Privacy Policy — ReviewReply AI

1. Who We Are

ReviewReply AI is operated by Stanley Grzibovskis, based in Canterbury, United Kingdom. We are the data controller for your personal data. Contact: stan.evodek@gmail.com

2. What Data We Collect

Account data: name, email address, password hash.

Business data: business name, type, location, tone preferences.

Google data: when you connect Google Business Profile, we access your business reviews (reviewer name, rating, review text) and the ability to post replies. We do not access any other Google data.

Usage data: pages visited, features used, generated responses.

Payment data: processed by Stripe. We do not store your card details.

3. Why We Collect It (Legal Basis)

Contract performance: to provide the Service you signed up for.

Legitimate interests: to improve the Service, prevent fraud, communicate with you about your account.

Consent: for marketing emails (you can unsubscribe at any time).

4. How We Use Your Data

We use your data to: provide AI-generated review responses; manage your account and subscription; send transactional emails (verification, welcome, notifications); improve the Service.

Review text is sent to our AI provider (Anthropic) to generate responses. Anthropic does not store or use this data for training purposes.

5. Who We Share Data With

Anthropic (Claude API): review text is sent for AI processing. Subject to Anthropic's data usage policy — they do not train on API data.

Google: approved replies are posted to your Google Business Profile on your behalf.

Stripe: payment processing. Subject to Stripe's privacy policy.

We do not sell your data to any third parties. We do not share your data for advertising purposes.

6. Data Retention

We retain your data for as long as your account is active. If you delete your account, all personal data is deleted within 30 days. Anonymised usage data may be retained for analytics.

7. Your Rights (UK GDPR)

Under UK data protection law, you have the right to:

Access — request a copy of your personal data
Rectification — correct inaccurate data
Erasure — request deletion of your data
Portability — receive your data in a machine-readable format
Object — object to processing based on legitimate interests
Withdraw consent — for marketing communications at any time

To exercise any of these rights, email stan.evodek@gmail.com. We will respond within 30 days.

8. Data Security

We use industry-standard security measures: encrypted connections (HTTPS/TLS), secure password hashing, access controls, and regular security reviews. However, no system is 100% secure.

9. International Transfers

Your data may be processed by Anthropic (US) and Stripe (US). Both companies are certified under appropriate data transfer mechanisms. We ensure adequate safeguards are in place.

10. Cookies

We use essential cookies only — session cookies to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. See our Cookie Policy for details.

11. Changes

We may update this Privacy Policy from time to time. Significant changes will be communicated via email.

12. Complaints

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk

13. Contact

Email: stan.evodek@gmail.com
Location: Canterbury, Kent, United Kingdom