Privacy Policy

We collect the following categories of information:

• Account information: Name, email address, and authentication data collected via Clerk when you register or sign in.
• App review data: Reviews, ratings, author names, device metadata, and version information imported from your connected Google Play or Apple App Store accounts via their respective APIs.
• Usage data: Pages visited, features used, session duration, and interactions within the Service, collected via PostHog.
• Payment information: Billing details processed and stored by Stripe. We do not store raw card numbers.
• Communication data: Emails or messages you send to our support address.

We use collected information to:

• Provide, operate, and maintain the Service, including syncing reviews, generating AI reply drafts, and detecting incidents.
• Improve and fine-tune our AI models using aggregated, anonymized review data. We do not use personally identifiable information for model training without explicit consent.
• Send operational alerts (email, Slack) based on your configured notification preferences.
• Process payments and manage your subscription via Stripe.
• Detect, prevent, and respond to security incidents or abuse.
• Comply with legal obligations.

We do not sell your personal data. We share data only with the following trusted sub-processors to operate the Service:

• Supabase — PostgreSQL database and file storage (EU region). Your review data and account data are stored here.
• Clerk — Authentication and user management. Handles sign-up, sign-in, and session tokens.
• Stripe — Payment processing. Receives billing details to manage subscriptions.
• Groq / Google (Gemini) — AI inference for generating reply drafts and sentiment analysis. Review text is sent for processing and is not retained beyond the request lifecycle.
• PostHog — Product analytics. Receives anonymized usage events.
• Resend — Transactional email delivery.
• Upstash — Redis rate limiting and caching.

We may also disclose data if required by law, court order, or to protect the rights and safety of AT Work Inc. (ReviewBox) or its users.

App store reviews and associated metadata are retained for up to 2 years from the date they are imported. Upon account cancellation or deletion, all personal data and review data associated with your account will be permanently deleted within 30 days. Aggregated, anonymized statistics may be retained indefinitely for product improvement purposes.

If you are located in the European Economic Area (EEA) or United Kingdom, you have the following rights under GDPR:

• Access: Request a copy of the personal data we hold about you.
• Export: Download your data in a portable format via Settings → Privacy → Export data.
• Deletion: Request erasure of your data via Settings → Privacy → Delete account or by emailing us.
• Correction: Request correction of inaccurate personal data.
• Objection: Object to processing of your data for direct marketing purposes.

To exercise any of these rights, email legal@tryreviewbox.com. We will respond within 30 days.

We implement industry-standard security measures to protect your data:

• All data is encrypted at rest using AES-256 and in transit using TLS 1.3.
• Database access is enforced with Row-Level Security (RLS) policies so that each workspace can only access its own data.
• Production access requires MFA, is logged, and is restricted to authorised personnel.
• Quarterly penetration tests and annual security training for all engineers.

Despite these measures, no system is completely secure. Please notify us immediately at security@tryreviewbox.com if you believe your account has been compromised.

We use essential cookies (Clerk auth), functional cookies (preference storage), and optional analytics cookies (PostHog). We do not use advertising or tracking cookies. For the full list see our Cookie Policy.

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child, please contact us at legal@tryreviewbox.com and we will delete it promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by displaying a prominent notice within the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us at legal@tryreviewbox.com.