Privacy Policy

This Privacy Policy explains how Going Macro S.r.l. collects, uses, stores, and protects personal data in connection with RevScout.

RevScout is a product operated by:

For the purposes of this Privacy Policy, “RevScout”, “we”, “us”, or “our” refers to Going Macro S.r.l. as operator of the RevScout service.

1. Scope

This Privacy Policy applies when you:

• visit the RevScout website;
• request a demo;
• contact us;
• create or use a RevScout account;
• connect third-party tools to RevScout;
• interact with RevScout features, alerts, reports, or AI-generated insights.

2. Our role under GDPR

Going Macro S.r.l. may act as either a data controller or data processor, depending on the context.

When we act as controller

We act as data controller when we process personal data for our own purposes, including:

• website visits;
• demo requests;
• sales and business communications;
• billing and accounting;
• customer account administration;
• product security;
• legal compliance;
• service improvement.

When we act as processor

We usually act as data processor when we process data that a business customer connects, imports, or makes available inside RevScout.

This may include data from tools such as Stripe, Supabase, Intercom, PostHog, Mixpanel-like analytics systems, CRMs, support tools, product analytics platforms, and other connected systems.

In that case, the customer is generally the data controller, and Going Macro S.r.l. processes the data on the customer’s behalf under the applicable Data Processing Addendum.

3. Personal data we process

Website, contact, and demo data

• name; business email; company name; job title; website URL;
• message content; demo request details;
• IP address; browser and device information;
• cookie preferences; analytics events, where enabled.

Account data

• name; email address; company or workspace name;
• role and permissions; authentication data; login activity;
• product settings; support requests; workspace activity logs.

Customer-connected data

Depending on the integrations enabled by the customer, RevScout may process:

• customer account names; user names and email addresses;
• company identifiers; organization IDs; Stripe customer IDs;
• subscription metadata; billing status; plan information; payment metadata;
• product usage events; customer health indicators;
• support tickets and messages; CRM metadata; account notes;
• lifecycle stage; renewal or subscription information;
• alerts and risk signals generated by RevScout.

Technical and security data

• IP addresses; request logs; browser and device metadata;
• authentication logs; API logs; error logs;
• security event logs; integration sync status.

We do not intentionally require customers to submit special-category personal data. Customers must not submit such data unless expressly agreed in writing and supported by a valid legal basis.

4. Why we process personal data

• provide RevScout; manage user accounts; authenticate users;
• connect and sync integrations;
• analyze customer-health and revenue signals;
• detect churn-risk patterns; identify expansion opportunities;
• generate account summaries; send alerts and notifications;
• provide AI-assisted insights; provide support;
• respond to demo and contact requests; secure the service;
• prevent abuse or unauthorized access; maintain logs and backups;
• improve service reliability; manage billing and accounting;
• comply with legal obligations.

5. Legal bases

Where GDPR applies, we process personal data under one or more of the following legal bases:

• Providing RevScout / account management: contract.
• Customer support: contract / legitimate interest.
• Demo requests and sales: legitimate interest / consent where required.
• Billing and accounting: legal obligation.
• Security and abuse prevention: legitimate interest.
• Product improvement: legitimate interest.
• Optional marketing / analytics cookies: consent where required.
• Customer-connected data: customer instructions under DPA.

6. AI processing

RevScout may use AI models and AI infrastructure providers, including Gemini, OpenAI, and Anthropic, to provide features such as account summaries, churn-risk explanations, support-signal analysis, usage-pattern summaries, customer-health insights, suggested next actions, internal reports, and Slack or chat-based assistant responses, if enabled.

AI-generated outputs may be incomplete, inaccurate, or based on incomplete source data. Users should review important outputs before relying on them or taking action.

Unless expressly agreed in writing, Going Macro S.r.l. does not use customer-connected data to train public or general-purpose AI models.

7. Third-party service providers

We use selected third-party providers to operate, secure, and improve RevScout. These may include Vercel, Lovable, Supabase, Google Workspace, Stripe, Gemini, OpenAI, Anthropic, Sentry, PostHog, and Intercom. The current list is available on the Subprocessors page.

8. International transfers

Some providers may process data outside the European Economic Area. Where required, we use appropriate safeguards such as Standard Contractual Clauses, adequacy decisions, or equivalent lawful transfer mechanisms.

9. Data retention

• Website and demo requests: as long as needed for follow-up or support.
• Customer account data: for the duration of the customer relationship.
• Customer-connected data: for the duration of the service, unless deleted earlier.
• Billing and tax records: as required by applicable law.
• Security logs: as needed for security and abuse prevention.
• Backups: until backup rotation expires.
• Support communications: as long as needed for support, legal, or operational purposes.

After account termination, customer data may remain exportable for a limited period and then be deleted, unless retention is required by law, security, backups, or dispute resolution.

10. Data subject rights

Where applicable, individuals may have the right to access, correct, delete, restrict, object to processing, request portability, withdraw consent, or lodge a complaint with a supervisory authority.

Requests can be sent to info@goingmacro.it. If your data was processed by one of our business customers through RevScout, that customer is usually the data controller and we may direct your request to them.

11. Security

We apply appropriate technical and organizational measures to protect personal data, including encryption in transit, provider-level encryption at rest where available, access controls, role-based permissions, authentication protections, logging and monitoring, error monitoring, backup procedures, and confidentiality obligations for authorized personnel.

12. Data breaches

If we become aware of a personal data breach affecting customer data, we will notify affected customers without undue delay and provide information reasonably required to help them meet their legal obligations.

13. Changes

We may update this Privacy Policy from time to time. Material changes may be communicated by email, in-app notice, or website notice.

14. Contact