ReviewReplyReviewReplyBack to home

Privacy Policy

Last updated: March 17, 2026

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Full name
  • Password (stored in hashed form — we never see or store your plaintext password)
  • Profile photo (if you sign up via Google)

1.2 Google Business Profile Data

When you connect your Google Business Profile, we access the following through Google's official OAuth 2.0 authorization:

  • Your Google Business Profile account identifiers
  • Business location names, addresses, and phone numbers
  • Customer reviews (reviewer name, star rating, review text, timestamps)
  • Review reply content (posted by ReviewReply on your behalf)

We request only the minimum permissions necessary to read reviews and post replies. We do not access your Google Ads, Google Analytics, Gmail, Google Drive, or any other Google service.

1.3 Payment Information

We use Stripe to process payments. Your credit card number, billing address, and payment details are collected and stored directly by Stripe. We never see, store, or have access to your full card number. We receive only:

  • Last four digits of your card
  • Card brand (Visa, Mastercard, etc.)
  • Billing email
  • Stripe customer and subscription identifiers

1.4 Usage Data

We automatically collect:

  • Pages visited within the Service
  • Feature usage patterns (e.g., locations enabled, replies generated)
  • Browser type, device type, and operating system
  • IP address
  • Timestamps of account activity

1.5 AI-Generated Content

When our AI generates a review reply on your behalf, we store:

  • The original review text (received from Google)
  • The AI-generated reply text
  • The AI model used and generation metadata
  • Whether the reply was posted, deleted, or failed

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Connect to your Google Business Profile and read incoming reviews
  • Generate AI-powered review replies in your configured brand tone
  • Post replies to Google on your behalf automatically
  • Process payments and manage your subscription
  • Display review history, analytics, and metrics in your dashboard
  • Send transactional emails (account confirmation, trial expiry reminders, billing receipts, service alerts)
  • Detect and prevent fraud, abuse, or unauthorized access
  • Improve and optimize the Service

We do not use your data to:

  • Train AI models (your reviews and replies are not used as training data)
  • Serve advertisements
  • Sell or rent your personal information to third parties
  • Contact you with unsolicited marketing (unless you opt in)

3. How We Share Your Information

We do not sell your personal information. We share data only with the following categories of third parties, solely to operate the Service:

3.1 Service Providers

  • Supabase — Database hosting, authentication, and backend infrastructure
  • Vercel — Application hosting and deployment
  • Google Cloud Platform — Google Business Profile API access and Pub/Sub messaging infrastructure
  • Anthropic — AI language model provider (receives review text to generate replies; does not retain your data for training)
  • Stripe — Payment processing and subscription management

3.2 Google

When we post a reply on your behalf, the reply content is submitted to Google and becomes publicly visible on Google Maps associated with your business listing. This is the core function of the Service and occurs only with your authorization.

3.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

3.4 Business Transfers

If ReviewReply is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.

4. Data Storage and Security

4.1 Where We Store Data

Your data is stored on servers operated by Supabase (hosted on AWS infrastructure). Google OAuth tokens are encrypted at rest using AES-256-GCM encryption before being stored in our database.

4.2 Security Measures

We implement industry-standard security practices including:

  • Encryption of sensitive data at rest (OAuth tokens, credentials)
  • Encryption of data in transit (TLS/HTTPS on all connections)
  • Row-Level Security (RLS) policies ensuring users can only access their own data
  • Secure OAuth 2.0 flows for Google Business Profile authorization
  • Regular security reviews and dependency updates

4.3 Retention

We retain your data for as long as your account is active. If you delete your account:

  • Your profile, locations, brand settings, and review history are permanently deleted within 30 days
  • Google OAuth tokens are immediately revoked and deleted
  • Stripe retains payment records independently as required by financial regulations
  • Replies already posted to Google remain on Google Maps (you can delete them before closing your account)

5. Your Rights and Choices

5.1 Access and Portability

You can view all data we hold about you directly in your ReviewReply dashboard, including your locations, reviews, replies, and account settings.

5.2 Correction

You can update your profile information and brand tone settings at any time through the dashboard.

5.3 Deletion

You can delete your account at any time from the Account Settings page. This will:

  • Permanently delete your profile, locations, settings, and review history from our database
  • Revoke Google Business Profile access
  • Cancel your Stripe subscription

5.4 Disconnect Google

You can disconnect your Google Business Profile at any time, which immediately stops all auto-replies and revokes our access to your Google account. You can also revoke access directly from your Google Account permissions at myaccount.google.com/permissions.

5.5 Pause Auto-Replies

You can pause auto-replies globally or per location at any time without deleting your account or disconnecting Google.

5.6 Delete Individual Replies

You can delete any individual AI-generated reply from your dashboard, which removes it from Google Maps immediately.

6. Cookies and Tracking

We use essential cookies required for the Service to function (authentication session cookies). We do not use advertising cookies or third-party tracking cookies.

If we introduce analytics tools in the future, we will update this policy and provide opt-out options.

7. Children's Privacy

ReviewReply is a business tool and is not intended for use by individuals under the age of 18. We do not knowingly collect information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

8. International Data Transfers

Your data may be processed in countries other than your country of residence, including the United States, where our infrastructure providers operate. By using the Service, you consent to the transfer of your information to these countries, which may have different data protection laws than your jurisdiction.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will send an email notification to the address associated with your account.