Privacy Policy

Last updated: May 2025

ReviewAI ("we", "our", or "us") is committed to protecting your privacy. This policy explains what information we collect, how we use it, and your rights.

1. Information We Collect

We collect only what is necessary to provide the service:

• Email address — used for authentication (magic link / OTP login). We do not store passwords.
• Usage data — number of replies generated per month, to enforce free tier limits.
• Review text — the customer review you paste or select is sent to our AI service (Google Gemini) to generate a reply. We do not store review text after the reply is generated.
• Business name — optionally stored locally in your browser via Chrome storage sync, to pre-fill the business name field.

2. How We Use Your Information

• To authenticate you and manage your account
• To generate AI-powered replies using Google Gemini API
• To track usage for free tier enforcement
• To process subscription payments (via Lemon Squeezy, when applicable)

3. Third-Party Services

We use the following third-party services:

• Supabase — authentication and user database. Data is stored in the EU (Ireland) region.
• Google Gemini API — AI model used to generate replies. Review text is transmitted to Google's servers for inference. See Google's Privacy Policy.
• Lemon Squeezy — payment processing for paid subscriptions. We do not store credit card information.
• Vercel — hosting and serverless API. See Vercel's Privacy Policy.

4. Data Retention

• Account data (email, usage count) is retained while your account is active.
• Review text is not stored — it is processed in memory and discarded after reply generation.
• You can request account deletion at any time by emailing us.

5. Chrome Extension Permissions

The ReviewAI Chrome extension requests the following permissions:

• storage — to save your API key and preferences locally in Chrome.
• sidePanel — to display the ReviewAI panel alongside your browser.
• activeTab / tabs — to detect which review platform you are on and auto-fill reply boxes.
• contextMenus — to allow right-click → "Generate AI reply" on selected review text.
• Host permissions for business.google.com, biz.yelp.com, businessapp.trustpilot.com, vendor.g2.com, and our API server — required to inject the AI Reply button and call our backend.

We do not read, collect, or transmit any page content outside of the review text you explicitly trigger generation for.

6. Your Rights (GDPR / CCPA)

You have the right to:

• Access the personal data we hold about you
• Request correction or deletion of your data
• Withdraw consent at any time
• Data portability

To exercise these rights, contact us at privacy@reviewai.app.

7. Cookies

The ReviewAI website uses no tracking cookies. Authentication sessions are managed via secure HTTP-only tokens.

8. Children's Privacy

ReviewAI is not directed at children under 13. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this policy from time to time. We will notify users of significant changes via email or a notice on this page.

10. Contact

Questions about this policy? Email us at privacy@reviewai.app.