RLRevLooper

Privacy Policy

Last updated: May 5, 2026

RevLooper (“we”, “us”, or “our”) operates the website onemorii.com and the RevLooper SaaS platform (collectively, the “Service”). This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and your rights as a data subject.

By creating an account or using the Service, you agree to this Privacy Policy. If you do not agree, please do not use the Service.

1. Who We Are

RevLooper is an AI-native sales outreach platform for solo founders and small B2B teams, with a primary focus on Southeast Asia. The data controller for personal data processed through the Service is:

RevLooper Pte. Ltd.
Email: privacy@onemorii.com

2. Data We Collect

2.1 Account & Profile Data

  • Name, email address, and password (hashed — we never store plain-text passwords)
  • Phone number (optional, used for SMS notifications)
  • Company name, job title, and website (optional)
  • OAuth profile data when you sign in with Google, Microsoft, or Facebook

2.2 Usage & Product Data

  • Actions you take inside the platform (campaigns created, emails sent, meetings booked)
  • Feature usage frequency and navigation patterns
  • AI-generated content you create, edit, or delete (email drafts, sequences, AI Brain documents)
  • Integration connection status (Gmail, Outlook, Zalo, etc.) — we store OAuth tokens securely, never your email password

2.3 Lead & Contact Data You Upload

When you import leads into RevLooper (via CSV, lead forms, or connected integrations), you upload personal data belonging to third parties. You are the data controller for that data; RevLooper processes it on your behalf as a data processor. You warrant that you have a lawful basis to upload and contact those individuals.

2.4 Communications Data

  • Emails sent and received through connected mailboxes (read to display in Unified Inbox and to train reply suggestions)
  • Reply content, open and click events from outreach emails
  • Meeting booking details (name, email, selected time slots)

2.5 Technical & Device Data

  • IP address, browser type, operating system
  • Cloudflare request logs (retained for up to 30 days)
  • Cookies and similar tracking technologies (see Section 8)

2.6 Billing Data

Payment card details are processed and stored exclusively by our payment processors (Paddle for international transactions; payOS / MoMo / VNPay for Vietnam). RevLooper stores only a billing reference ID and subscription status — never raw card numbers.

3. How We Use Your Data

  • Providing the Service — running campaigns, sending outreach, booking meetings, delivering AI-generated content
  • Account management — authentication, workspace configuration, billing, notifications
  • AI personalisation — your AI Brain documents and past interactions are used to ground AI outputs in your specific business context. This data is scoped to your workspace and is not used to train shared models
  • Product improvement — aggregated, anonymised usage analytics to improve features
  • Security & fraud prevention — detecting abuse, enforcing rate limits, auditing access
  • Legal compliance — meeting obligations under applicable laws
  • Marketing — with your consent, sending product updates and tips via email. You can unsubscribe at any time

4. Legal Bases for Processing (GDPR / PDPA)

  • Contract performance — processing necessary to deliver the Service you subscribed to
  • Legitimate interests — product analytics, security monitoring, fraud prevention
  • Consent — marketing emails, optional cookies, processing of sensitive data where required
  • Legal obligation — retaining transaction records, responding to lawful requests

For users in Vietnam, we comply with Decree 13/2023/ND-CP on personal data protection. For users in Thailand, we comply with the Personal Data Protection Act B.E. 2562 (PDPA). For users in Singapore, we comply with the Personal Data Protection Act 2012 (PDPA SG).

5. Data Sharing & Sub-processors

We do not sell your personal data. We share data only with trusted sub-processors necessary to operate the Service:

  • Supabase — database and authentication (hosted in Singapore / EU)
  • Google Cloud Platform — compute, storage, and AI inference (asia-southeast1 region)
  • Cloudflare — CDN, DDoS protection, edge compute
  • OpenAI / Anthropic / Google DeepMind — AI inference for campaign generation and reply suggestions. Prompts may contain lead names and email context; we use API agreements that prohibit training on your data
  • Apollo.io / Hunter.io — lead enrichment (only invoked when you explicitly enrich a lead)
  • Mailreach — email warm-up service for connected mailboxes
  • Resend / Twilio / ESMS.vn — transactional email and SMS notifications
  • Paddle / payOS / MoMo / VNPay — payment processing
  • Novu — notification orchestration

We maintain a full sub-processor list and notify customers of material changes at least 30 days in advance.

6. Data Retention

  • Account data is retained for the life of your account plus 90 days after deletion
  • Lead and campaign data is retained until you delete it or close your account
  • Billing records are retained for 7 years to comply with tax regulations
  • Security and access logs are retained for 12 months
  • Anonymised, aggregated analytics data may be retained indefinitely

7. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your data (“right to be forgotten”)
  • Portability — receive your data in a structured, machine-readable format
  • Restriction — ask us to limit processing in certain circumstances
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — at any time for consent-based processing

To exercise any right, email privacy@onemorii.com. We respond within 30 days. You may also submit a complaint to your local data protection authority.

8. Cookies

We use the following categories of cookies:

  • Strictly necessary — authentication session tokens; cannot be disabled
  • Functional — language preference, UI settings
  • Analytics — anonymised page-view and feature-usage data (opt-out available in account settings)
  • Marketing — only with your explicit consent; used for retargeting on platforms such as Google and Facebook

9. Security

We protect your data with: TLS 1.3 in transit; AES-256 encryption at rest; row-level security (RLS) enforced at the database layer; secrets stored in GCP Secret Manager; multi-factor authentication available on all accounts; and regular third-party security audits.

In the event of a personal data breach that poses a risk to your rights, we will notify you and relevant regulators within 72 hours of becoming aware.

10. International Transfers

Data is primarily processed in the asia-southeast1 (Singapore) GCP region. Some AI inference requests may be processed by OpenAI (US) or Anthropic (US) under Standard Contractual Clauses. We do not transfer data to countries without adequate protection without implementing appropriate safeguards.

11. Children’s Privacy

The Service is intended for business use by individuals aged 18 and over. We do not knowingly collect personal data from children under 13. If you believe a child has provided us data, contact us immediately at privacy@onemorii.com.

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before they take effect. Continued use of the Service after the effective date constitutes acceptance.

13. Contact

For privacy-related questions or requests, contact our Data Protection Officer at: privacy@onemorii.com