Privacy Policy
Last updated: May 2, 2026
ReviewBay helps small businesses get more Google reviews through honest, automated outreach to people they already know. This policy explains what data we collect, why we collect it, and how it's used. No surprises.
1. Information We Collect
Account and Profile Data
When you register, we collect your name, email address, business name, business category, service area, phone number (optional), and profile photo (optional). This information powers your public directory listing and your dashboard.
Contacts You Import
To send review request emails on your behalf, you import a list of contacts — name, email, and optionally phone number. This is the most sensitive data we handle. It's used exclusively to run your outreach campaigns. We don't sell it, share it with other members, or use it for any other purpose.
Review Request Activity
We log which emails were sent, opened, clicked, and whether recipients unsubscribed. This lets us pause outreach when someone asks to stop and gives you visibility into campaign performance.
Review Confirmation Data
When another member confirms they received a review you left, or when you confirm a review you received, we record that confirmation in our system. This is how we verify genuine review activity on the platform.
Lead Data
When a customer submits a lead through your public profile, their name, email, phone number, zip code, and project description are stored and delivered to your inbox after payment verification.
Payment Data
Payments are processed by Stripe. ReviewBay does not store your card number, CVV, or bank details. Stripe handles all payment data under their own PCI-compliant infrastructure.
Technical Data
Standard server logs: IP address, browser type, device type, pages visited, timestamps. Used for security and debugging.
2. How We Use Your Information
We use your data to run the product. That means sending review request emails to your imported contacts, displaying your business profile in the public directory, processing subscription payments, sending transactional emails (verification codes, lead notifications, billing receipts), and automatically honoring unsubscribe requests from your contacts.
We also use aggregated, anonymized data to understand how the platform is being used and where to improve it. Individual accounts are not used for this purpose.
We do not sell personal information. We do not use your data for advertising.
3. Your Contacts' Data
When you import contacts, you're acting as the sender of those review requests. You are responsible for having a legitimate existing relationship with each person you import and for complying with CAN-SPAM and any other applicable email outreach laws.
We process contact data on your behalf. We honor unsubscribe requests automatically and permanently. If a recipient asks to stop receiving messages, we suppress them from all future sends. You cannot override that.
4. Public Directory
Your business profile is public. That's intentional. It's designed to be indexed by Google and discoverable by AI tools like ChatGPT, Claude, and Gemini — that discoverability is a core part of the product's value.
If you'd rather not be listed, you can remove your profile at any time from your account settings.
When a directory visitor submits a lead through your public profile, their contact information is stored and delivered to your lead inbox. Your contact information is visible to anyone who views your public profile.
5. Data Sharing
We share your data only with the services required to run the platform.
| Service | Purpose | |---------|---------| | Supabase | Database hosting and authentication | | Stripe | Payment processing and affiliate payouts | | Resend | Transactional email and review request campaigns | | Vercel | Application hosting and CDN | | Law enforcement | If required by a valid legal request |
All third-party processors are required to protect your data and use it only for the services they provide to us.
6. Cookies
ReviewBay uses session cookies required for authentication. We do not use third-party advertising cookies or behavioral tracking pixels. Analytics are performed server-side using anonymized event data.
7. Security
Your data is stored in Supabase, which provides encryption at rest and in transit (TLS 1.2+). Row-level security policies ensure each account can only access its own records.
8. Data Retention
We retain your account data for as long as your account is active. If you delete your account, your profile, contacts, and outreach history are removed within 30 days. Billing records are retained for 7 years as required by law.
9. Children
ReviewBay is for business owners aged 18 and older. We do not knowingly collect data from anyone under 18. If you believe a minor has created an account, email privacy@reviewbay.app and we will delete it immediately.
10. Changes to This Policy
We may update this policy as the product evolves. If we make material changes, we'll notify you by email before they take effect. Continued use of ReviewBay after a policy update means you accept the updated terms.
11. Contact
Privacy questions: privacy@reviewbay.app Mailing address: ReviewBay, Inc., Texas, USA