_permissions requirement described above. It only activates features (keyword highlighting, sidebar) on domains explicitly configured by your organization's administrator. No data is collected from pages outside your configured domains.

Limited Use Disclosure

The use of information received from Google APIs will adhere to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Your Rights

You have the right to:

Access

View what data is stored in extension settings

Delete

Clear all local data by removing the extension

Export

Request your data from your RevPilot dashboard administrator

Security

We implement security measures including:

  • HTTPS-only API communication
  • API key encryption in transit
  • No storage of sensitive CRM data
  • Rate limiting to prevent abuse

Children's Privacy

RevPilot is designed for business use and is not intended for users under 18 years of age.

Changes to This Policy

We may update this privacy policy periodically. Significant changes will be communicated through the extension or dashboard.

Contact

For privacy-related questions or concerns:

By using RevPilot, you agree to this privacy policy.