Privacy Policy

ReliableReviews (“ReliableReviews,” “we,” or “us”) operates a platform that helps businesses collect and display customer reviews. This Privacy Policy explains how we handle personal data when you use our website, dashboard, APIs, and embeddable widget (together, the “Service”). It also explains how we handle data about the reviewers your business invites through the Service.

When you create an account and use ReliableReviews to manage your own reviews, you are the data controller for the reviewer data you collect, and we act as a data processor on your behalf.

When we operate our own website and dashboard — for example, when you sign up, log in, or visit our marketing pages — we are the data controller for that information.

Account information. When you sign up, we collect your email address, name, password (hashed), and any profile data you choose to add, such as an avatar.

Site and team information. The sites, products, or brands you create in ReliableReviews, including their slug, tagline, logo, primary color, moderation rules, and team members.

Reviewer information. Data your reviewers provide through the review form: name, optional email, an optional avatar, star rating, title, review body, and up to three photos. If a reviewer submits through an invite link, we associate their review with the invite record so you can mark it as verified.

Invite information. Email addresses you add to invite flows, plus invite tokens and delivery metadata (sent, opened, completed, reminder history).

Moderation metadata. Internal notes, tags, and status changes you apply to reviews within the dashboard.

Widget analytics. When the embeddable widget loads on your site, we log impression and click events with the site ID, referrer URL, user agent, and a timestamp. We do not use third-party cookies for this. Helpful-vote counts are deduped using a short-lived browser fingerprint so the same visitor cannot vote repeatedly.

Operational logs. Standard server logs including IP address, user agent, and request metadata, retained briefly for security and debugging.

We use a small number of strictly necessary cookies for authentication and security, and functional storage for preferences. We do not use advertising or cross-site tracking cookies. For full details and categories, see our Cookie Policy.

We use the information described above to:

• Provide, operate, and maintain the Service.
• Authenticate you and your team members and secure your account.
• Deliver the invite and drip-reminder emails you configure, and the transactional emails required to run the Service (password resets, security alerts).
• Display published reviews on your public review page and on websites that embed your widget.
• Generate aggregate analytics such as widget impressions, click counts, and response rates so you can see how your reviews are performing.
• Prevent abuse — for example, detecting spam, applying rate limits, and enforcing our Terms of Service.
• