Privacy Policy

Prompt Reviews


# Prompt Reviews Privacy Policy
  Last Updated: November 2025


  This Privacy Policy explains how Prompt Reviews collects, uses, and
  protects your information when you use our review management platform and
  AI-powered services.


  ## 1. Information We Collect


  ### Account Information
  – **Personal Details**: Name, email address, phone number, business
  information
  – **Authentication Data**: Password (encrypted), login credentials,
  session information
  – **Business Information**: Company name, industry, website, address,
  business description
  – **Payment Information**: Billing address, payment methods (processed
  securely through Stripe)


  ### User-Generated Content
  – **Reviews and Testimonials**: Customer feedback, ratings, comments, and
  responses
  – **AI Content**: Content generated using our “Prompty AI” features
  (review templates, emails)
  – **Uploaded Media**: Photos, images, and other files associated with
  reviews
  – **Contact Lists**: Customer contact information uploaded for review
  campaigns


  ### Review Submission Data
  When you submit a review through a Prompt Reviews widget:
  – **Required Information**: Your name (first and last), review content,
  star rating
  – **Optional Information**: Role/relationship to business, answers to
  custom questions, keyword highlights
  – **Automatically Collected**: IP address, browser information, timestamp,
   selected review platform
  – **How It’s Used**: Your review is shared with the business owner and may
   be displayed publicly on their website, marketing materials, or review
  platforms. The business owner has access to all review data submitted
  through their Prompt Pages.


  ### Technical Information
  – **Usage Data**: Pages visited, features used, time spent, click patterns
  – **Device Information**: Browser type, operating system, IP address,
  device identifiers
  – **Analytics Data**: Performance metrics, error logs, user interactions
  – **Cookies**: Preferences, session data, authentication tokens


  ## 2. AI Data Processing


  ### AI-Powered Features: “Prompty AI” Content Generation
  Our service uses OpenAI’s ChatGPT API to generate review templates, email
  content, and other text-based materials.


  ### How AI Processes Your Data
  – **Input Data**: Business information, customer details, and context you
  provide for content generation
  – **Processing**: Data is sent to OpenAI’s API for content generation and
  returned to our platform
  – **Storage**: Generated content is stored in your account; input data is
  not permanently stored by OpenAI
  – **Third-Party Processing**: OpenAI processes data according to their
  privacy policy and data usage policies


  ### AI Data Controls
  – You can choose whether to use AI features
  – You control what information is included in AI prompts
  – You can edit or delete any AI-generated content
  – You remain responsible for reviewing and approving all AI-generated
  content


  ## 3. How We Use Your Information


  ### Service Provision
  – Provide and maintain our review management platform
  – Process payments and manage subscriptions
  – Generate widgets and display reviews
  – Send review request emails and SMS messages
  – Provide customer support and technical assistance


  ### Review Management
  – Display submitted reviews on business websites via embeddable widgets
  – Provide reviews to business owners for management and analytics
  – Enable businesses to respond to reviews
  – Track review submission metrics and analytics (excluding imported
  reviews from external sources)
  – Detect and prevent fraudulent or spam reviews


  ### Communication
  – Send account notifications and service updates
  – Respond to your inquiries and support requests
  – Send marketing communications (with your consent)
  – Notify you of important changes to our service


  ### Analytics and Improvement
  – Analyze usage patterns to improve our service
  – Monitor performance and troubleshoot issues
  – Conduct research and development
  – Ensure security and prevent fraud


  ## 4. Information Sharing and Disclosure


  **We do not sell your personal information to third parties.**


  ### Service Providers
  We share information with trusted third-party service providers who help
  us operate our platform:
  – **Hosting & Infrastructure**: Supabase (database), Vercel (hosting)
  – **Payment Processing**: Stripe (payments and billing)
  – **Email Services**: Resend (transactional emails)
  – **Analytics**: Google Analytics (usage analytics)
  – **AI Services**: OpenAI (content generation)
  – **Error Tracking**: Sentry (error monitoring)


  ### Review Display and Sharing
  – Reviews submitted through Prompt Reviews are shared with the business
  owner
  – Reviews may be displayed publicly on business websites via widgets
  – Businesses may display reviews in their marketing materials and social
  media
  – Reviews may be exported by business owners for their records
  – Reviews submitted to third-party platforms (Google, Yelp, etc.) are
  governed by those platforms’ privacy policies


  ### Legal Requirements
  – Comply with legal obligations and court orders
  – Protect our rights and prevent fraud
  – Respond to government requests
  – Enforce our Terms of Service


  ### Business Transfers
  In the event of a merger, acquisition, or sale of assets, your information
   may be transferred as part of the business transaction.


