Privacy Policy

ReviewRx ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Google Business Profile management service ("Service"). By using the Service, you consent to the practices described in this policy.

We collect the following categories of information: Account Information • Business name, owner name, email address, and phone number provided during registration • Billing information processed by our payment provider (Stripe) Google Business Profile Data • Reviews and ratings received on your Google Business Profile • Profile performance metrics (views, searches, actions) • Review response history Usage Data • Pages visited, features used, and actions taken within the Service • Device type, browser type, and IP address • Log data and error reports We do not collect protected health information (PHI), patient data, or any information about your clients or patients.

We use your information to: • Provide and operate the Service, including generating AI review responses and profile content • Process payments and manage your subscription • Send service-related communications (onboarding, weekly reports, alerts) • Analyze usage patterns to improve the Service • Respond to your inquiries and provide customer support • Comply with legal obligations We do not use your information for advertising or sell it to third parties.

Our AI systems process your Google review data to generate appropriate responses. This processing: • Occurs on secure servers within the United States • Does not involve sharing your data with other customers • Is designed to avoid generating or processing protected health information • May use anonymized, aggregated data to improve our AI models You retain full control over AI-generated content and can review, edit, or reject any response before it is published.

We share your information only in the following circumstances: Service Providers • Stripe for payment processing • Supabase for database hosting • Google APIs for Business Profile integration • Resend for transactional email delivery These providers are contractually obligated to protect your information and use it only to provide their services to us. Legal Requirements We may disclose your information if required by law, court order, or governmental regulation, or to protect our rights, property, or safety. Business Transfers In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We implement industry-standard security measures to protect your information: • All data is encrypted in transit (TLS 1.2+) and at rest (AES-256) • OAuth tokens for Google access are stored securely and encrypted • Access to production systems is restricted and logged • We conduct regular security reviews of our infrastructure No method of transmission or storage is 100% secure. We cannot guarantee absolute security but take reasonable steps to protect your data.

We retain your information for as long as your account is active or as needed to provide the Service. Upon account cancellation: • Your account data is retained for 30 days to allow for reactivation • After 30 days, personal data is permanently deleted from our active systems • Anonymized, aggregated data may be retained indefinitely for analytics • Backup copies may persist for up to 90 days before automatic deletion You may request immediate deletion of your data at any time by contacting us.

Depending on your jurisdiction, you may have the following rights: • Access: Request a copy of the personal data we hold about you • Correction: Request correction of inaccurate personal data • Deletion: Request deletion of your personal data • Portability: Request your data in a portable format • Objection: Object to certain processing of your personal data • Restriction: Request restricted processing of your personal data To exercise any of these rights, contact us at jonahenoc@gmail.com. We will respond within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act: • Right to know what personal information is collected, used, and shared • Right to delete personal information • Right to opt out of the sale of personal information (we do not sell your data) • Right to non-discrimination for exercising your privacy rights To submit a request, contact us at jonahenoc@gmail.com.

We use minimal cookies necessary for the Service to function: • Authentication cookies to keep you logged in • Preference cookies to remember your settings We do not use advertising cookies, tracking pixels, or third-party analytics that track you across websites.

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

The Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will delete it promptly.

Your information is processed and stored in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States, which may have different data protection laws than your jurisdiction.

We may update this Privacy Policy from time to time. Material changes will be communicated via email to the address on your account. The "Last updated" date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

For questions, concerns, or requests regarding this Privacy Policy, contact us at: ReviewRx Email: jonahenoc@gmail.com