ReviewDropStart Free Trial

Privacy Policy

Last updated: April 20, 2026

1. Who We Are

ReviewDrop ("we", "us") is a review management platform. This policy explains how we collect, use, and protect data when you use our website and service at reviewdrop.co.

2. What We Collect

From business owners (our customers):

  • Account info — email address, password (hashed), name.
  • Business info — business name, Google Business Profile URL, logo, review page slug.
  • Usage data — review requests sent, reviews collected, dashboard activity.

From reviewers (your customers):

  • Review content — star rating, written feedback, name (if provided).
  • Contact info — email or phone number, only when provided by the business owner for sending review requests.
  • Interaction data — whether a review request was opened, clicked, or completed.

3. How We Use Your Data

  • To provide and improve the Service.
  • To send review requests on your behalf (via email or SMS as configured).
  • To route satisfied customers to Google Reviews.
  • To privately collect feedback from dissatisfied customers.
  • To send you service-related communications (account, billing, updates).
  • To display analytics and review data in your dashboard.

We do not sell or share personal information for cross-context behavioral advertising (as those terms are defined under California law). We do not use review data for advertising. We do not share reviewer information with third parties except as needed to deliver the Service.

4. Third-Party Services

We use the following services to operate ReviewDrop:

  • Supabase — database and authentication (data hosted in the US).
  • Dodo Payments — payment processing and subscription billing. When you subscribe, Dodo Payments processes your payment as our merchant of record. See Dodo Payments' privacy policy.
  • Resend — transactional email delivery.
  • Telnyx — SMS message delivery.
  • Google Places API — syncing public Google review data.
  • Vercel — website hosting.
  • Umami — privacy-focused website analytics (cookieless, no personal data collected). See Umami's privacy policy.
  • Meta Cloud API — WhatsApp message delivery (when connected by you).

Each service processes data according to their own privacy policies. We only share the minimum data required for each service to function.

5. Cookies & Tracking

We use essential cookies for authentication (keeping you logged in). We do not use advertising cookies or third-party trackers. We use Umami, a privacy-focused analytics tool, to understand how the Service is used. Umami does not use cookies, does not collect personal data, and does not track users across websites.

6. Data Retention

  • Active accounts — we retain your data as long as your account is active.
  • Deleted accounts — we delete your data within 30 days of account deletion, except where required by law.
  • Review request records — kept for 12 months for analytics, then anonymized.

7. Your Rights

You can:

  • Access your data through your dashboard at any time.
  • Export your reviews and feedback data.
  • Delete your account and all associated data.
  • Correct inaccurate information in your account settings.

If you're in the EU/EEA, you also have rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority. Contact us to exercise these rights.

8. Security

We use industry-standard security measures including encrypted connections (TLS), hashed passwords, row-level security on our database, and access controls. No system is 100% secure, but we take reasonable steps to protect your data.

9. Children

ReviewDrop is not intended for use by anyone under 18. We do not knowingly collect data from children.

10. California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) gives you additional rights over your personal information.

Categories of personal information we collect:

  • Identifiers — name, email address, phone number, account ID, IP address.
  • Commercial information — subscription plan, billing history.
  • Internet or network activity — dashboard usage, review request open/click events, aggregated page analytics via Umami (cookieless, non-identifying).
  • Customer content — review ratings and written feedback submitted through the Service.

Sources: directly from you, from your customers when they respond to review requests, and from service providers (Supabase, Resend, Telnyx, Dodo Payments, Google Places, Meta Cloud API, Vercel, Umami). Purposes: to provide and secure the Service, process payments, send review requests on your behalf, and communicate with you.

Retention:

We retain identifiers and commercial information for the life of your account and for up to 30 days after account deletion (longer where required by law or for tax/accounting). Review request records are kept for 12 months, then anonymized. Aggregated analytics are retained indefinitely because they contain no personal data.

Your California rights:

  • Right to Know — request disclosure of categories and specific pieces of personal information we have collected about you.
  • Right to Delete — request deletion of personal information we have collected.
  • Right to Correct — request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing — we do not sell or share personal information for cross-context behavioral advertising, so there is nothing to opt out of.
  • Right to Limit Use of Sensitive Personal Information — we do not use sensitive personal information for purposes that would trigger this right.
  • Right to Non-Discrimination — we will not deny service, charge different prices, or provide a different level of quality because you exercised a privacy right.

To exercise any of these rights, email support@reviewdrop.co from the email address on your account, or use the Access/Export/Delete controls in your dashboard. We will verify your request by matching it to account credentials and respond within 45 days. You may designate an authorized agent to submit a request on your behalf; we may require written permission and identity verification.

Shine the Light (Cal. Civ. Code § 1798.83):

We do not share personal information with third parties for their own direct marketing purposes.

11. Changes

We may update this policy from time to time. Material changes will be communicated via email or through the Service. The "Last updated" date at the top reflects the most recent revision.

12. Contact

Privacy questions? Email support@reviewdrop.co.