Revenue Factory
Privacy Policy
Effective Date: June 10, 2026
Controller: Fenixlabs.co Inc. dba Revenue Factory ("Revenue Factory," "we," "us")
Address: 936 SW 1st Ave. #859, Miami, FL 33130
Contact: success@revenuefactory.com | 786-706-8231
1. Who We Are
Revenue Factory is the operating name of Fenixlabs.co Inc., a Florida corporation. We provide AI-powered marketing enablement and operating systems for local service businesses. This Privacy Notice describes how we collect, use, share, and protect personal information.
This Notice applies to:
- (a) Visitors to https://revenuefactory.com and related Revenue Factory websites
- (b) Customers and prospective customers of Revenue Factory's Services
- (c) Affiliates in the Revenue Factory Affiliate Program
- (d) Job applicants and individuals who otherwise interact with us
End users of our Customers (e.g., a caller to your salon whose call is handled by the AI Employee you've deployed): their personal information is processed by Revenue Factory on the Customer's behalf as a processor / service provider. The Customer is the controller. See Section 11 (Processor Disclosure) and the Data Processing Agreement.
2. Information We Collect
2.1 Information you provide
- Identity information (name, email, phone, company name, billing address)
- Account credentials
- Payment information (processed by Maverick Payments / NMI; we do not store full card numbers)
- Communications with us (support tickets, sales calls, emails, SMS)
- Business information you share (audience data, brand assets, marketing inputs)
- Affiliate program tax information (W-9, W-8, etc.)
- Application materials (résumés, work samples) if you apply for employment
2.2 Information collected automatically
- Device information (browser, OS, IP, device identifiers)
- Usage information (pages visited, features used, time spent)
- Cookies and similar technologies (see Cookie Policy)
- Location (approximate, from IP)
2.3 Information from third parties
- HighLevel and other platforms used to deliver Services
- Payment processors confirming transactions
- Affiliate platform reporting referrals and earnings
- Public sources (LinkedIn, websites) used for sales and marketing research
2.4 Special categories
We may process the following categories where applicable to specific Service uses:
- (a) Voice biometric information. AI Employee voice handling involves voice recordings and may involve voice biometric processing (see Section 8)
- (b) Health-related information. Where Customers operate in healthcare verticals and use Revenue Factory's Services, limited health-related information may be processed; HIPAA may apply where Customer is a Covered Entity (see Section 9)
- (c) Children's information. Revenue Factory's Services are not designed for children. We do not knowingly collect information from individuals under 18
3. How We Use Information
We use information for:
- (a) Providing and maintaining the Services
- (b) Configuring AI Employees, AI Marketing OS, and other deployments
- (c) Customer support, training, and account management
- (d) Billing and account administration
- (e) Marketing our Services to existing and prospective customers (where permitted)
- (f) Service improvement, including reviewing AI Employee performance and Scorecard outputs
- (g) Security, fraud prevention, and abuse detection
- (h) Legal compliance, including responding to subpoenas, court orders, and regulatory requests
- (i) Aggregating and anonymizing data for benchmarking, research, and product development
3.1 Legal bases for processing (GDPR / UK-GDPR)
Where GDPR/UK-GDPR applies, we rely on the following legal bases:
- Contract performance — to deliver Services and account administration
- Legitimate interests — for service improvement, security, marketing existing customers
- Consent — for marketing to prospects who haven't opted in by another route, for cookie-based advertising tracking, and for voice biometric processing where required
- Legal obligation — for tax, regulatory, and law enforcement responses
4. How We Share Information
4.1 Service providers (sub-processors)
We share information with sub-processors who provide infrastructure and services. Current sub-processors:
| Sub-processor | Purpose | Data location |
|---|---|---|
| HighLevel Inc. | Foundational platform — AI Employee, AI Marketing OS, productized service deployment | United States |
| OpenAI / Anthropic / other LLM providers (as configured by HighLevel) | Underlying AI model inference for AI Employee conversations | United States |
| Maverick Payments + NMI | Internal billing infrastructure for RF subscriptions and one-time charges | United States |
| DATAONE Merchant Services | Customer-facing payment processing for Gap Filler Service (RF refers; customer relationship is with DATAONE) | United States |
| El Toro | IP advertising infrastructure for productized vehicles (e.g., Real Estate IP Advertising Pilot) | United States |
| Extendly | Back-end support — onboarding, customer success, delivery assistance, product creation for ALL accounts | United States |
| CloudFlare | Website and analytics infrastructure | United States |
4.2 Other sharing
- With affiliates: anonymized or aggregated data, plus the specific referral / commission attribution data needed for the Affiliate Program
- With professional advisors: attorneys, accountants, auditors under confidentiality obligations
- With acquirers: if Revenue Factory undergoes a merger, acquisition, or asset sale, personal information may transfer to the acquirer subject to confidentiality and the privacy practices in effect
- For legal compliance: in response to subpoenas, court orders, government requests, or to protect rights, property, or safety
- For aggregated or anonymized analytics: data that does not identify individuals
4.3 Sale of personal information
We do not "sell" personal information for monetary consideration. Some sharing for advertising or analytics purposes may be considered "sale" or "sharing" under state privacy laws (e.g., CCPA/CPRA, FDBR); we describe and provide opt-out controls in Section 6.
