Privacy Policy
Last updated: March 22, 2026
1. Introduction
ReviewReply ("we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what information we collect, how we use and protect it, and your rights regarding that information. This policy applies to all users of the ReviewReply website and service at reviewreply.dev.
2. Information We Collect
Free Trial Users
When you use the free trial, we do not require you to create an account or provide any personal information. We use browser local storage on your device to track the number of free uses remaining. This data is stored only on your device and is not transmitted to or accessible by us.
Subscribers
When you subscribe to ReviewReply, we collect the following information:
- Email address — used for account identification, billing communications, and important service notifications.
- Payment information — processed and stored securely by our payment processor, Stripe. We do not receive, access, or store your full credit card number, debit card number, or bank account details. Stripe's handling of your payment data is governed by the Stripe Privacy Policy.
- Basic usage data — the number of responses generated and subscription status, used to provide the Service and improve our product.
Automatically Collected Data
Our hosting provider (Vercel) automatically collects limited technical data through standard server logs, including: IP addresses, browser type and version, device type, referring URL, pages visited on our site, and the date and time of each request. This data is retained by Vercel in accordance with their data retention policies and is used solely to maintain, secure, and improve the Service.
3. How We Use Your Information
We use the information we collect for the following purposes:
- To provide, operate, and maintain the Service.
- To process subscription payments and manage your account.
- To send transactional communications, including billing confirmations, subscription renewal notices, and service-related updates.
- To improve the Service based on aggregated, non-identifying usage patterns.
- To detect and prevent fraud, abuse, or violations of our Terms of Service.
- To comply with legal obligations.
We do not sell, rent, trade, or share your personal information with third parties for their marketing purposes.
4. Review Data
When you paste a customer review into ReviewReply, that text is transmitted to our AI provider (Anthropic) to generate a response. We want to be clear about how this data is handled:
- Review text is processed in real-time to generate a response and is not permanently stored on our servers.
- We do not retain, log, or archive the content of reviews you submit or the responses generated.
- Anthropic's handling of data sent through their API is governed by the Anthropic Privacy Policy. As of the date of this policy, Anthropic does not use API inputs to train its models.
5. Third-Party Service Providers
We use the following third-party services to operate ReviewReply. Each has their own privacy policies governing how they handle data:
- Stripe (Privacy Policy) — payment processing and subscription management.
- Anthropic (Privacy Policy) — AI text generation via their API.
- Vercel (Privacy Policy) — website hosting, serverless functions, and server logs.
We do not share your personal information with any third parties beyond what is necessary to operate the Service as described above.
6. Cookies and Tracking
ReviewReply uses minimal browser storage solely for Service functionality. We use browser local storage (not cookies) to track free trial usage counts. We do not use advertising cookies, third-party tracking cookies, analytics cookies, or any form of cross-site tracking. We do not participate in ad networks or share data with advertisers.
7. Data Security
We implement reasonable technical and organizational measures to protect your information, including:
- Encrypted connections (HTTPS/TLS) for all data in transit.
- Secure payment processing through Stripe (PCI-DSS compliant).
- Limited data collection and minimal data retention.
- Environment variable protection for API keys and sensitive credentials.
However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security.
8. Data Retention
We retain subscriber information (email address and usage data) for as long as your account is active. If you cancel your subscription, we retain your email address and basic billing history for up to 12 months after cancellation to support any billing inquiries, after which it is deleted. Server logs collected by Vercel are retained in accordance with Vercel's retention policies. Payment records are retained by Stripe in accordance with their policies and applicable financial regulations.
9. Your Rights
Depending on your location, you may have some or all of the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request that we correct inaccurate personal information.
- Deletion: Request that we delete your personal information, subject to legal retention requirements.
- Portability: Request a copy of your data in a portable format.
- Opt out: Opt out of non-essential communications at any time.
- Cancel: Cancel your subscription at any time through the account management portal or by contacting us.
To exercise any of these rights, contact us at support@reviewreply.dev. We will respond to all requests within 30 days.
10. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
- Right to know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
- Right to delete: You may request the deletion of personal information we have collected from you, subject to certain exceptions.
- Right to opt out of sale: We do not sell your personal information. We have not sold personal information in the preceding 12 months.
- Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.
To submit a request, contact us at support@reviewreply.dev. We may need to verify your identity before fulfilling your request.
11. European and UK Privacy Rights (GDPR / UK GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following provisions apply to you:
- Legal basis for processing: We process your personal data on the following legal bases: contractual necessity (to provide the Service you have subscribed to), legitimate interests (to maintain, improve, and secure the Service), and compliance with legal obligations.
- International data transfers: Your data is processed in the United States. By using the Service, you acknowledge that your data will be transferred to and processed in the United States, which may not provide the same level of data protection as your country of residence. We rely on standard contractual clauses and other appropriate safeguards for such transfers.
- Data protection rights: In addition to the rights listed in Section 9, you have the right to restrict processing of your personal data, the right to object to processing based on legitimate interests, and the right to withdraw consent at any time (where processing is based on consent).
- Supervisory authority: You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated. A list of EU data protection authorities can be found at edpb.europa.eu.
12. Children's Privacy
ReviewReply is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child under 18 has provided us with personal information, please contact us at support@reviewreply.dev.
13. Disclosure of Information
We may disclose your personal information in the following circumstances:
- Legal requirements: If required to do so by law, regulation, legal process, or governmental request (such as a subpoena, court order, or search warrant).
- Protection of rights: To protect the rights, property, or safety of ReviewReply, our users, or others, including to enforce our Terms of Service.
- Business transfers: In connection with a merger, acquisition, reorganization, or sale of assets, in which case your personal information may be transferred as part of that transaction. We will notify you of any such change.
- With your consent: With your explicit consent for purposes not described in this Privacy Policy.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes, we will update the "Last updated" date at the top of this page. For material changes that significantly affect how we handle your personal information, we will make reasonable efforts to notify you (such as by email to subscribers or a prominent notice on the Service).
15. Contact Us
If you have questions about this Privacy Policy, your personal data, or wish to exercise any of your rights, please contact us at: