ReviewBot
Privacy Policy
Last updated: April 2026
ReviewBot is committed to protecting your privacy. All personal data is encrypted using AES-256 encryption before storage. We collect only what is necessary to provide the service.
Who we are
ReviewBot is operated as a sole trader business based in the United Kingdom. Our contact email is yourreviewbot.app@gmail.com.
What data we collect
We collect only the minimum data required to provide the service:
- Business name and type
- Your email address
- Your preferred tone of voice for responses
- A Google OAuth token (to access your Google Business Profile reviews)
- Review text and reviewer names from your Google Business Profile (AES-256 encrypted, stored temporarily to generate and send approval emails)
- Your chosen subscription plan
- Your email address if you join our waitlist (stored with your explicit consent, deleted immediately on unsubscribe)
We do not collect payment card details — these are handled directly by Stripe.
How we use your data
Your data is used solely to:
- Monitor your Google Business Profile for new reviews
- Generate AI-drafted responses in your voice
- Send you approval emails when new reviews are detected
- Post approved responses to Google on your behalf
We never sell, share, or use your data for any other purpose.
How we store your data
All personal data is encrypted using AES-256 encryption before being stored in our database. This means that even with direct database access, your data appears as unreadable ciphertext. The encryption key is stored separately from the database.
Data is stored in a PostgreSQL database hosted by Railway (railway.app), a SOC 2 Type II certified infrastructure provider based in the United States. Data is transmitted over SSL/TLS encrypted connections.
Third-party processors
We use the following third-party services to operate ReviewBot:
- Railway (railway.app) — hosting and database infrastructure
- Stripe (stripe.com) — payment processing and subscription management
- Google (google.com) — Google Business Profile API access
- Anthropic (anthropic.com) — AI response generation (review text is processed but not stored by Anthropic)
- Gmail API — sending notification and approval emails
Each of these providers has their own privacy policy and data protection commitments.
Data retention
We retain different categories of data for different periods in accordance with our legal obligations and operational needs:
- Account data (business name, email, tone of voice, settings) — retained while your subscription is active, and for 365 days after cancellation, then permanently deleted
- Activity logs — automatically deleted after 90 days
- Invoice records — retained for 7 years in accordance with UK financial record-keeping requirements
- Google OAuth tokens — deleted immediately on account erasure or when you revoke access
- Review text and reviewer names — AES-256 encrypted, retained while reviews are pending approval, deleted with account on erasure
- Waitlist emails — retained until you unsubscribe or request deletion. Deleted immediately on unsubscribe.
- Pending onboarding data — automatically deleted after 48 hours if signup is not completed. If payment was taken, a full refund is issued automatically within 24 hours
You may request early deletion of your account data at any time by emailing yourreviewbot.app@gmail.com. Erasure requests will be processed within 30 days. Note that invoice records may be retained for the full 7-year period regardless of erasure requests, as required by law.
Your rights under GDPR
As a UK/EU resident you have the following rights:
- Right of access — request a copy of the data we hold about you
- Right to rectification — request correction of inaccurate data
- Right to erasure — request permanent deletion of all your data
- Right to portability — request your data in a portable format
- Right to object — object to processing of your data
To exercise any of these rights, email yourreviewbot.app@gmail.com. We will respond within 30 days.
Cookies
We use a single session cookie to keep you logged into your dashboard. This cookie is httpOnly, secure, and expires after 2 hours. We do not use tracking or advertising cookies.
Legal basis for processing
We process your data on the basis of contractual necessity — the data is required to deliver the service you have subscribed to.
Changes to this policy
We may update this policy from time to time. We will notify active clients of any significant changes by email.
Contact
For any privacy concerns or data requests, contact us at yourreviewbot.app@gmail.com.