Privacy Policy
Effective Date: April 7, 2026 · Last Updated: April 7, 2026
BizRevu (“we,” “us,” or “our”) operates the website bizrevu.com and the BizRevu application (collectively, the “Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have regarding your data.
By using BizRevu, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide Directly
- Account information: Your name, email address, and password when you create a BizRevu account.
- Business information: Your business name, business type, address, and preferred communication tone when you configure your profile.
- Payment information: When you subscribe, your payment details are collected and processed directly by Stripe. We do not store your credit card number, bank account number, or other financial account details on our servers. We receive and store your Stripe customer ID, subscription status, and billing history.
- Communications: Any messages you send to us via email at hello@bizrevu.com or through in-app support.
1.2 Information Collected Through Google OAuth
When you connect your Google Business Profile, we request authorization through Google OAuth 2.0 with the business.manage scope. This grants BizRevu access to:
- Google Business Profile account and location data: Your account ID, location names, addresses, and business categories.
- Google reviews: The text, star rating, reviewer display name, and timestamp of reviews posted to your connected Google Business Profile locations.
- Review reply capability: The ability to post review replies on your behalf when you approve a response within BizRevu.
We store your Google OAuth refresh token (encrypted) to maintain the connection between BizRevu and your Google Business Profile. We do not access your Gmail, Google Drive, Google Contacts, Google Calendar, or any other Google service beyond the Google Business Profile API.
1.3 Information Collected Automatically
- Usage data: Pages visited, features used, actions taken within the Service, timestamps, and session duration.
- Device and browser information: Browser type, operating system, device type, screen resolution, and language preference.
- IP address: Used for security, fraud prevention, and approximate geographic location (country/region level only).
- Cookies and similar technologies: See Section 7 below.
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Provide and operate the Service | Account info, business info, Google data, review data | Performance of contract |
| Generate AI review responses | Review text, star rating, business type, tone settings | Performance of contract |
| Publish approved responses to Google | Response text, Google OAuth tokens | Performance of contract |
| Send notifications (new reviews, trial reminders) | Email address, notification preferences | Performance of contract / Legitimate interest |
| Process payments and manage subscriptions | Stripe customer ID, subscription data | Performance of contract |
| Improve the Service and fix bugs | Usage data, error logs | Legitimate interest |
| Prevent fraud and abuse | IP address, usage patterns | Legitimate interest |
| Comply with legal obligations | As required by applicable law | Legal obligation |
We do not sell your personal information. We do not use your data for advertising. We do not share your data with data brokers.
3. Third-Party Services
BizRevu uses the following third-party services to operate. Each service receives only the minimum data necessary to perform its function:
| Service | Purpose | Data Shared |
|---|---|---|
| Google (Google Business Profile API) | Fetch reviews, publish approved replies | OAuth tokens, review data, reply text |
| OpenAI | Generate AI review responses | Review text, star rating, business type, tone settings |
| Stripe | Payment processing, subscription management | Email, payment method (collected directly by Stripe) |
| Supabase | Database hosting, user authentication | All application data (stored encrypted at rest) |
| Resend | Transactional email delivery | Email address, email content |
| Vercel | Application hosting | IP address, request metadata |
3.1 OpenAI Data Usage
When BizRevu generates an AI review response, we send the review text, star rating, business type, and your tone settings to the OpenAI API. We use the OpenAI API with data retention disabled, meaning OpenAI does not use your data to train its models. The data is processed and discarded by OpenAI after the response is generated. No personally identifiable information about the reviewer is sent to OpenAI beyond their display name as it appears in the review text.
4. Data Retention
- Account data: Retained for the duration of your active account, plus 30 days after deletion to allow for reactivation.
- Review data and AI responses: Retained for the duration of your active account. Deleted within 30 days of account deletion.
- Google OAuth tokens: Deleted immediately when you disconnect your Google Business Profile or delete your account.
- Payment records: Retained as required by tax and financial reporting regulations (typically 7 years for transaction records).
