Privacy Policy

Last updated: May 2026

1. Who We Are

Reviewbot (ABN 71 397 328 521) operates the website reviewbot.au and provides an AI-powered platform that helps Australian businesses manage their Google reviews, respond to customers, request new reviews via SMS, and track local search performance. Reviewbot is the entity responsible for handling personal information under this policy. You can contact us at support@reviewbot.au for any privacy-related question or request.

2. Information We Collect

We collect the following categories of personal information:

Account information

Your name and email address, collected through Google OAuth when you sign up.

Google Business Profile data

Business name, address, reviews, review responses, and listing performance metrics including views, calls, direction requests, website clicks, and search queries. This data is accessed via the Google Business Profile API using the OAuth scope business.manage, which is the minimum scope necessary to operate the features described in Section 3.

Phone numbers

Phone numbers of customers submitted by the business owner for the purpose of sending SMS review requests.

Payment information

Payments are processed by Stripe. We do not store your credit card number or bank details. We store only your Stripe customer ID and subscription ID to manage your billing.

Usage data

How you interact with the platform, which features you use, and timestamps of your activity.

AI interaction data

Prompts sent to and responses generated by our AI systems when drafting review replies, reports, and insights.

3. How We Use Your Information

We use the information we collect to:

  • Sync and manage your Google reviews
  • Generate AI-powered review response drafts
  • Post approved responses to your Google Business Profile
  • Send SMS review requests to your customers on your behalf
  • Provide analytics, ranking tracking, and competitor insights
  • Send email notifications including review alerts, weekly reports, and monthly reports
  • Process subscription payments
  • Improve and develop user-facing features of the Reviewbot service. We do not use data obtained from Google APIs to develop, improve, or train generalised or non-personalised AI or machine-learning models.

We do not use your personal information, and in particular do not use any data obtained through Google APIs, to serve advertisements.

4. Data Retention

  • Account data: retained while your account is active, plus 90 days after cancellation.
  • Phone numbers: encrypted (AES-256) at rest and retained for a maximum of 90 days from the last SMS sent to that number, then irreversibly anonymised by replacing the number with a salted hash.
  • Consent audit trail: the consent confirmation timestamp, sender identity, and hashed recipient identifier are retained indefinitely, even after phone number anonymisation, to satisfy ACMA compliance obligations.
  • Global opt-out list: hashed phone numbers are retained indefinitely to prevent re-sending messages to customers who have unsubscribed.
  • AI interaction logs: retained for 12 months, then archived to cold storage for an additional 24 months before permanent deletion.
  • Review and response data: retained while your account is active.

5. Data Sharing

We share your data with the following third-party service providers only as necessary to provide and improve user-facing features of Reviewbot, for security, to comply with applicable law, or as part of a merger, acquisition, or sale of assets in which the recipient is bound to honour commitments equivalent to those in this Privacy Policy. We do not sell your personal information, and we do not transfer Google user data to third parties for any other purpose.

  • Google (Google Business Profile API) — to access and manage your reviews and business listing.
  • Anthropic (Claude AI, United States) — to generate review responses, reports, and insights for your account only. Review text and business context are sent solely to draft replies and analytics outputs for you. Under our agreement with Anthropic, this data is not used to train Anthropic's models, and it is not used to develop, improve, or train any generalised AI or machine-learning model operated by Reviewbot.
  • Twilio / Sinch — to send SMS review requests. Phone numbers are shared only for the purpose of message delivery.
  • Stripe — to process subscription payments.
  • Resend — to send transactional and notification emails.
  • Vercel — for hosting and web analytics.
  • DataForSEO — for keyword ranking and competitor data.

We do not sell your personal information to anyone.

6. Google User Data and Limited Use

Reviewbot accesses data from your Google Business Profile through the Google Business Profile API using the OAuth scope business.manage. The data we access is limited to what is necessary to operate the features described in Section 3: business listings, reviews, review replies, posts, questions and answers, and listing performance metrics.

