Privacy Policy

This Privacy Policy applies to all users of ReviewReply, including restaurant owners and their teams based in the United Kingdom and United States. We operate in compliance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and the California Consumer Privacy Act (CCPA).

By using ReviewReply, you agree to the collection and use of information as described in this policy.

Account Information: When you register, we collect your name, email address, phone number (optional), and password.

Business Information: Details about your restaurant(s) including business name, address, and Google Business Profile data.

Google Review Data: We access and store review content, reviewer names, ratings, and photos from your connected Google Business Profile.

Payment Information: Billing details are processed and stored securely by Stripe. We never store your full card details on our servers.

Usage Data: How you interact with our platform — pages visited, features used, actions taken.

Technical Data: IP address, browser type, device information, and cookies.

We use your data to:

• Provide and maintain the ReviewReply service
• Process your subscription payments securely via Stripe
• Generate AI-powered review replies on your behalf
• Send service notifications, billing alerts, and product updates
• Analyse usage to improve our platform
• Respond to support requests
• Comply with legal obligations

We will never use your data for advertising, sell it to third parties, or use it for any purpose beyond providing our service.

We share your data only with trusted service providers who help us deliver our platform:

• Stripe — Payment processing (UK/US)
• Google — Business Profile API integration
• Groq / Anthropic — AI reply generation (review content only, not personal data)
• Hosting providers — Secure cloud infrastructure

All third-party providers are contractually required to protect your data and only use it for the purposes we specify.

We do not sell your personal data to any third party, ever.

We use essential cookies to keep you logged in and make our platform work correctly. We also use analytics cookies (with your consent) to understand how our platform is used and improve it.

You can manage your cookie preferences at any time. See our Cookie Policy for full details.

We retain your personal data for as long as your account is active. When you delete your account:

• Account data is deleted within 30 days
• Review data and reply history is deleted within 30 days
• Billing records are retained for 7 years (legal requirement)
• Anonymised analytics data may be retained indefinitely

UK/EU users (GDPR): You have the right to access, correct, delete, or restrict processing of your personal data. You may also request data portability or object to processing.

California users (CCPA): You have the right to know what personal information we collect, request deletion, and opt-out of data sales (we don't sell data).

To exercise any of these rights, contact us at privacy@reviewreply.com. We will respond within 30 days.

We use industry-standard security measures including:

• SSL/TLS encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Regular security audits and penetration testing
• Secure, access-controlled data centres
• Multi-factor authentication options

Despite our best efforts, no method of internet transmission is 100% secure. We encourage you to use a strong, unique password for your ReviewReply account.

ReviewReply is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

For privacy-related questions or to exercise your rights:

• Email: privacy@reviewreply.com
• Support: reviewreply.com/contact

We take privacy seriously and will respond to all enquiries within 30 days.