← Back to Home

Privacy Policy

Last updated: May 1, 2026

1. Introduction

Revenue Harbour (“we”, “us”, or “our”) operates the website at revenueharbour.com and the associated web application (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our Service.

Revenue Harbour is operated from Germany. By using our Service, you agree to the collection and use of information in accordance with this policy and applicable data protection laws, including the EU General Data Protection Regulation (GDPR).

2. Data Controller

The data controller responsible for your personal data is:

Revenue Harbour
Email: support@revenueharbour.com

3. Information We Collect

3.1 Account Information

When you create an account, we collect:

  • Email address
  • Full name
  • Profile picture (if provided via social login)

3.2 Payment Information

When you subscribe to a paid plan, payment is processed by our third-party payment provider, LemonSqueezy. We store only your card brand (e.g., Visa) and last four digits for display purposes. We do not store full card numbers, CVVs, or other sensitive payment details.

3.3 App Store Credentials

To connect your Apple App Store Connect or Google Play Console accounts, you provide API credentials (keys, service account files). These credentials are encrypted at rest in our database and are used solely to communicate with your app store accounts on your behalf. We never share these credentials with any third party.

3.4 App & Pricing Data

When you sync your app store accounts, we retrieve and store:

  • App names, bundle identifiers, and icons
  • Subscription product names, pricing tiers, and territories
  • Revenue and unit sales data (aggregated monthly)
  • Pricing changes and scheduling history

3.5 Usage & Preferences

We store your preferred currency setting and theme preference (light/dark mode) to personalize your experience.

3.6 Support Requests

When you submit a support request, we collect your name, email, message content, and any file attachments you include.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process payments and manage your subscription
  • Sync and display your app store data (apps, pricing, revenue)
  • Execute pricing changes you request via our platform
  • Respond to your support requests
  • Send transactional communications related to your account
  • Comply with legal obligations

5. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract performance — To provide the Service you signed up for, including account management, app store synchronization, and pricing features.
  • Legitimate interest — To improve our Service, ensure security, and prevent fraud.
  • Legal obligation — To comply with applicable laws and regulations.
  • Consent — For optional communications such as newsletters. You may withdraw consent at any time.

6. Third-Party Services

We share data with the following third-party service providers, strictly for the purposes described:

Supabase

Database hosting, user authentication, and session management. Your account data and encrypted app store credentials are stored in Supabase’s infrastructure (EU region). Supabase Privacy Policy

LemonSqueezy

Payment processing and subscription management. LemonSqueezy processes your payment details and shares limited billing data (subscription status, card brand, last four digits) with us. LemonSqueezy Privacy Policy

Vercel

Application hosting and content delivery. Vercel processes HTTP requests including IP addresses and user agents for delivering the Service. Vercel Privacy Policy

Resend

Email delivery for support requests. When you contact support, your name, email, and message are transmitted to Resend for email delivery. Resend Privacy Policy

Sanity

Content management for our website (landing pages, blog, documentation). Sanity does not process end-user personal data. Sanity Privacy Policy

Apple App Store Connect & Google Play Console

We connect to these platforms using your own credentials to retrieve and manage your app data, pricing, and revenue on your behalf. We act as your authorized agent and do not store data beyond what is necessary for the Service.

7. Cookies & Local Storage

We use the following cookies and browser storage:

  • Authentication cookies (essential) — Supabase session tokens that keep you logged in. These are HTTP-only, secure cookies set automatically when you sign in.
  • Theme preference (functional) — Your light/dark mode preference is stored in your browser’s localStorage.

We do not use analytics cookies, advertising cookies, or any third-party tracking technologies.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of app store credentials at rest
  • HTTPS encryption for all data in transit
  • Row Level Security (RLS) on all database tables ensuring users can only access their own data
  • HMAC signature verification for webhook endpoints
  • Secure environment variable management for API keys and secrets

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. When you delete your account, all associated data — including your profile, connected store accounts, apps, pricing data, templates, and change history — is permanently deleted through cascading deletion.

We may retain certain data for a limited period to comply with legal obligations, resolve disputes, or enforce agreements.

10. Your Rights (GDPR)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access — Request a copy of the personal data we hold about you.
  • Right to rectification — Request correction of inaccurate or incomplete data.
  • Right to erasure — Request deletion of your personal data (“right to be forgotten”).
  • Right to restriction — Request restricted processing of your data in certain circumstances.
  • Right to data portability — Receive your data in a structured, commonly used format.
  • Right to object — Object to processing based on legitimate interest.
  • Right to withdraw consent — Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at support@revenueharbour.com. We will respond within 30 days.

11. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA) through our third-party service providers. Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

12. Children’s Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete such information.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after any changes constitutes acceptance of the revised policy.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, contact us at:

Revenue Harbour
Email: support@revenueharbour.com

You also have the right to lodge a complaint with your local data protection authority if you believe your data has been processed unlawfully.