Privacy Policy
Last updated: March 29, 2026
1. Information We Collect
We collect information you provide directly when you register for and use our Services, including: your business name, contact name, email address, phone number, business address, and Google Place ID. When you use our review automation services, we may process your customers' names and email addresses to send review requests on your behalf. We also collect usage data such as login activity, feature usage, and interaction with the Services.
2. How We Use Your Information
We use the information we collect to: (a) provide, maintain, and improve the Services; (b) send review requests and marketing communications on your behalf; (c) generate performance reports and analytics; (d) process payments and manage your subscription; (e) communicate with you about your account, updates, and support requests; and (f) comply with legal obligations. We do not use your information for purposes unrelated to providing the Services without your consent.
3. How We Share Information
We share your information only as necessary to provide the Services: (a) Stripe processes your payment information securely — we do not store credit card numbers; (b) Resend delivers emails on your behalf; (c) Google receives review-related data when you use our review automation features. We do not sell, rent, or trade your personal information to third parties. We may disclose information if required by law or to protect our rights.
4. Third-Party Service Providers
We use the following third-party services to operate our platform: • Stripe (stripe.com) — Payment processing. Your payment information is processed directly by Stripe and never stored on our servers. Stripe is PCI DSS Level 1 certified. • Resend (resend.com) — Email delivery. Customer names and email addresses are transmitted to Resend to deliver review request emails on your behalf. • Cloudflare (cloudflare.com) — Content delivery and security. Web traffic passes through Cloudflare's network. We maintain Data Processing Agreements with each provider. Your data may be processed in the United States in accordance with these agreements.
5. Automated Decision-Making
We use automated tools in the following ways: • Email drafting: AI assists in composing personalized review request templates. • Support triage: Incoming support requests may be automatically categorized and routed. • Lead scoring: Potential business opportunities are scored using automated analysis. No decisions with significant impact on individuals are made exclusively by automated means. You have the right to request human review of any automated decision. Contact us at [email protected].
6. Data Retention
We retain your account data and business information for as long as your subscription is active. After cancellation or termination, we retain your data for 90 days to allow for account reactivation. After the 90-day period, your data is permanently deleted from our systems and backups. You may request earlier deletion by contacting us at [email protected].
7. Your Rights
Under the Quebec Act Respecting the Protection of Personal Information in the Private Sector (Law 25) and the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the right to: (a) access the personal information we hold about you; (b) request correction of inaccurate information; (c) request deletion of your personal information; (d) request portability of your data in a commonly used format; (e) withdraw consent to certain data processing; and (f) file a complaint with the Commission d'accès à l'information du Québec or the Office of the Privacy Commissioner of Canada. To exercise these rights, contact us at [email protected].
8. Cookies & Analytics
We use minimal cookies necessary for the operation of the Services. Session cookies are used for authentication in the client portal. We do not use third-party tracking cookies or advertising pixels. We may use basic analytics to understand how the Services are used and to improve them.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal information, including: encryption of data in transit (TLS/SSL), encryption of data at rest, access controls limiting data access to authorized personnel, and regular security assessments. While we strive to protect your information, no method of transmission over the Internet is 100% secure.
10. Children's Privacy
The Services are not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.
11. International Data
Your data is stored and processed in Canada. If any data is transferred outside of Canada, we will ensure that adequate safeguards are in place in accordance with applicable Canadian privacy legislation, including PIPEDA and Quebec Law 25.
12. Privacy Officer
For questions or concerns about this Privacy Policy or our data practices, please contact our privacy officer at [email protected]. You may also file a complaint with the Commission d'accès à l'information du Québec (CAI) or the Office of the Privacy Commissioner of Canada (OPC).
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, by email. Changes take effect 30 days after posting. We encourage you to review this policy periodically.
14. Language
This Privacy Policy is available in both English and French. Both versions are official. In the event of any inconsistency or discrepancy between the English and French versions, the French version shall prevail, in accordance with the Charter of the French Language (Quebec).