5. Cookies and Tracking
See the Cookie Policy at www.revenuefactory.com/cookie-policy for details on cookies, similar technologies, and your choices.
6. Your Privacy Rights (US State Laws Consolidated)
US state privacy laws give you rights to access, correct, delete, and opt out of certain processing of your personal information. We provide these rights to all individuals to the extent practical, regardless of state of residence.
6.1 Your rights
Subject to applicable law, you may:
- (a) Access. Request a copy of personal information we hold about you
- (b) Correct. Request correction of inaccurate information
- (c) Delete. Request deletion (subject to legal retention obligations)
- (d) Portability. Request a portable copy
- (e) Opt out of sale/share. Opt out of sale or sharing (where applicable)
- (f) Opt out of targeted advertising. Opt out of cross-context behavioral advertising
- (g) Opt out of automated decision-making / profiling. Opt out of significant automated decisions
- (h) Sensitive data limit. Limit our use of sensitive personal information (where applicable)
- (i) Non-discrimination. Be free from discrimination for exercising rights
6.2 Major state laws applicable to you
| State / Statute | Rights highlighted | Notes |
|---|---|---|
| California (CCPA / CPRA) | All above + financial incentive disclosures | "Do Not Sell or Share" link required |
| Colorado (CPA) | All above + universal opt-out signal (Global Privacy Control) recognition | We honor GPC signals |
| Connecticut (CTDPA) | All above + universal opt-out recognition | We honor GPC signals |
| Florida (FDBR — Florida Digital Bill of Rights) | All above + specific notice requirements for large in-state businesses | RF is a Florida controller |
| Texas (TDPSA) | All above for "large entity" controllers | |
| Virginia (VCDPA) | All above; impacts assessments for high-risk processing | |
| Utah (UCPA) | Access, deletion, opt-out of sale and targeted advertising | |
| Oregon (OCPA) | All above + biometric data category | |
| Tennessee (TIPA) | All above; voluntary or compelled compliance | |
| Iowa (ICDPA) | Access, deletion, opt-out of sale and targeted advertising | |
| Indiana, Montana, Delaware, New Hampshire, New Jersey, etc. | Various rights as state laws come into effect through 2026-2027 | Track applicable state law |
| Washington (My Health My Data Act) | Specific protections for consumer health data | |
| Illinois (BIPA) | Biometric notice and consent | See Section 8 |
| Texas (CUBI) | Biometric notice and consent | See Section 8 |
6.3 How to exercise your rights
Email success@revenuefactory.com with "Privacy Request" in the subject. We may verify your identity before responding. We aim to respond within 45 days; extensions are permitted where allowed by law.
6.4 Appeals (where applicable state law provides)
If we deny your request, you may appeal by replying to our denial. We will respond within the timeframe required by applicable law.
6.5 Authorized agent
You may use an authorized agent to submit requests. We may verify both your identity and the agent's authority.
7. AI and Automated Decision-Making
Revenue Factory deploys AI Employees and other AI-powered components. The following describes how we and our Customers use AI and what choices you have.
7.1 How we use AI
- AI Employees handle inbound voice, text, and reviews for our Customers' businesses. The AI Employee converses with our Customers' end users (your business's customers, leads, callers).
- AI Marketing OS and AI Marketing Library use AI to generate marketing assets, populate Reference Library documents, and produce Customer Engine outputs based on your inputs.
- Internal AI tooling supports our service delivery, support, and content production.
7.2 What this means for you
- Conversations with an AI Employee may be recorded, transcribed, and analyzed for service improvement
- AI outputs are probabilistic and may contain errors. We apply human review where appropriate. Our Customers are responsible for human oversight of AI outputs that affect their business decisions or their end users' decisions
- We do NOT use Customer Materials or end-user conversation data to train general-purpose AI models offered to other customers. Underlying AI model providers (e.g., model providers integrated through HighLevel) operate under their own data-use terms
7.3 Disclosure of AI interaction
When you interact with an AI Employee (e.g., as a caller to a business that uses our Services), the AI Employee will disclose AI status where required by law. The Customer (the business deploying the AI Employee) is responsible for jurisdiction-appropriate disclosure to its callers.