  ## 5. Third-Party Platform Integration


  Our service integrates with third-party review platforms (Google, Yelp,
  Facebook, etc.). Important considerations:
  – **Platform Policies**: You must comply with each platform’s terms of
  service and privacy policies
  – **Data Sharing**: When you post reviews to third-party platforms, that
  data is governed by their privacy policies
  – **Account Requirements**: You and your customers may need accounts on
  these platforms to leave reviews
  – **No Control**: We have no control over third-party platform data
  practices or policy changes


  ## 6. Data Security


  – **Encryption**: Data is encrypted in transit (HTTPS) and at rest
  – **Access Controls**: Strict access controls and authentication
  requirements
  – **Regular Audits**: Security assessments and vulnerability testing
  – **Monitoring**: Continuous monitoring for security threats
  – **Employee Training**: Regular security training for our team
  – **Incident Response**: Procedures for handling security incidents


  **Note**: No system is 100% secure. Please use strong passwords and keep
  your account credentials confidential.


  ## 7. Cookies and Tracking Technologies


  ### Types of Cookies We Use
  – **Essential Cookies**: Required for authentication and core
  functionality
  – **Analytics Cookies**: Google Analytics for usage statistics
  (anonymized)
  – **Preference Cookies**: Remember your settings and preferences
  – **Security Cookies**: Protect against fraud and unauthorized access


  ### Managing Cookies
  – You can control cookies through your browser settings
  – Disabling essential cookies may affect functionality
  – You can opt out of Google Analytics tracking


  ## 8. Data Retention


  – **Account Data**: Retained while your account is active and for 90 days
  after deletion
  – **Review Data**: Retained as long as needed for business purposes or
  legal requirements
  – **Analytics Data**: Anonymized data may be retained for statistical
  purposes
  – **Payment Data**: Retained according to financial and tax requirements
  (typically 7 years)
  – **Support Data**: Customer service records retained for 3 years


  ## 9. Your Privacy Rights


  ### General Rights
  – **Access**: Request copies of your personal information
  – **Correction**: Update or correct inaccurate information
  – **Deletion**: Request deletion of your personal information
  – **Portability**: Receive your data in a portable format
  – **Objection**: Object to certain types of processing


  ### Rights for Review Submitters (End Users)
  If you submitted a review through a business’s Prompt Reviews widget:
  – **Request Deletion**: Contact the business owner directly to request
  removal of your review
  – **Request Correction**: Contact the business owner to correct inaccurate
   information in your review
  – **Opt Out of Display**: Request that your review not be displayed
  publicly (contact the business owner)
  – **Data Access**: Request information about how your review data is being
   used


  For review-related requests, please contact the business owner directly.
  For questions about how Prompt Reviews handles your data, contact us at
  [email protected].


  ### GDPR Rights (EU Residents)
  – Right to be informed about data processing
  – Right to restrict processing
  – Right to withdraw consent
  – Right to lodge complaints with supervisory authorities


  ### CCPA Rights (California Residents)
  – Right to know what personal information is collected
  – Right to delete personal information
  – Right to opt out of sale (we don’t sell personal information)
  – Right to non-discrimination


  ## 10. International Data Transfers


  Your information may be processed and stored in countries other than your
  own. We ensure appropriate safeguards are in place:
  – Standard Contractual Clauses for EU data transfers
  – Adequacy decisions where applicable
  – Privacy Shield frameworks (where still valid)
  – Other lawful transfer mechanisms


  ## 11. Children’s Privacy


  Our service is not intended for children under 18. We do not knowingly
  collect personal information from children under 18. If you believe we
  have collected information from a child under 18, please contact us
  immediately.


  ## 12. Marketing Communications


  – **Consent**: We only send marketing emails with your consent
  – **Opt-out**: You can unsubscribe from marketing emails at any time
  – **Transactional Emails**: Service-related emails cannot be opted out of
  – **Preferences**: You can manage your communication preferences in your
  account settings


  ## 13. Business Customer vs. End User Data


  ### Two Types of Data Users:
  – **Business Customers**: You (our direct customers who use our platform)
  – **End Users**: Your customers who submit reviews through our widgets


  ### Your Responsibilities as a Business Customer:
  – Obtain necessary consents from your customers
  – Provide appropriate privacy notices to your customers
  – Comply with applicable privacy laws
  – Handle customer data requests appropriately (including deletion and
  correction requests)
  – Ensure reviews displayed on your website comply with applicable
  advertising and consumer protection laws


  ## 14. Changes to This Privacy Policy


  – We may update this Privacy Policy periodically
  – Significant changes will be communicated via email or platform
  notification
  – Continued use of our service constitutes acceptance of changes
  – You should review this policy periodically


  ## 15. Contact Information


  For privacy-related questions, concerns, or requests, please contact us:


  **Email**: [email protected]


  We will respond to your privacy-related requests within 30 days.


  —


  **Effective Date**: January 2025


  By using Prompt Reviews, you acknowledge that you have read, understood,
  and agree to this Privacy Policy.
Scroll to Top