Recv
LoginRequest Access
Trust & Security

Privacy Policy

Learn how we collect, store, secure, and process customer inquiries captured through our script embed tracker and developer REST APIs.

1. Information We Collect

Recv provides a secure, multi-tenant lead capture and form ingestion platform. Depending on how you interact with our platform, we collect the following categories of information:

A. Submissions Captured from External Websites

When your users fill out form elements intercepted by our tracking script widget or submitted directly to our API endpoints, we collect the raw data payloads (e.g. names, email addresses, phone numbers, and any other custom form attributes you configure). We also collect the client IP address (for rate limiting verification) and the HTTP Referer or Origin headers.

B. User Account & Setup Information

To provision your dashboards and login credentials, we store your username, contact email, name, and securely hashed passwords. Additionally, if you activate Two-Factor Authentication (2FA) via TOTP, we store your encrypted 2FA secret key.

2. How We Use Data

We use the information we collect strictly to perform the service operations of our platform:

  • To display incoming customer leads and form submissions within client-scoped tenant dashboards.
  • To authorize incoming form submissions via your client-level global API keys.
  • To enforce website origin restrictions based on your Whitelisted Websites rules.
  • To defend against spam and DDoS attacks by validating IP submission volumes (Rate Limits).
  • To authenticate client users and prevent unauthorized cross-tenant dashboard access.

3. Data Security & Storage

We take the security of your corporate data and form submissions very seriously:

Encryption & Isolation
All data payloads sent to our endpoints are encrypted in transit using SSL/TLS. Tenant databases enforce strict logical isolation, meaning client users are isolated within their own tenant boundaries.
Secured Access Control
Dashboard sessions are verified using secure session tokens. Global API keys are masked by default, and Two-Factor Authentication can be configured to add a secure validation step to your account.

4. Whitelists & Origin Rules

To protect your secret API Key from unauthorized exploitation on third-party domains, clients can configure domain whitelists under the Websites Whitelist settings:

When a domain whitelist is configured, our API gateway cross-references the HTTP Referer or Origin headers of incoming payloads against your authorized list. Submissions originating from any non-whitelisted domain are instantly rejected with a 403 Forbidden code. Leaving the whitelist empty permits submissions from any domain (e.g. for testing environments).

5. Your Privacy Rights

As a tenant client of Recv, you have absolute control over your captured submission history. Through your client portal:

  • You can export complete records of your captured inquiries into CSV reports at any time.
  • You can update pipeline status values or append/edit notes inside your inquiry sheets.
  • Super Administrators can request profiles editing or a complete transactional purge of their client data, which performs a cascading database delete of all associated forms, logins, and inquiry histories.

6. Policy Updates & Contact

We may occasionally modify this Privacy Policy to reflect system updates, feature changes, or legal requirements. Updates will be posted on this page with an adjusted revision timestamp.

For inquiries, policy questions, or to request support regarding client purging actions, please contact the Recv operations team.