Privacy Policy

Last updated: February 3, 2026

1. Who We Are

ReviewReact is operated by Sara, a sole proprietor based in Romania, EU. We provide an AI-powered Chrome extension and web dashboard that helps businesses generate professional responses to Google reviews.

Website: reviewreact.com
Contact: hello@reviewreact.com

2. What Data We Collect

We collect only what's necessary to provide our service:

  • Email address — Used for account authentication (magic link sign-in) and essential service communications.
  • Business description — The description you provide about your business, used to personalize AI-generated responses.
  • Voice profile settings — Your tone and style preferences for generated review responses.
  • Usage statistics — The number of replies generated. We use this for plan limits and service improvement.

3. What We Do NOT Store

We do not store the actual text of Google reviews or the AI-generated responses. When you click "Generate Reply," the review text is sent to our AI service, a response is generated, and both are discarded immediately. Nothing is saved on our servers.

4. How We Use Your Data

We use your data for the following purposes:

  • Account authentication — Sending magic link emails to verify your identity.
  • Service delivery — Generating personalized review responses based on your business description and voice profile.
  • Billing — Managing your subscription through Stripe.
  • Service communications — Sending essential emails about your account (e.g., billing updates, service changes).
  • Service improvement — Analyzing aggregate usage statistics to improve ReviewReact.

Legal basis (GDPR): We process your data based on contractual necessity (to provide the service you signed up for) and legitimate interest (to improve and maintain our service).

5. Third-Party Services

We use the following third-party services to operate ReviewReact:

OpenAI

We send review text and your voice profile settings to OpenAI's API to generate responses. This data is processed in real-time and is not stored by us. OpenAI's data usage policies apply to their processing. We do not use OpenAI's training-enabled endpoints — your data is not used to train AI models.

Stripe

All payment processing is handled by Stripe. We never see, store, or have access to your credit card numbers or payment details. Stripe processes your payment data in accordance with PCI DSS standards. See Stripe's Privacy Policy.

Resend

We use Resend to deliver transactional emails (magic link sign-in, billing notifications). Your email address is shared with Resend solely for email delivery purposes. See Resend's Privacy Policy.

Let's Encrypt

We use Let's Encrypt for SSL/TLS certificates to encrypt data in transit. No personal data is shared with Let's Encrypt.

6. Cookies

We use a single, essential cookie to keep you signed in. This cookie contains a JWT authentication token that expires after 7 days. We do not use tracking cookies, analytics cookies, or any third-party cookies. No cookie consent banner is required because we only use strictly necessary cookies for authentication.

7. Data Retention

We retain your data as follows:

  • Account data (email, business description, voice profile) — Retained while your account is active. Deleted within 30 days of account deletion.
  • Usage statistics — Retained in aggregate form for up to 12 months after account deletion.
  • Review text and generated responses — Not retained. Processed in real-time and immediately discarded.
  • Payment records — Retained as required by Romanian tax law (up to 10 years for invoicing records). Managed by Stripe.

8. Data Security

We protect your data using industry-standard security measures including SSL/TLS encryption for all data in transit, secure password-less authentication via magic links, and JWT tokens with 7-day expiration. Our infrastructure is hosted on secure cloud providers with regular security updates.

9. Your Rights (GDPR)

As an EU resident, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — You can request a copy of all personal data we hold about you.
  • Right to rectification — You can ask us to correct any inaccurate personal data.
  • Right to erasure — You can request that we delete your personal data ("right to be forgotten").
  • Right to data portability — You can request your data in a structured, machine-readable format.
  • Right to object — You can object to processing of your personal data based on legitimate interests.
  • Right to restrict processing — You can request that we limit how we use your data.
  • Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, email us at hello@reviewreact.com. We will respond within 30 days.

10. International Data Transfers

Some of our third-party service providers (OpenAI, Stripe, Resend) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions by the European Commission.

11. Children's Privacy

ReviewReact is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the Romanian Data Protection Authority:

ANSPDCP (Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal)
Website: www.dataprotection.ro

13. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we will notify you by email. The "Last updated" date at the top of this page indicates the most recent revision.

14. Contact Us

For any questions about this privacy policy or your personal data, contact us at:

Email: hello@reviewreact.com
Website: reviewreact.com