Privacy Policy

We are an anomaly-detection product, not an advertising product. We do not sell your data, share it with data brokers, or use it for any purpose other than running Revenue Hawk for you. Customer personally-identifiable information is hashed or redacted before we send anything to a language model.

• The email address you sign up with, used as your account identifier and the fallback delivery address for alerts.
• Your Slack workspace ID and Discord user ID, if you connect those channels, used only to deliver alerts.
• Your subscription status from Stripe Billing (trial, active, past due, cancelled), used to gate access.
• Operational logs of your interactions with the product (page views, OAuth callbacks, alert deliveries), used to debug and improve the service.

When you connect Stripe via Stripe Connect, we receive an OAuth token that grants us access to your Stripe data. We use this token to read:

• Charges, refunds, and disputes
• Subscriptions and invoices
• Customers (including their email, country, coupon usage)
• Webhook events for the above object types

We never receive or store your Stripe secret API keys. You can revoke our access at any time from the Settings page in Revenue Hawk, or from Stripe Dashboard → Settings → Connected Apps. Revocation is immediate.

We compute statistical baselines from your billing history (refund rates, payment failure rates, MRR, churn, signup patterns), detect anomalies relative to those baselines, and use a language model to write a 2-3 sentence explanation of each anomaly. The explanation is sent to your configured Slack, Discord, or email channel.

We also use the data to operate the service: serving the web app, sending transactional emails (trial expiration, payment failure), and processing your subscription.

Before any data is sent to our language model provider (Anthropic), we redact or hash all customer personally-identifiable information: email addresses, names, payment-method details, and customer IDs. The language model sees aggregated patterns (e.g., “a coupon code accounting for 5x normal usage”) rather than individual customer records. We never send raw customer data to a third-party language model.

Your account and webhook data are stored in PostgreSQL hosted by Supabase, region us-east-1 in the United States. Background jobs run on Inngest. The web application is deployed on Vercel. Operational metrics may flow through Sentry. Email is sent via Resend.

We retain your billing data, anomaly events, and alerts for as long as your account is active. If you disconnect Stripe, monitoring pauses immediately and your billing data is retained for 30 days and then purged, in case you reconnect. If you cancel your account, you can request full deletion by emailing contact@codiak.ai; we will delete your data within 30 days of the request.

We rely on the following processors to run the service:

• Anthropic — language model API; sees redacted anomaly context only
• Stripe — Connect for accessing your billing data; Billing for your subscription to Revenue Hawk
• Supabase — database and authentication
• Vercel — application hosting
• Inngest — background job processing
• Resend — transactional email delivery
• Slack and Discord — alert delivery (only if you connect those channels)
• Sentry — error monitoring (optional)

You can access, correct, or delete your account data at any time. Email contact@codiak.ai to request access or deletion. EU and California residents have additional rights under GDPR and CCPA respectively; we will honor those requests on a best-effort basis appropriate to a v0 product.

We use a single session cookie issued by Supabase Auth to keep you signed in. We do not use third-party analytics, ad pixels, or tracking cookies.

Revenue Hawk is intended for use by businesses. We do not knowingly collect data from anyone under the age of 16.

We may update this policy as the product evolves. We will update the “Last updated” date at the top of this page; material changes will also be communicated by email to active subscribers.

CODIAK INC, a Delaware corporation. Questions about this policy, requests to access or delete data, and any privacy concerns: contact@codiak.ai.