Privacy Policy — Revolution Macro Support

Effective Date: April 7, 2026

Revolution Software LLC (“Company,” “we,” “our,” or “us”) operates the official support website for Revolution Macro at https://support.revolutionmacro.com (the “Support Site”). This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the Support Site.

Separate policies: The Revolution Macro desktop application, web dashboard, backend APIs, and related online services are governed by our main Privacy Policy and Terms of Service. You can find those documents at the links shown in the footer or legal section of https://revolutionmacro.com and https://dashboard.revolutionmacro.com (we refer to these together as the “Main Service” policies). This policy applies only to the Support Site.

This policy does not describe how Discord, Inc. or your email or push providers process information on their own systems. Those providers have their own privacy policies.

1. Data controller

Revolution Software LLC is the data controller for personal data we process through the Support Site.

Contact (general privacy and data subject requests):
Revolution Software LLC
5441 S Macadam Ave, Ste R
Portland, OR 97239, USA
Email: [email protected]

Contact (EEA/UK — DPO or representative inquiries):
Email: [email protected]

2. Information we collect

2(a) Member support session (pseudonymous; no password account)

To use Live support and open tickets, we assign a random session identifier stored in an HttpOnly cookie named rm_member. The cookie value is signed (HMAC) so it cannot be forged. The cookie may last up to 400 days and is refreshed when you use the site (SESSION_MAX_AGE in our application). You do not need a username, password, or third-party login to contact support as a member.

2(b) Ticket and message content

When you open a ticket or send messages, we store records in our PostgreSQL database, including:

  • memberSessionId — links the ticket to your rm_member session.
  • memberHandle — optional display name you choose.
  • subject — optional subject line (free text; may include information you choose to provide).
  • memberEmailoptional; we store it only if you provide an address and opt in to email notifications when staff reply (notifyEmailOnReply).
  • notifyEmailOnReply — whether you asked for email notifications.
  • sourceIpHash — a salted SHA-256 hash of your client IP address, used to correlate tickets from the same network (for example, to auto-close duplicate chats) and for abuse prevention. We do not store your raw IP address on the ticket row.
  • discordForumThreadId — if we enable Discord forum mirroring, the identifier of the forum thread created for your ticket.
  • Messages — each message body; for staff (or messages ingested from Discord), we may store discordUserId, discordUsername, discordAvatar, and displayName, plus discordSourceMessageId for deduplication.
  • Typing indicators — we store actorKey; for members this equals your memberSessionId.

Attachments: The Support Site accepts image (JPEG, PNG, GIF, WebP) and video (MP4, WebM, QuickTime) uploads attached to ticket messages. For each upload we store the file bytes in a private object storage bucket operated by DigitalOcean, LLC (“Spaces,” an S3-compatible service), along with metadata in our PostgreSQL database: the original filename, mimeType, size in bytes, and a link to the owning messageId. When you view an attachment in the chat, our server checks your ticket session or staff access, then either redirects your browser to a short-lived signed URL that allows your browser to load the object directly from DigitalOcean, or streams the file through our application when you choose download. The bucket is not configured for public anonymous listing; object keys are unguessable. Attachments are visible only to you (through the same ticket session) and to authorized staff. Do not upload passwords, payment card numbers, government ID photos, or other highly sensitive content unless we explicitly request it. Attachments follow the same retention rules as the owning ticket and are removed from storage when the ticket is deleted (and our automated maintenance purges old closed tickets).

2(c) Web push subscriptions (optional)

If you opt in to browser push notifications, we store:

  • Your memberSessionId, the push endpoint URL, and the p256dh and auth keys supplied by your browser.

We use this information only to send notifications about your support tickets (for example, when staff reply).

2(d) Staff sign-in (Discord OAuth)

Staff access /staff using Discord OAuth with scopes identify and guilds.members.read. We verify that the user has the configured staff role in our Discord guild.

We set an HttpOnly cookie rm_staff containing a signed JWT (typically 7 days). The token includes the staff member’s Discord user ID (sub), username, display name, and avatar URL derived from Discord’s API.

