Privacy Policy

1. Information We Collect

We collect information that you provide directly, information obtained from third-party integrations, and information generated through your use of the Service. The categories of information we collect include:

• Account Information: When you create an account, we collect your name, email address, and optionally your phone number.
• Business Details: Information about your business, including business name, location, industry, and other details you provide during onboarding or through account settings.
• Google Business Profile Data: When you connect your Google Business Profile, we access your business reviews, review metadata (such as reviewer name, rating, and date), and any existing responses associated with those reviews.
• Usage Data: We automatically collect information about how you interact with the Service, including pages viewed, features used, timestamps, device type, browser information, IP address, and referring URLs.

2. How We Use Your Data

We process your information for the following purposes:

• Service Delivery: To provide, operate, and maintain the Service, including displaying your reviews and managing your responses.
• AI Response Generation: To generate suggested responses to your business reviews using artificial intelligence models, based on review content and your business context.
• Notifications: To send you alerts, reminders, and notifications related to new reviews, response status, and account activity.
• Billing and Payments: To process subscription payments, manage invoices, and handle billing-related inquiries.
• Product Improvement: To analyze usage patterns, diagnose technical issues, and improve the functionality, performance, and user experience of the Service.

3. Google OAuth Permissions

Rivvu requests access to your Google Business Profile through Google's OAuth 2.0 authorization framework. Specifically, we request permission to:

• Read reviews associated with your Google Business Profile.
• Post responses to reviews on your behalf.

We will never modify, publish, or post any content to your Google Business Profile without your explicit approval. All AI-generated responses are presented to you for review before any action is taken.

You may revoke Rivvu's access to your Google account at any time through your Google Account permissions settings. Revoking access will prevent the Service from reading new reviews or posting responses on your behalf.

4. Data Storage and Security

We implement industry-standard technical and organizational measures to protect your data, including:

• Database: All application data is stored in Supabase (PostgreSQL) with row-level security (RLS) policies enforced on all database tables, ensuring that users can only access their own data.
• Token Encryption: Google OAuth tokens are encrypted at rest using AES-256-GCM encryption before being stored in the database.
• Transport Security: All data transmitted between your browser and our servers is encrypted using HTTPS (TLS 1.2 or higher).

While we take reasonable precautions to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

5. Third-Party Services

We rely on the following third-party service providers to operate the Service. Each provider processes data in accordance with their own privacy policies:

• Supabase — Database hosting, authentication, and backend infrastructure.
• Stripe — Payment processing and subscription billing.
• OpenAI — Artificial intelligence models used for generating review response suggestions.
• SerpAPI — Review monitoring and data retrieval from public sources.
• Twilio — Optional SMS and voice notifications (when enabled by the user).

We encourage you to review the privacy policies of these providers. We share only the minimum information necessary for each provider to perform its designated function.

6. Your Rights

You have the following rights with respect to your personal data:

• Access: You may request a copy of the personal data we hold about you at any time.
• Correction: You may request that we correct any inaccurate or incomplete personal data.
• Deletion: You may request that we delete your personal data, subject to applicable legal obligations.
• Data Export: You may request a machine-readable export of your data by contacting us.
• Account Deletion: You may delete your account at any time from your account settings within the Service.

To exercise any of these rights, please contact us at support@rivvu.app.

7. Data Retention

• Active Accounts: We retain your personal data and associated business data for as long as your account remains active and as necessary to provide the Service.
• Deleted Accounts: Upon account deletion, all personal data, business data, reviews, and generated responses are permanently removed from our systems within 30 days.
• Activity Logs: System and activity logs are retained for a maximum of 90 days for security and debugging purposes, after which they are automatically purged.

8. Cookies

Rivvu uses only essential cookies that are strictly necessary for the operation of the Service. These cookies are used solely for authentication and session management purposes.

We do not use tracking cookies, advertising cookies, or any third-party cookies for analytics or marketing purposes.

9. California Consumer Privacy Act (CCPA) Compliance

If you are a California resident, you have specific rights under the California Consumer Privacy Act, including:

• Right to Know: You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You have the right to request the deletion of your personal information, subject to certain exceptions.
• Right to Opt Out of Sale: You have the right to opt out of the "sale" of your personal information. However, Rivvu does not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

To submit a verifiable consumer request, please contact us at support@rivvu.app.

10. General Data Protection Regulation (GDPR) Compliance

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including:

• Right of Access: The right to obtain confirmation as to whether your personal data is being processed and to access that data.
• Right to Rectification: The right to have inaccurate personal data corrected without undue delay.
• Right to Erasure: The right to request the deletion of your personal data where there is no compelling reason for its continued processing.
• Right to Data Portability: The right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Object: The right to object to processing based on legitimate interests or for direct marketing purposes.
• Right to Restrict Processing: The right to request the restriction of processing under certain circumstances.

Our lawful bases for processing personal data under the GDPR are:

• Contract Performance: Processing is necessary for the performance of the contract between you and Rivvu (i.e., providing the Service).
• Legitimate Interest: Processing is necessary for our legitimate interests, such as improving the Service, ensuring security, and preventing fraud, provided such interests are not overridden by your fundamental rights and freedoms.

11. Children's Privacy

The Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal data from a child under 13, we will take reasonable steps to delete such information promptly. If you believe that a child under 13 has provided us with personal information, please contact us at support@rivvu.app.

12. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. If we make material changes, we will notify you by email or through a prominent notice within the Service prior to the changes taking effect. Your continued use of the Service after any modifications to this Privacy Policy constitutes your acceptance of the revised terms. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@rivvu.app