Reviewbot's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide and improve user-facing features that are prominent in the Reviewbot application — namely, syncing reviews, generating and posting AI-drafted replies, publishing posts and Q&A answers, and producing listing analytics for the account holder.
  • We do not transfer Google user data to third parties except as needed to provide or improve those user-facing features (for example, sending review text to Anthropic to draft a reply for you), for security purposes, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with continued privacy protections.
  • We do not use Google user data to serve advertisements, including retargeted, personalised, or interest-based advertising.
  • We do not allow humans to read Google user data, except where we have your explicit consent (for example, you ask our support team to investigate a specific review), where it is necessary for security, where required by law, or where the data has been aggregated and anonymised for internal operations such as debugging or capacity planning.
  • We do not use Google user data to develop, improve, or train generalised or non-personalised artificial intelligence or machine-learning models. Review text and business context are sent to Anthropic only to generate a reply for your specific account, and Anthropic does not retain or use this data to train its models.

You can revoke Reviewbot's access to your Google account at any time at myaccount.google.com/permissions.

7. Cross-Border Disclosure

Several of our service providers are located outside Australia: Anthropic, Stripe, Twilio, Sinch, Resend, Vercel, and DataForSEO each process data in the United States and other jurisdictions where they operate. By using Reviewbot, you acknowledge that your personal information will be disclosed to these overseas recipients.

Before disclosing personal information overseas, we take reasonable steps as required by Australian Privacy Principle 8 to ensure that the overseas recipient handles your information consistently with the Australian Privacy Principles. These steps include selecting providers with recognised security and privacy certifications (such as SOC 2 and ISO 27001), and entering into written agreements that contractually require the recipient to protect your information, limit its use to the purposes for which it was disclosed, and apply appropriate security measures.

8. Data Processing Agreement

For phone numbers collected by the business owner: the business owner is the data controller and ReviewBot is the data processor. ReviewBot processes customer phone numbers only under the business owner's instruction — specifically, when they submit a number for an SMS review request.

The business owner is responsible for ensuring they have valid consent to send commercial messages to the phone numbers they provide.

9. Security

We take reasonable steps to protect your personal information:

  • OAuth tokens encrypted at rest (AES-256-GCM)
  • Phone numbers encrypted at rest (AES-256-GCM)
  • AI interaction logs encrypted at rest
  • All communications transmitted over HTTPS/TLS
  • Payment data handled entirely by Stripe, which is PCI DSS compliant
  • Access controls and audit logging

10. Your Rights Under the Australian Privacy Act 1988

Under the Australian Privacy Act 1988, you have the right to:

  • Access the personal information we hold about you
  • Request correction of inaccurate information
  • Request deletion of your data
  • Complain to us in the first instance at support@reviewbot.au — we will respond within 30 days — and, if you remain unsatisfied, complain to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or 1300 363 992.

To exercise any of these rights, contact us at support@reviewbot.au.

Note: We do not rely on the small business exemption under the Privacy Act. We comply with the Australian Privacy Principles regardless of our revenue.

11. Cookies & Analytics

  • We use essential cookies for authentication and session management.
  • We use Vercel Analytics for anonymous usage statistics.
  • We do not use third-party advertising cookies, and we do not use Google user data to serve advertisements.

12. Notifiable Data Breaches

Reviewbot complies with the Notifiable Data Breaches scheme under Part IIIC of the Privacy Act 1988. If we become aware of an eligible data breach that is likely to result in serious harm to any individual whose personal information is involved, we will notify the affected individuals and the Office of the Australian Information Commissioner as soon as practicable, in accordance with our obligations.

13. Children's Privacy

Our service is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email and through an in-app notification. We encourage you to review this page periodically.

15. Contact Us

If you have questions about this Privacy Policy or how we handle your personal information, contact us at support@reviewbot.au.