Legal
Privacy Policy
Effective date: April 25, 2026 · ReviewHound LLC
Short version: We use your Google Business Profile access solely to post review responses on your behalf. We do not read your email, access your contacts, or share your data with third parties for marketing. You can disconnect at any time.
1. Who we are
ReviewHound ("ReviewHound," "we," "us," or "our") is a review response management service for cosmetic and plastic surgery practices. Our registered address is in the United States. You can reach us at nat@reviewhound.co.
2. What data we collect
We collect only what we need to provide the service:
- Business information — practice name, Google Business Profile listing details, star rating, and public review content (collected from Google's public API).
- Contact information — your name, email address, and phone number, provided when you sign up or respond to outreach.
- Google OAuth tokens — when you connect your Google Business Profile, we store an access token and refresh token scoped solely to
business.manage. This scope allows us to post review replies on your behalf. We cannot access Gmail, Google Drive, Contacts, or any other Google service.
- Payment information — handled entirely by Stripe. We never see or store your card number.
- Usage data — which reviews were approved, skipped, or responded to, and basic server logs (IP address, request timestamps).
3. How we use your data
- To generate AI-drafted responses to your Google reviews.
- To post approved responses to your Google Business Profile on your instruction.
- To send you approval requests via email or SMS.
- To process payments and manage your subscription via Stripe.
- To contact you about your account, service updates, or billing.
- To improve the quality of our AI drafts (using anonymised review data only).
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in Section 4.
4. Third-party services
We use the following sub-processors to deliver the service:
- Google — Google Business Profile API, for reading reviews and posting responses.
- Stripe — payment processing and subscription management.
- Mailgun — transactional email delivery (approval notifications, reports).
- Anthropic — AI model used to draft review responses. Review text is sent to Anthropic's API; it is not used to train their models under our enterprise agreement.
- Cartesia / Twilio — voice calling infrastructure used during outbound sales outreach only.
- Supabase — database hosting (US region).
- Railway — application hosting (US region).
5. Google user data
ReviewHound's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only request the
business.manage scope — the minimum required to post review replies.
- We do not use Google user data to develop, improve, or train AI/ML models beyond responding to reviews.
- We do not allow humans to read your Google user data unless you explicitly request support and give permission.
- We do not transfer Google user data to any third party except as necessary to provide the review response service.
6. Data retention
We retain your data for as long as your account is active, plus 90 days after cancellation (to allow reactivation). After that, we delete your contact details, OAuth tokens, and review records. Anonymised aggregate data (e.g. response quality metrics) may be retained indefinitely.
7. Your rights
You may at any time:
- Disconnect Google — revoke OAuth access at myaccount.google.com/permissions. This immediately prevents us from posting to your profile.
- Request your data — email nat@reviewhound.co and we will provide a copy within 30 days.
- Delete your data — email us to request full deletion. We will process within 30 days.
- Opt out of communications — reply STOP to any SMS, or use the unsubscribe link in any email.
If you are in the EU or UK, you have additional rights under GDPR/UK GDPR including the right to data portability, restriction of processing, and to lodge a complaint with your supervisory authority.
8. Security
All data is transmitted over HTTPS. OAuth tokens are stored encrypted at rest in our database. We use environment-variable secrets management and do not commit credentials to source control. We review access controls regularly.
9. Cookies
We use only essential session cookies required to maintain your login state. We do not use advertising cookies or third-party tracking pixels.
10. Changes to this policy
We will notify you by email at least 14 days before making material changes to this policy. The effective date at the top of this page reflects the most recent revision.
11. Contact
Questions about this policy? Email nat@reviewhound.co or write to ReviewHound LLC, United States.
Also see our Terms of Service.