- Usage logs: Retained for 90 days, then automatically deleted.
- Email communications: Retained for 2 years unless you request earlier deletion.
When you delete your account, we delete or anonymize all personal data within 30 days, except where retention is required by law.
5. Your Rights
5.1 Rights Under GDPR (European Economic Area, UK, Switzerland)
If you are located in the EEA, UK, or Switzerland, you have the following rights under the General Data Protection Regulation:
- Right of access: Request a copy of the personal data we hold about you.
- Right to rectification: Request correction of inaccurate or incomplete data.
- Right to erasure: Request deletion of your personal data (subject to legal retention requirements).
- Right to restrict processing: Request that we limit how we use your data.
- Right to data portability: Receive your data in a structured, machine-readable format.
- Right to object: Object to processing based on legitimate interests.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time.
5.2 Rights Under CCPA (California, USA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act:
- Right to know: Request disclosure of the categories and specific pieces of personal information we have collected.
- Right to delete: Request deletion of personal information we have collected from you.
- Right to opt-out of sale: We do not sell your personal information. No opt-out is necessary.
- Right to non-discrimination: We will not discriminate against you for exercising any of your privacy rights.
5.3 How to Exercise Your Rights
To exercise any of the rights described above, email us at hello@bizrevu.com with the subject line “Privacy Rights Request.” We will respond within 30 days (or 45 days for CCPA requests, as permitted by law). We may need to verify your identity before processing your request.
6. Data Security
We take the security of your data seriously and implement the following measures:
- All data is encrypted in transit using TLS 1.2 or higher.
- All data is encrypted at rest in our database (Supabase).
- Google OAuth tokens are encrypted with AES-256 before storage.
- Access to production systems is restricted to authorized personnel with multi-factor authentication.
- We use Row Level Security (RLS) in our database to ensure users can only access their own data.
- We conduct regular security reviews and monitor for unauthorized access.
No method of transmission or storage is 100% secure. While we strive to protect your personal data, we cannot guarantee its absolute security. If we become aware of a data breach that affects your personal information, we will notify you and the relevant authorities as required by applicable law.
7. Cookies
BizRevu uses cookies and similar technologies for the following purposes:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security. Required for the Service to function. | Session / 30 days |
| Functional | Remember your preferences (tone settings, notification preferences, dashboard layout). | 1 year |
| Analytics | Understand how users interact with the Service to improve it. We use privacy-friendly analytics that do not track you across websites. | 1 year |
We do not use advertising cookies or tracking pixels. We do not participate in cross-site tracking or retargeting networks.
You can control cookies through your browser settings. Disabling essential cookies may prevent you from using parts of the Service.
8. International Data Transfers
BizRevu is operated from the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) approved by the European Commission and other appropriate safeguards to ensure that international data transfers comply with applicable data protection laws.
9. Children's Privacy
BizRevu is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the “Last Updated” date at the top of this page. Your continued use of the Service after a change constitutes acceptance of the updated policy. We encourage you to review this page periodically.
11. Google API Services User Data Policy Compliance
BizRevu's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google Business Profile data to provide and improve the BizRevu review management service as described in this policy.
- We do not transfer Google user data to third parties except as necessary to provide the Service (publishing replies via the Google API), as required by law, or with your explicit consent.
- We do not use Google user data for advertising purposes.
- We do not allow humans to read Google user data unless: (a) you have given explicit consent, (b) it is necessary for security purposes, (c) it is necessary to comply with applicable law, or (d) the data has been aggregated and anonymized.
12. Revoking Access
You can disconnect your Google Business Profile from BizRevu at any time through your account settings. This immediately deletes your stored OAuth tokens and stops all review monitoring and response activity. You can also revoke BizRevu's access directly from your Google Account permissions page.
13. Contact Us
If you have questions about this Privacy Policy or how we handle your data, contact us at:
BizRevu
Email: hello@bizrevu.com
Website: bizrevu.com
© 2026 BizRevu. All rights reserved.