Privacy Policy

What We Collect

We may collect and process information including:

• Account data: email address and related authentication data (via Supabase Auth).
• Business data: business name and brand assets (e.g. logos, accent colors) you provide.
• Google OAuth: tokens used to access Google Business Profile; tokens are encrypted at rest (AES-256-GCM).
• Review data: review content and metadata synced from Google (e.g. reviewer name, rating, text, dates, and any review media URLs we store).

How We Use It

We use this information to:

• Provide the ReviewFlow service (sync reviews, show them in the app).
• Generate captions and related content you request.
• Publish posts to destinations you select, when connected and permitted.
• Operate, secure, and improve the product (including support and billing).

Third Parties

We rely on service providers, including:

• Supabase — database, authentication, and storage (subject to Supabase's policies).
• Stripe — payments and billing (subject to Stripe's policies).
• Anthropic — AI caption generation (subject to Anthropic's policies).
• Google — review data and OAuth (subject to Google's policies and your permissions).
• Meta — publishing integrations when enabled (subject to Meta's policies).

Each provider processes data under its own privacy policy. We do not sell your personal information.

Data Retention

We retain your data while your account is active and as needed to provide the service. You may request deletion of your data; we will delete or anonymize it subject to legal and operational requirements (e.g. billing records).

Security

We use industry-appropriate measures including AES-256-GCM encryption for OAuth tokens at rest and Supabase row-level security (RLS) to restrict data access. No method of transmission or storage is 100% secure.

Your Rights

Depending on your location, you may have rights to access, correct, or delete personal data we hold about you. Contact us to make a request.

Contact

Privacy questions: hahnaughton@gmail.com