2(e) Device, diagnostic, and abuse-prevention data

  • Client IP address — read from X-Forwarded-For or X-Real-IP for rate limiting when you create tickets. We may write RateLimitHit rows whose bucket field can contain a string such as new-ticket-ip:<your IP> for up to approximately one hour for per-IP budgets; rows older than seven days are deleted by our maintenance job.
  • Hashed IP — stored on the ticket as sourceIpHash as described above.
  • User-Agent and network metadata — our hosting and edge providers (for example, [INSERT HOSTING PROVIDER] and, if applicable, Cloudflare) process standard HTTP metadata for routing, security, and logging.
  • Product analytics — we do not load third-party analytics scripts (such as Google Analytics, Mixpanel, or Plausible) on the Support Site as of the Effective Date. We do not use Sentry or similar error-reporting SDKs in our application dependencies for end-user tracking.

2(f) Cookies and local storage

Strictly necessary cookies

  • rm_member — signed HttpOnly session cookie; SameSite=Lax; Secure in production; path /; up to 400 days.
  • rm_staff — HttpOnly staff JWT; same flags; 7 days.

Local storage and session storage (non-essential UI state)

  • localStorage.rm_cookie_consent — records that you dismissed the cookie notice.
  • localStorage.rm_support_sessionlegacy key used only for a one-time migration from older storage; it should be cleared after migration.
  • sessionStorage — may store a flag that you dismissed the push-notification prompt.

Our cookie banner states that we use essential cookies for your support session and staff authentication, and no tracking or advertising cookies — consistent with our current implementation.

2(g) Troubleshooting articles

Published articles (title and body) are editorial content, not personal data you submit, unless an article is updated to include information about a specific person (we do not intend to do so).

3. Legal bases for processing (GDPR)

Where GDPR applies, we rely on:

| Processing | Legal basis | |------------|-------------| | Member session, tickets, messages, staff OAuth, cookies needed to run the Support Site | Contract and steps at your request prior to contract | | Hashed IP on tickets, IP-based rate limiting, RateLimitHit rows | Legitimate interests (security, spam prevention), balanced against your rights | | Optional email for replies and web push | Consent (you opt in) | | Discord forum mirroring (when enabled by us) | Legitimate interests (staff collaboration and support quality), disclosed here; message text you send may be copied to our private Discord forum | | Compliance with law | Legal obligation |

4. How we use your information

We use collected information to:

  • Provide Live support, store your conversation, and display it to authorized staff.
  • Send email notifications when staff reply — only if you provided an email and opted in.
  • Send web push notifications — only if you subscribed.
  • Optionally mirror ticket metadata and messages to a private Discord forum so staff can collaborate; when enabled, Discord receives a copy of the content we post.
  • Auto-close tickets that have had no activity for 30 days, and delete closed tickets whose closedAt is older than 30 days (automated maintenance).
  • Prune rate-limit records older than seven days.
  • Operate troubleshooting articles for self-help.
  • Protect the Support Site from abuse and comply with law.

5. Third-party services and sub-processors

We use service providers that process data on our behalf or receive data when you use integrated features:

| Sub-processor / third party | Role | |----------------------------|------| | Discord, Inc. | Staff OAuth; guild role verification; optional forum threads and message sync; avatar CDN | | [INSERT EMAIL PROVIDER] (for example Resend or your SMTP provider) | Transactional email when you opt in to reply notifications | | Browser push services (depends on your browser/OS, e.g. Apple, Google, Mozilla, Microsoft infrastructure) | Delivering push notifications | | Google LLC | Geist fonts via next/font/google — fonts are typically bundled at build time and served from our application; end users may not contact Google directly for font files. If your deployment differs, confirm with engineering. | | [INSERT HOSTING PROVIDER] | Hosting our Next.js application and database | | DigitalOcean, LLC | Private object storage (Spaces) for ticket attachment files (images/videos); short-lived signed read URLs | | Cloudflare, Inc. (if used) | DNS, TLS, or edge services in front of support.revolutionmacro.com | | GitHub Container Registry (or your registry) | Container image distribution for deployment |

We do not use Patreon, payment processors, or consumer AI/LLM APIs on the Support Site for ticket handling as of the Effective Date.

Discord and email/push providers are also independent controllers for data they process under their own terms.

