Privacy Policy

01 Who We Are

ReviewAI ("we", "our", "us") is an AI-powered review management platform operated by ReviewAI Technologies. We help businesses monitor, manage, and respond to customer reviews across Google, Yelp, TripAdvisor, Facebook, Zomato, and 10+ other platforms.

02 Data We Collect

Information you provide directly

• Account information — Your name, email address, and password when you sign up
• Business information — Business name, category, location, phone number, and website URL
• Payment information — Processed securely by Paddle (international) and Razorpay (India). We do not store your card number or CVV
• Platform credentials — OAuth tokens for Google Business Profile and Facebook when you choose to connect them. We store only the access tokens — never your passwords
• WhatsApp number — Phone number you provide if you opt in to WhatsApp review alerts
• Support communications — Messages and emails you send to our support team

Information collected automatically

• Usage data — Pages you visit, features you use, clicks, and session duration
• Device & browser data — Browser type, operating system, screen resolution, and IP address
• Review data — Customer reviews fetched from your connected platforms, used to generate AI replies and analytics for you
• Log data — Server logs, error reports, and API call records for debugging and security

Information we do NOT collect

• We do not collect sensitive personal data (biometric data, health information, etc.)
• We do not collect data from people who have not signed up for our service
• We do not read your emails or personal Google Account data beyond what is needed for review management

03 How We Use Your Data

• Service delivery — To fetch your reviews, generate AI-powered replies, and display analytics in your dashboard
• Notifications — To send you alerts about new reviews via WhatsApp, email, or in-app notifications (only channels you opt into)
• Payments — To process subscription payments and manage your billing records
• Customer support — To respond to your queries and resolve issues
• Security — To detect fraud, abuse, and unauthorised access to your account
• Service improvement — Aggregated, anonymised usage patterns help us improve features (your personal data is never used to train AI models)
• Legal compliance — To comply with applicable laws and regulations

We do not use your data for advertising, profiling, or selling to third parties. We do not use your review content to train AI models.

04 Google API Data — Detailed Disclosure

When you connect your Google Business Profile to ReviewAI, we access the following Google APIs:

• Google Business Profile API — To read your business reviews, reply to reviews on your behalf, and fetch basic business information
• Google OAuth 2.0 — To authenticate you and obtain your explicit permission before accessing any Google data

What we access and why

• Reviews — Read your Google reviews to display them in your dashboard and generate AI reply suggestions
• Review replies — Post replies to reviews only when you explicitly click "Publish" or enable auto-reply
• Business name & info — Displayed in your dashboard to confirm correct account connection

What we never access

• Your Gmail or personal emails
• Your Google Drive, Calendar, or any personal Google services
• Your Google Ads or financial data
• Any data beyond what you authorise during the OAuth flow

Your Google data is used solely within your ReviewAI account to provide the service you signed up for. We comply fully with the Google API Services User Data Policy.

05 WhatsApp Messaging

If you enable WhatsApp Alerts, we use the Meta WhatsApp Cloud API to deliver review notifications to your phone number. Our use is limited to:

• Sending you notifications about new customer reviews — only if you opt in
• Alert content includes: reviewer name, star rating, review text, and platform name
• We send only the alert types you selected (e.g. negative-only, or all reviews)

We do not use your WhatsApp number for marketing or any unrelated messaging. You can disable WhatsApp alerts or remove your number at any time from Dashboard → Settings → Notifications.

06 Data Sharing & Sub-processors

We share your data only with the service providers listed below, who are contractually obligated to protect it. We do not sell, rent, or share your data with advertisers or data brokers.

• Supabase — Database storage and user authentication (EU data centres, SOC 2 compliant)
• Anthropic (Claude AI) — Review text is sent to generate AI reply suggestions. Anthropic does not train on your data by default
• Paddle — International payment processing (PCI-DSS Level 1 compliant)
• Razorpay — India payment processing (PCI-DSS compliant)
• Cloudflare — Website hosting, CDN, DDoS protection, and Workers runtime
• Meta (WhatsApp Cloud API) — Delivery of WhatsApp review alert messages to your opted-in phone number
• Google & Meta — Receiving and sending data via OAuth when you connect your business accounts

We may also disclose your data if required by law, court order, or to protect our legal rights — and only to the minimum extent necessary.

07 Data Security

We implement industry-standard security measures to protect your data:

• HTTPS / TLS encryption for all data in transit
• Encrypted storage for OAuth tokens and sensitive credentials
• Secret management — API keys stored as encrypted environment secrets, never in source code
• Access controls — Least-privilege access; our team cannot read your review data except for security investigations with your permission
• Monitoring — 24/7 automated monitoring for anomalies and potential security incidents
• Cloudflare protection — DDoS mitigation, WAF (Web Application Firewall), and bot protection

While we take security seriously, no system is 100% infallible. In the event of a data breach that affects your personal information, we will notify you within 72 hours where required by law.

08 Data Retention

• Active accounts — We retain your data for as long as your account is active
• After cancellation — Personal data is deleted within 30 days of account closure, upon your request
• Billing records — Payment and invoice records are retained for 7 years as required by Indian tax law
• Review data — Cached review data is cleared within 30 days of account deletion
• OAuth tokens — Revoked immediately upon disconnection or account deletion

You may request deletion of your account and data at any time by emailing security@autoreviewlab.com or using our Data Deletion Request page.

09 Your Rights

You have the following rights regarding your personal data:

• Access — Request a copy of the personal data we hold about you
• Correction — Update or correct inaccurate information in your account settings or by contacting us
• Deletion — Request deletion of your account and all associated personal data
• Portability — Request your data in a machine-readable format (CSV/JSON)
• Restriction — Request that we restrict processing of your data in certain circumstances
• Opt-out — Unsubscribe from marketing communications at any time using the unsubscribe link in emails
• Revoke Google access — Disconnect your Google account at any time from Dashboard → Settings → Integrations or via your Google Account permissions page

To exercise any of these rights, email security@autoreviewlab.com. We will respond within 30 days.

10 Cookies & Tracking

• Essential cookies — Required for login sessions and security (cannot be disabled)
• Preference cookies — Remember your settings and dashboard preferences
• Analytics — We use anonymised, aggregate usage data to improve our platform. No personal identifiers are used in analytics

We do not use third-party advertising cookies, tracking pixels, or social media trackers. You can control or delete cookies through your browser settings. Disabling essential cookies may prevent you from logging in.

11 Third-Party Links

Our website and dashboard may contain links to third-party websites (Google, Facebook, Yelp, etc.). We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies before providing any personal information.

12 Children's Privacy

ReviewAI is a business software platform intended for use by adults aged 18 and above. We do not knowingly collect personal data from children under 18. If you believe a minor has provided us data, please contact us immediately at security@autoreviewlab.com and we will promptly delete it.

13 Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023. Any disputes arising from this policy shall be subject to the exclusive jurisdiction of courts in North 24 Parganas, West Bengal, India.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Sending an email notification to your registered email address
• Displaying a prominent notice in your dashboard
• Updating the "Last updated" date at the top of this page

Continued use of ReviewAI after the effective date of any changes constitutes your acceptance of the updated policy.

15 Contact Us

For any privacy-related questions, data requests, or concerns, please contact our Privacy Team: