Revion Consulting ("Revion," "we," "us," or "our") operates the Insyte Amazon FBA Intelligence platform, including the Insyte Chrome Extension and web application at insyte.revionlabs.app (collectively, the "Service").
This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. We are committed to protecting your privacy and ensuring transparency in our data practices.
By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.
1. Information We Collect
1.1 Information You Provide Directly
- Account Information: When you register for an account, we collect your email address and authentication credentials through Google OAuth (via Supabase Authentication).
- Subscription Information: When you subscribe to our paid service, payment processing is handled by Stripe. We receive your subscription status but do not store your payment card details.
- User Input Data: Product cost estimates, landed costs, and other business parameters you enter for analysis purposes.
- Support Communications: Any information you provide when contacting our support team.
1.2 Information Collected Automatically
- Amazon Product Data: When you analyze a product, we collect publicly available information from Amazon product pages, including ASIN (Amazon Standard Identification Number), product title, price, seller information, and sales rank data.
- Usage Analytics: We collect anonymized usage data to improve our Service, including features used, analysis frequency, and general interaction patterns.
- Technical Data: Browser type, extension version, and error logs for debugging purposes.
1.3 Information We Do NOT Collect
Privacy-First Design
- Your browsing history on non-Amazon websites
- Your Amazon account credentials or login information
- Your Amazon purchase history or order data
- Payment card numbers or banking information (handled by Stripe)
- Personal files, photos, or documents from your device
- Keystrokes, form inputs, or content on non-Amazon pages
- Location data or device identifiers for tracking purposes
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Provide and maintain the Service | Contract performance |
| Authenticate users and manage sessions | Contract performance |
| Process subscription payments via Stripe | Contract performance |
| Analyze Amazon product data for ROI calculations | Contract performance |
| Improve and optimize the Service | Legitimate interest |
| Respond to support inquiries | Contract performance |
| Prevent fraud and ensure security | Legitimate interest |
| Comply with legal obligations | Legal obligation |
3. Chrome Extension Specific Practices
3.1 Extension Permissions
The Insyte Chrome Extension requests the following permissions:
- Host Permissions (Amazon Domains): Access to Amazon product pages (amazon.com, amazon.ca, amazon.co.uk, amazon.de, amazon.fr, amazon.it, amazon.es, amazon.co.jp, amazon.com.au, amazon.in, amazon.com.mx) to read publicly available product data.
- Host Permission (insyte.revionlabs.app): Access to our own domain for authentication verification and analysis delivery.
- Active Tab: To access the currently active Amazon product page URL and determine if the page contains a product that can be analyzed.
- Storage (Session): To temporarily cache authentication tokens during your browser session. This data is encrypted and automatically cleared when you close your browser.
- Scripting: To inject the analysis interface on Amazon product pages and to retrieve authentication status from our web application.
- Cookies: To read authentication cookies from our own domain (insyte.revionlabs.app) only.
3.2 Data Flow
- You authenticate via Google OAuth on insyte.revionlabs.app
- The extension retrieves your authentication tokens using the following methods (in priority order):
- Cached tokens from secure encrypted session storage
- Reading authentication cookies from our domain (if accessible)
- Fetching tokens via our API from an open Insyte tab (using chrome.scripting to execute a secure fetch request within the tab's context)
- If no Insyte tab is open and you are not authenticated, the extension opens a new Insyte login tab
- Tokens are securely cached in Chrome's session storage (encrypted, memory-only, automatically cleared when the browser closes)
- When you visit an Amazon product page, the extension detects the product identifier (ASIN)
- When you click "Analyze," an embedded iframe loads the analysis interface with your authentication token passed securely
- Product data (ASIN, title, price, etc.) is sent to our servers for analysis via authenticated API calls
- Analysis results are displayed in the embedded interface
3.3 What the Extension Does NOT Do
- xDoes NOT inject affiliate links or modify Amazon links
- xDoes NOT redirect your purchases or track your Amazon orders
- xDoes NOT access or modify Amazon pages beyond reading product information
- xDoes NOT run in the background when not actively analyzing
- xDoes NOT collect data from any non-Amazon websites
- xDoes NOT sell or share your data with third-party advertisers
4. Data Storage and Security
4.1 Data Storage
- Authentication Data: Stored securely in Supabase (PostgreSQL database) with encryption at rest and in transit.