6. Data sharing and sale

  • We do not sell your personal information and do not share it for cross-context behavioral advertising as defined under the California Privacy Rights Act (“CPRA”).
  • We share data with the categories of recipients listed in §5 to operate the Support Site.
  • Discord forum mirroring: When enabled, message text you send through the website may be reposted into our Discord forum. Visibility is limited to Discord users with access to that forum (typically staff), but Discord processes that content on its platform.
  • We may disclose information to law enforcement when required by law or to protect rights and safety.

7. International data transfers

We are based in the United States. If you access the Support Site from outside the United States, your information may be transferred to the United States or other countries where we or our providers operate.

Where GDPR applies and we transfer personal data from the EEA, UK, or Switzerland, we implement appropriate safeguards such as Standard Contractual Clauses (and UK Addendum where relevant). Contact [email protected] for a copy.

8. Data retention

  • rm_member cookie: Up to 400 days from issuance; refreshed on use.
  • rm_staff cookie / JWT: 7 days.
  • Open tickets: Retained while open; automatically closed if inactive for 30 days (no updatedAt activity in that window).
  • Closed tickets: Deleted when closedAt is more than 30 days in the past (same maintenance job). After deletion, we cannot recover your chat history from our primary database. Attachments belonging to a deleted ticket are removed at the same time.
  • RateLimitHit rows: Deleted when older than 7 days (scheduled maintenance). Per-IP buckets for new-ticket limits also delete rows older than one hour during enforcement.
  • Push subscriptions: Removed when you unsubscribe, when endpoints expire, or when no longer valid.
  • Discord: Content mirrored to Discord is retained under Discord’s policies.
  • Server / edge logs: Typically a short rolling window (often on the order of 30 days); confirm with your hosting provider.

9. Your rights (GDPR and similar laws)

Depending on your location, you may have the right to access, correct, delete, restrict, or object to processing, data portability, and to withdraw consent where processing is consent-based. You may lodge a complaint with your local supervisory authority.

Requests: [email protected] — we will respond within 30 days where required by law.

Practical controls:

  • Stop using Live support or clear rm_member in your browser to end the pseudonymous session (you may lose access to existing ticket threads tied to that cookie).
  • Withdraw email notifications by not providing an email or asking us to remove it from the ticket record.
  • Unsubscribe from push in your browser settings.

There is no self-serve “delete all my data” button for members; contact [email protected] for deletion requests. We may need your ticket ID or approximate time of contact to locate records.

10. California privacy rights (CCPA / CPRA)

If you are a California resident, you may have the right to know, delete, and correct personal information, subject to exceptions. We do not sell or share personal information for cross-context behavioral advertising as defined under the CPRA.

Categories we collect on the Support Site may include: identifiers (session UUID, optional email, Discord IDs for staff, hashed IP), customer records (ticket subject and messages), and internet or network activity (IP and User-Agent as processed by infrastructure and rate limiting).

California’s “Shine the Light” law (Civil Code § 1798.83) gives residents the right to request certain information about disclosure of personal information to third parties for their direct marketing. We do not disclose personal information to third parties for their direct marketing as described in that statute.

Requests: [email protected]

11. Data security

We use TLS for data in transit, HttpOnly signed cookies, JWT for staff sessions, salted hashing for ticket IP correlation, and role-gated staff APIs. Staff ticket APIs avoid exposing raw memberSessionId to list views where possible, using derived visitorRef labels instead.

No method of storage or transmission is 100% secure.

12. Children’s privacy

The Support Site is not directed to children under 13, and we do not knowingly collect personal information from children under 13. Revolution Macro is used alongside games that may attract younger audiences; if you are between 13 and 18, use the Support Site only with a parent or guardian. Contact [email protected] if you believe we have collected information from a child under 13.

13. Changes to this policy

We may update this Privacy Policy by posting a new version with a revised Effective Date. For material changes, we will provide additional notice where practicable (for example, on the Support Site or in our Discord).

14. Contact us

Privacy and data rights: [email protected]
EEA/UK inquiries: [email protected]
General support: [email protected]

Mailing address:
Revolution Software LLC
5441 S Macadam Ave, Ste R
Portland, OR 97239, USA