RevBizAI

Privacy Policy

Last updated 2026-05-12

This Privacy Policy explains how RevBiz AI ("we", "us", "our") collects, uses, stores, and shares information about you when you use our website and services (the "Service").

By using the Service, you agree to the practices described here. If you do not agree, please do not use the Service.

1. Information we collect

1.1 Information you provide

  • Account information from Google sign-in: name, email address, and Google profile picture.
  • Business information you enter: business name, phone number, Google review link, business category, languages, tone, keywords, and (optionally) a logo image.

1.2 Information collected automatically

  • Reviewer activity: when a customer scans your QR code, we record the star rating they selected, the language, the review variations we generated, and which one (if any) they copied. We do not store the reviewer's name, email, or precise location.
  • Hashed IP addresses from public-page visitors, used only for rate-limiting. We never store raw IPs.
  • Basic technical data from your browser (user agent, timestamps) for security and abuse prevention.

2. How we use your information

  • To operate the Service (generate review suggestions, render your QR).
  • To prevent abuse, fraud, and Google policy violations.
  • To improve the AI prompt and the product overall.
  • To contact you about account-critical events (security, billing).

3. Service providers we share data with

We use a small number of trusted infrastructure providers. Your data passes through these services strictly to deliver the Service:

  • Supabase: managed Postgres database, file storage, and authentication. (policy)
  • Vercel: application hosting and CDN. (policy)
  • OpenAI: generates review-text variations. Your business profile metadata (name, category, tone, keywords, rating, language) is sent at generation time. (policy)
  • Google: authentication via Google OAuth; the Google review link you provide opens in the reviewer's browser. (policy)

We do not sell your data to advertisers or data brokers.

4. Data retention

  • Account & business data: retained while your account is active. Deleted within 30 days of account deletion.
  • Generated reviews log: retained while your account is active, capped to most-recent 10,000 entries per business.
  • Hashed IPs: retained for 30 days, then purged.

5. Your rights

  • Access the data we hold about you (from your account settings).
  • Correct or update your business information at any time.
  • Delete your account and all associated data.
  • Export your data on request (email us).

If you are in the EU, UK, India, or California, you have additional rights under GDPR, the DPDP Act, and CCPA respectively. Contact us to exercise them.

6. Cookies

We use only essential cookies required to keep you signed in. We do not use third-party tracking cookies, advertising cookies, or analytics cookies that identify you personally.

7. Security

We use industry-standard security: encrypted transport (HTTPS), Row Level Security on the database (so users cannot read each other's rows), and salted hashing of IP addresses. No system is perfectly secure; please report vulnerabilities to ratnakartechjockey@gmail.com.

8. Children

The Service is not directed at children under 13. We do not knowingly collect personal information from children.

9. Changes to this policy

We will post material changes here and update the "Last updated" date. Continued use of the Service after changes means you accept the revised policy.

10. Contact us

Questions? Email ratnakartechjockey@gmail.com or use the contact link in the footer.

Also see our Terms of Service.