Privacy Policy
Last updated: March 19, 2026
1. Overview
ConversionSignal is a franchise conversion intelligence platform built by RevSpark Media LLC. This Privacy Policy explains how we collect, use, and protect information in connection with the ConversionSignal platform and conversionsignal.io.
2. What We Process
ConversionSignal processes the following categories of data on behalf of our franchise clients:
- Pre-appointment customer conversations: SMS, email, and call interactions between prospective customers and franchise booking staff. These are commercial marketing interactions that occur before any service relationship is established.
- Ad performance data: campaign metrics from Meta (Facebook/Instagram) and Google ad accounts connected by our clients.
- Appointment and booking data: scheduling data from GoHighLevel (GHL) including booking timestamps and appointment status.
- Conversation quality scores: derived metrics calculated by ConversionSignal's analysis engine from customer conversation data.
3. What We Do NOT Process
ConversionSignal expressly does not access, store, analyze, or transmit:
- × Medical records, diagnoses, treatment plans, or clinical notes
- × Lab results, test results, or prescription information
- × Any data generated after a patient-provider or client-provider relationship is established
- × Social Security Numbers or government-issued ID numbers
- × Payment card numbers or financial account information
4. HIPAA Position
ConversionSignal's platform processes pre-appointment customer conversations, commercial marketing interactions that occur before any clinical or service relationship is established. It is our position that this data does not constitute Protected Health Information (PHI) as defined under HIPAA. Clients with specific HIPAA compliance requirements should consult qualified healthcare compliance counsel.
5. Data Isolation
Each client's data is stored in an isolated environment. No client can access another client's data. Aggregated insights used to improve platform-wide intelligence are fully anonymized and do not contain any individually identifiable information.
6. AI Output Controls
The ConversionSignal AI interface is configured to return only aggregated, anonymized network insights. Individual contact information, names, phone numbers, or email addresses are never returned by the AI interface regardless of how queries are framed. Output filtering is applied at the API layer to enforce this.
7. Data Security
All data is transmitted over HTTPS/TLS encryption. API credentials are stored as encrypted environment variables. Access to client data requires authentication. Role-based access controls limit data visibility by user type.
8. Subprocessors
ConversionSignal uses the following subprocessors:
| Subprocessor | Purpose | Location |
|---|---|---|
| Vercel | Platform hosting | USA |
| Upstash | Data cache layer | USA |
| Anthropic | AI language model | USA |
| Deepgram | Call transcript processing | USA |
| Meta Platforms | Ad account data access | USA |
| Ad account data access | USA |
9. Data Retention
Client data is retained for the duration of the service engagement plus 30 days following termination. Clients may request deletion of their data at any time.