Privacy Policy
Last updated: January 2026
1. Data Controller
Hello Emma AB ("we", "us", or "our") is the data controller responsible for your personal data. We are registered in Sweden and operate in accordance with the EU General Data Protection Regulation (GDPR).
Contact Information
Hello Emma AB
Stockholm, Sweden
Email: privacy@hellorevenue.me
2. What Data We Collect
We collect the following types of personal data:
- Account information: Email address, name (if provided)
- Product data: URLs and content you submit for analysis
- Usage data: How you interact with our service, features used, session duration
- Payment information: Processed securely through Stripe; we do not store card details
- Technical data: IP address, browser type, device information
3. How We Use Your Data
We process your personal data for the following purposes:
- To provide and improve our marketing campaign generation service
- To process payments and manage your account
- To send service-related communications
- To send marketing communications (only with your consent)
- To analyze and improve our service
- To comply with legal obligations
4. Legal Basis for Processing
Under GDPR, we process your data based on:
- Contract: Processing necessary to provide our services to you
- Consent: For marketing communications and newsletter subscriptions
- Legitimate interest: To improve our services and prevent fraud
- Legal obligation: To comply with applicable laws and regulations
5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
- Account data: Until you delete your account, plus 30 days
- Campaign data: 2 years from creation, or until account deletion
- Payment records: 7 years (Swedish accounting requirements)
- Marketing consent: Until withdrawn
6. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Right of access: Request a copy of your personal data
- Right to rectification: Request correction of inaccurate data
- Right to erasure: Request deletion of your personal data
- Right to restrict processing: Request limitation of how we use your data
- Right to data portability: Receive your data in a structured, machine-readable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw consent at any time for consent-based processing
To exercise these rights, contact us at privacy@hellorevenue.me. We will respond within 30 days.
7. Cookies
We use cookies and similar technologies to:
- Keep you signed in
- Remember your preferences
- Understand how you use our service
- Improve performance
You can control cookies through your browser settings. Note that disabling cookies may affect service functionality.
8. Third-Party Services
We use the following third-party services that may process your data:
- Stripe: Payment processing (US, EU SCCs in place)
- OpenRouter/AI providers: AI-powered campaign content generation. We send only user-provided product information (name, description, website URL, target audience, pricing) to generate marketing content. We do NOT send personal identifiers, email addresses, or any data obtained from Google APIs or other connected ad platforms to AI services.
- Vercel: Hosting and infrastructure (US, EU data region available)
We ensure all third-party processors comply with GDPR through appropriate agreements and safeguards.
9. Ad Platform Integrations (Google Ads & Meta Ads)
Hello Revenue allows you to deploy marketing campaigns directly to your advertising accounts on Google Ads and Meta (Facebook/Instagram) Ads. When you connect these accounts, we access them through OAuth 2.0 authentication. This section explains how we handle your ad platform data.
Data We Access:
- Google Ads: Your Google Ads account list and customer IDs; ability to create campaigns, ad groups, keywords, and responsive search ads on your behalf
- Meta Ads: Your Meta ad accounts and Facebook Pages; ability to create campaigns, ad sets, and ads on your behalf
How We Use This Data:
- To deploy marketing campaigns you've built in Hello Revenue to your ad accounts
- Campaigns are always created in PAUSED status, giving you full control before going live
- We do NOT access your billing information, payment methods, or historical spend data
- We do NOT run campaigns or spend your advertising budget without your explicit action
Data We Store:
- OAuth access and refresh tokens (securely encrypted)
- Your selected ad account ID and account name
- For Meta: your selected Facebook Page ID
- We do NOT store your ad platform passwords or billing information
Data Sharing:
- We do NOT sell, rent, or share your ad platform data with third parties
- Your ad account data is used solely to provide our campaign deployment service
- Campaign content you create is sent only to your connected ad accounts
Data Segregation & AI Services:
Hello Revenue uses AI services (via OpenRouter) to generate marketing campaign content. We maintain strict architectural separation between Google API data and AI processing:
- Google API data is NEVER sent to AI services. Your Google Ads account information, customer IDs, OAuth tokens, and any data retrieved from Google APIs is never transmitted to, processed by, or shared with any AI or machine learning service.
- AI services only process user-provided content. Our AI-powered campaign generation uses only the information you directly provide: your product name, description, website URL, target audience, and pricing. This data comes from your input, not from Google APIs.
- Separate data flows by design. Google data flows exclusively between Hello Revenue and Google APIs for campaign deployment. AI data flows exclusively between Hello Revenue and AI services for content generation. These systems are architecturally isolated and do not share data.
- No AI training on your data. We do not use Google user data, or any data obtained through Google APIs, to train, improve, or develop AI or machine learning models.
Revoking Access:
- You can disconnect your ad accounts at any time from your Hello Revenue settings
- Google Ads: Revoke access at myaccount.google.com/permissions
- Meta Ads: Revoke access at Facebook Settings → Business Integrations
Google API Services User Data Policy
Hello Revenue's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
10. International Transfers
Some of our service providers are located outside the EU/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Other approved transfer mechanisms under GDPR
11. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Encryption in transit (TLS) and at rest
- Access controls and authentication
- Regular security assessments
- Employee training on data protection
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through our service. The "Last updated" date at the top indicates when the policy was last revised.
13. Complaints
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):
Supervisory Authority
Integritetsskyddsmyndigheten (IMY)
Box 8114, 104 20 Stockholm
Sweden
Website: imy.se
14. Contact Us
For any questions about this Privacy Policy or our data practices, please contact us:
Email: privacy@hellorevenue.me