Privacy Policy

1. Who We Are

RevenuePeak is a Texas-based business intelligence platform operated by RevenuePeak LLC ("RevenuePeak," "we," "us," or "our"). We provide access to publicly available Texas hotel occupancy tax revenue data organized and presented for research, market analysis, and business intelligence purposes.

This Privacy Policy explains how we collect, use, and protect your personal information when you use RevenuePeak at revenuepeak.com.

2. Data We Collect

We collect the following categories of personal information:

Information you provide directly:

• Name — provided at registration
• Email address — used for account creation, verification, and system communications
• Password — stored as a bcrypt hash; we never store your plain-text password

Information collected automatically:

• Search activity — hotel names, cities, and zip codes you search within the platform
• Hotel views — which hotel detail pages you open
• IP address — logged with contact form submissions for spam prevention
• Browser type and device information — collected passively via standard web server logs
• Usage data — pages visited, features used, timestamps of activity
• Local storage data — your watchlist, recent searches, and consent preferences stored locally in your browser

We do not collect payment information. RevenuePeak is currently a free service.

3. How We Use Your Data

We use the information we collect for the following purposes:

• Account management — creating your account, verifying your email address, and enabling login
• System communications — sending email verification links and password reset emails
• Marketing communications — sending product updates and news, but only if you explicitly opted in during registration. You may unsubscribe at any time via the link in any marketing email.
• Service improvement — understanding how users navigate and use the platform to improve features and performance
• Internal analytics — aggregated, non-identifiable usage patterns reviewed by administrators
• Security and fraud prevention — detecting and preventing unauthorized access or abuse

We do not use your data for targeted advertising. We do not sell your personal information.

4. Hotel Revenue Data

This data includes hotel names, addresses, revenue figures, room counts, and taxpayer-of-record information sourced from Hotel Occupancy Tax (HOT) filings under Texas Tax Code Chapter 156. Any corrections to underlying filings must be directed to the Texas Comptroller's Office.

5. Your Rights Under Texas Law (TDPSA)

The Texas Data Privacy and Security Act (TDPSA, HB 4, effective July 1, 2024) provides Texas residents with the following rights regarding their personal data:

• Right to know — you may request confirmation of whether we process personal data about you and what categories we hold
• Right to access — you may request a copy of the personal data we hold about you
• Right to correct — you may request correction of inaccurate personal data we hold about you
• Right to delete — you may delete your account at any time by clicking "Delete account" in the app header, or by emailing us. Deletion removes your name, email, password, and activity history. Deletion requests apply to your personal account data only. Hotel revenue data displayed on RevenuePeak is sourced from Texas Comptroller public records and is not your personal data — it exists independently of your account and is not subject to deletion requests from platform users. Hotel operators seeking to dispute data accuracy may contact us at admin@revenuepeak.com.
• Right to opt out of sale — we do not sell personal data, so this right is automatically satisfied
• Right to opt out of profiling — we do not use personal data for profiling to produce legal or similarly significant effects

How to submit a request: Email us at admin@revenuepeak.com with your name, email address on file, and a description of your request. We will respond within 45 days. If we need additional time, we will notify you within the initial 45-day period and may extend our response by up to 45 additional days.

We may need to verify your identity before processing your request. We will not discriminate against you for exercising these rights.

6. Cookies and Local Storage

RevenuePeak uses browser local storage (not traditional cookies) to store the following data on your device:

• Authentication token — keeps you signed in between sessions
• User profile — your name and user ID for personalized greetings
• Recent searches — up to 5 hotels you've recently viewed, for convenience
• Watchlist — hotels you've saved using the ☆ Save feature
• Consent preference — whether you've acknowledged our local storage notice

All local storage data is stored only on your device and is cleared when you log out or clear your browser data. We do not use third-party tracking cookies or advertising cookies.

7. Data Security

We take reasonable technical and organizational measures to protect your personal information:

• Password hashing — all passwords are hashed using bcrypt (10 rounds) before storage. Plain-text passwords are never stored or logged.
• Encrypted connections — all data transmitted between your browser and our servers is encrypted using HTTPS/TLS.
• Rate limiting — authentication endpoints are rate-limited to prevent brute-force attacks.
• Access controls — administrative access requires separate credentials and is session-limited.

No method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. Data Retention

• Account data — retained while your account is active
• Activity logs — search and usage activity retained for up to 12 months for service improvement
• Deleted accounts — upon a valid deletion request, account data is removed from active systems within 30 days. Residual copies in backups are overwritten within 90 days.

Contact form submissions are retained for up to 24 months to maintain a record of support interactions.

9. Third Parties

We do not sell, rent, or share your personal information with third parties for their marketing purposes. We use the following service providers who may receive limited personal data solely to perform services on our behalf:

• Resend (resend.com) — email delivery service. Receives your email address, first name, and last name to send transactional emails (verification, password reset) and, if you opted in, marketing emails. Resend is bound by its own privacy policy and data processing terms.
• Railway (railway.app) — cloud hosting provider. Hosts our servers and database. Your account data is stored on Railway's infrastructure in the United States.

We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of RevenuePeak, our users, or the public.

10. Children

RevenuePeak is not directed at children under the age of 13 and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at admin@revenuepeak.com and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where appropriate, by sending a notification to the email address associated with your account at least 30 days before the change takes effect.

Your continued use of RevenuePeak after any changes constitutes your acceptance of the updated policy.

12. Contact Us

For privacy-related requests or questions about this policy:

• Email: admin@revenuepeak.com
• Online: revenuepeak.com/contact

We will respond to privacy requests within 45 days.