Privacy Policy

Last updated: March 2026

1. Who We Are

Reviewbot (ABN 71 397 328 521) operates the website reviewbot.au and provide an AI-powered platform that helps businesses manage their Google reviews, respond to customers, request new reviews via SMS, and track local search performance.

2. Information We Collect

We collect the following categories of personal information:

Account information

Your name and email address, collected through Google OAuth when you sign up.

Google Business Profile data

Business name, address, reviews, review responses, and listing performance metrics including views, calls, direction requests, website clicks, and search queries.

Phone numbers

Phone numbers of customers submitted by the business owner for the purpose of sending SMS review requests.

Payment information

Payments are processed by Stripe. We do not store your credit card number or bank details. We store only your Stripe customer ID and subscription ID to manage your billing.

Usage data

How you interact with the platform, which features you use, and timestamps of your activity.

AI interaction data

Prompts sent to and responses generated by our AI systems when drafting review replies, reports, and insights.

3. How We Use Your Information

We use the information we collect to:

  • Sync and manage your Google reviews
  • Generate AI-powered review response drafts
  • Post approved responses to your Google Business Profile
  • Send SMS review requests to your customers on your behalf
  • Provide analytics, ranking tracking, and competitor insights
  • Send email notifications including review alerts, weekly reports, and monthly reports
  • Process subscription payments
  • Improve and develop our service

4. Data Retention

  • Account data: retained while your account is active, plus 90 days after cancellation.
  • Phone numbers: encrypted (AES-256) at rest and retained for a maximum of 90 days from the last SMS sent to that number, then irreversibly anonymised by replacing the number with a salted hash.
  • Consent audit trail: the consent confirmation timestamp, sender identity, and hashed recipient identifier are retained indefinitely, even after phone number anonymisation, to satisfy ACMA compliance obligations.
  • Global opt-out list: hashed phone numbers are retained indefinitely to prevent re-sending messages to customers who have unsubscribed.
  • AI interaction logs: retained for 12 months, then archived to cold storage for an additional 24 months before permanent deletion.
  • Review and response data: retained while your account is active.

5. Data Sharing

We share your data with the following third-party services only as necessary to provide the service:

  • Google (Google Business Profile API) — to access and manage your reviews and business listing.
  • Anthropic (Claude AI) — to generate review responses, reports, and insights. Review text and business context are sent to generate responses. Anthropic does not use this data to train models.
  • Twilio / Sinch — to send SMS review requests. Phone numbers are shared only for the purpose of message delivery.
  • Stripe — to process subscription payments.
  • Resend — to send transactional and notification emails.
  • Vercel — for hosting and web analytics.
  • DataForSEO — for keyword ranking and competitor data.

We do not sell your personal information to anyone.

6. Data Processing Agreement

For phone numbers collected by the business owner: the business owner is the data controller and ReviewBot is the data processor. ReviewBot processes customer phone numbers only under the business owner's instruction — specifically, when they submit a number for an SMS review request.

The business owner is responsible for ensuring they have valid consent to send commercial messages to the phone numbers they provide.

7. Security

We take reasonable steps to protect your personal information:

  • OAuth tokens encrypted at rest (AES-256-GCM)
  • Phone numbers encrypted at rest (AES-256-GCM)
  • AI interaction logs encrypted at rest
  • All communications transmitted over HTTPS/TLS
  • Payment data handled entirely by Stripe, which is PCI DSS compliant
  • Access controls and audit logging

8. Your Rights Under the Australian Privacy Act 1988

Under the Australian Privacy Act 1988, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your data
  • Complain to the Office of the Australian Information Commissioner (OAIC) if you are unsatisfied with how we handle your information

To exercise any of these rights, contact us at support@reviewbot.au.

Note: We do not rely on the small business exemption under the Privacy Act. We comply with the Australian Privacy Principles regardless of our revenue.

9. Cookies & Analytics

  • We use essential cookies for authentication and session management.
  • We use Vercel Analytics for anonymous usage statistics.
  • We do not use third-party advertising cookies.

10. Children's Privacy

Our service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email and through an in-app notification. We encourage you to review this page periodically.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your personal information, contact us at support@reviewbot.au.