- Analysis History: Stored in Supabase, associated with your user account.
- Session Tokens: Temporarily stored in Chrome's session storage (cleared on browser close).
- Payment Data: Processed and stored by Stripe; we only receive subscription status.
4.2 Security Measures
- All data transmission uses TLS 1.3 encryption (HTTPS)
- Authentication via industry-standard OAuth 2.0
- Session tokens are encrypted and short-lived
- Database access is restricted and monitored
- Regular security audits and vulnerability assessments
4.3 Data Retention
- Account Data: Retained while your account is active; deleted within 30 days of account deletion request.
- Analysis History: Retained for 12 months; you may delete individual analyses at any time.
- Session Data: Automatically cleared when browser closes.
5. Data Sharing and Disclosure
We do not sell your personal data. We may share your information only in the following circumstances:
5.1 Service Providers
- Supabase: Database and authentication infrastructure (Privacy Policy)
- Stripe: Payment processing (Privacy Policy)
- Vercel: Web hosting and analytics (Privacy Policy)
- Google: OAuth authentication (Privacy Policy)
5.2 Legal Requirements
We may disclose your information if required to do so by law or in response to valid legal requests by public authorities (e.g., court orders, subpoenas).
5.3 Business Transfers
If Revion Consulting is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.
6. Your Rights and Choices
6.1 GDPR Rights (European Economic Area)
If you are located in the EEA, you have the following rights:
- Access: Request a copy of your personal data
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your personal data ("right to be forgotten")
- Restriction: Request restriction of processing
- Portability: Request your data in a portable format
- Objection: Object to processing based on legitimate interests
- Withdraw Consent: Withdraw consent at any time where processing is based on consent
6.2 CCPA Rights (California Residents)
California residents have additional rights under the California Consumer Privacy Act:
- Right to Know: What personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt out of sale of personal information (we do not sell data)
- Right to Non-Discrimination: Equal service regardless of exercising privacy rights
To exercise CCPA rights, contact us at contact@revionconsulting.com with "CCPA Request" in the subject line.
6.3 PIPEDA Rights (Canada)
Canadian residents have rights under the Personal Information Protection and Electronic Documents Act:
- Access to your personal information held by us
- Correction of inaccurate or incomplete information
- Withdrawal of consent for collection, use, or disclosure
- Complaint to the Privacy Commissioner of Canada
6.4 How to Exercise Your Rights
To exercise any of these rights, please contact us at contact@revionconsulting.com. We will respond within 30 days (or sooner where required by law).
7. International Data Transfers
Our Service is hosted on servers located in the United States (via Supabase and Vercel). If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States.
For transfers from the EEA to the United States, we rely on Standard Contractual Clauses approved by the European Commission to ensure adequate protection of your personal data.
8. Children's Privacy
Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@revionconsulting.com, and we will delete such information.
9. Third-Party Links
Our Service may contain links to third-party websites (such as Amazon.com). We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.
For significant changes, we will provide additional notice via email or through the Service. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.
11. Contact Us
Revion Consulting
- Email: contact@revionconsulting.com
- Website: revionconsulting.com
- Data Protection Inquiries: Include "Privacy" in your email subject line
Google API Services User Data Policy Compliance
Insyte's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We only request access to the minimum Google user data required for authentication (email address and basic profile information via Google OAuth).
This Privacy Policy is designed to comply with the Chrome Web Store Developer Program Policies, the Google API Services User Data Policy (including Limited Use requirements), the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the Personal Information Protection and Electronic Documents Act (PIPEDA).