7.4 Opt-out of significant automated decisions
You may request to opt out of automated decisions that produce legal or similarly significant effects (where required by state law — see Section 6). Most AI Employee uses do not constitute such decisions; many are operational (booking, FAQ, message handling). Submit requests per Section 6.3.
8. Voice Biometric Information
The AI Employee voice capabilities may involve voice recordings and, in some configurations, voice biometric processing.
8.1 What we do
- (a) We record inbound voice calls handled by the AI Employee for service quality, training, and improvement
- (b) We may use voice biometric processing solely for caller authentication or fraud prevention (where configured)
- (c) We do not sell voice biometric information
- (d) We retain voice biometric data only as long as needed for the disclosed purposes
8.2 Your rights under state biometric laws
| State | Statute | Your rights |
|---|---|---|
| Illinois | BIPA | Written notice, written consent before collection, no sale of biometric data, retention schedule disclosure |
| Texas | CUBI | Notice and consent before capture, security obligations, retention limits |
| Washington | RCW 19.375 | Notice and consent before enrollment in commercial database |
To exercise rights, contact us via Section 6.3.
8.3 Two-party consent (Florida and other states)
Florida is a two-party consent state for call recording. When you interact with a business that uses our AI Employee Services, the business should disclose that the call may be recorded. By continuing the call after disclosure, you provide consent under applicable law.
9. Health-Related Information
Where our Customers operate in healthcare verticals (dental practices, chiropractic clinics, optometry, behavioral health, etc.), limited health-related information may be processed by Revenue Factory on the Customer's behalf.
- We do NOT independently hold HIPAA covered entity status
- Where required and where Customer is a Covered Entity, Revenue Factory will enter into a HIPAA Business Associate Agreement
- We apply technical and organizational safeguards consistent with our processor role
- Customer is responsible for HIPAA compliance for its own business and end users
10. Data Retention
We retain personal information only as long as necessary for the purposes disclosed and as required by applicable law.
| Category | Retention |
|---|---|
| Account information | While the account is active + 7 years for tax/audit purposes |
| Billing records | 7 years |
| Communications (support tickets, emails) | 3 years |
| Voice recordings (training quality) | 12 months unless flagged for case-specific review |
| Voice biometric data | As long as needed for the specific purpose, then deleted per applicable law |
| Marketing engagement data | 3 years from last engagement |
| Cookies | See Cookie Policy |
11. Processor Disclosure (where Revenue Factory is a processor for our Customers)
Where end-user data is processed on our Customer's behalf (e.g., the inbound caller to your business is your customer, not ours), Revenue Factory acts as a processor / service provider. The Customer is the controller.
Processor terms are addressed in our Data Processing Agreement www.revenuefactory.com/data-processing-agreement.
End users wishing to exercise rights regarding their personal information held by one of our Customers should contact the Customer directly.
12. International Data Transfers
Revenue Factory is US-based and stores data in the United States. If you are located outside the US, your data is transferred to the US for processing. Where applicable, we rely on:
- (a) Standard Contractual Clauses (SCCs) for EU/UK transfers
- (b) Adequacy decisions where in force
- (c) Other appropriate safeguards as required
See the Data Processing Agreement for details.
13. Security
We apply commercially reasonable technical and organizational measures including:
- (a) Encryption in transit and at rest where supported by the underlying platform
- (b) Access controls and authentication for our team and sub-processors
- (c) Regular security review of vendor practices
- (d) Incident response procedures
We rely on HighLevel and other sub-processors for platform-level security. We do not independently warrant security beyond what the underlying platforms provide. See Security & Compliance Overview (www.revenuefactory.com/security-and-compliance).
14. Children
The Services are not directed to children under 18 and we do not knowingly collect children's information. If we learn we have collected children's information, we will delete it.
15. Changes to This Notice
We may update this Notice. Material changes will be notified at least 30 days in advance via email or website notice. Continued use after the effective date constitutes acceptance.
16. Governing Law
This Notice is governed by Florida law. Disputes will be resolved in Miami-Dade County, Florida (per the Terms of Service dispute resolution provisions).
Contact
Privacy questions or requests:
Email: success@revenuefactory.com (subject: "Privacy Request")
Phone: 786-706-8231
Mail: Fenixlabs.co Inc. dba Revenue Factory, 936 SW 1st Ave. #859, Miami, FL 33130
Web: https://revenuefactory.com