Privacy Policy

Reviews Zen is the data controller for personal data you provide directly to us (e.g., your name, email, payment details). When you import customer contacts into Reviews Zen for the purpose of sending review requests, you are the data controller for that customer data, and Reviews Zen is the data processor acting on your instructions.

We collect the following categories of data:

• Account data — name, email, password hash, business name, contact details, and authentication info from your sign-in provider (e.g., Google).
• Business profile data — your business category, location, brand color, logo, review page slug, and Google Business Profile connection info.
• Customer-list data you upload — names, phone numbers, and emails of your customers, uploaded by you to send review requests.
• Review and feedback data — public reviews fetched from Google and private feedback submitted through your review funnel.
• Billing data — handled by our payment processor; we receive limited info such as the last 4 digits of your card, billing country, and subscription status. We never store full card numbers.
• Usage data — pages visited, features used, timestamps, IP address, browser type, and device info. Used to improve the product and detect abuse.
• Communications — emails you send us, support tickets, and feedback.

• To provide the Service — performance of contract.
• To bill you — performance of contract and legal obligation.
• To improve the product — legitimate interest in providing and growing a useful service.
• To send service emails (account, security, billing) — performance of contract.
• To send marketing emails — only with your consent; unsubscribe at any time.
• To comply with the law — legal obligation.

We only share data with vendors who help us run the Service, under contracts that bind them to use it solely on our behalf. Current subprocessors include:

• Hosting & infrastructure — Vercel (app hosting), Supabase (database).
• Authentication — Clerk.
• Email delivery — Resend.
• SMS / WhatsApp — Twilio (when those channels are active for your account).
• AI processing — Anthropic (for generating reply suggestions).
• Payments — our payment processor handles checkout, billing, and tax.
• Google Business Profile API — to sync your reviews (only with your explicit OAuth consent).

We do not sell your data. We do not share personal data with advertisers or data brokers.

Reviews Zen operates globally. Your data may be processed in countries other than the one you live in, including the United States and the European Union. We rely on standard contractual clauses and equivalent legal mechanisms to ensure your data receives the same level of protection wherever it is processed.

• Active accounts — for as long as your account is open.
• Closed accounts — we delete customer-list data within 30 days of account closure; other data may be retained for up to 12 months for audit, fraud-prevention, and legal-compliance purposes.
• Billing records — kept for up to 7 years to meet tax and accounting requirements.
• Backups — encrypted backups are rotated and purged on a rolling 30-day schedule.

Depending on where you live (GDPR for EU/UK, CCPA for California, similar laws elsewhere), you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your data (“right to be forgotten”)
• Export your data in a portable format
• Object to or restrict certain processing
• Withdraw consent at any time (for processing based on consent)
• Lodge a complaint with your local data protection authority

To exercise any of these, email privacy@reviewszen.com. We’ll respond within 30 days.

We use industry-standard safeguards: encryption in transit (TLS), encryption at rest, hashed passwords, row-level security in the database, OAuth-based access for third-party integrations, and least-privilege internal access. No system is perfectly secure, so we also rate-limit, monitor anomalies, and notify you promptly if a breach affects your account.

Reviews Zen is for business owners aged 18+. We don’t knowingly collect data from children under 16. If you believe a child has provided data, contact us and we’ll delete it.

We use a small number of essential cookies to keep you signed in and to remember your preferences. See our Cookie Policy for the full list and your options.

We’ll post any material updates at least 14 days before they take effect, and email account holders if changes affect how we handle their data. The “Last updated” date at the top will always reflect the latest revision.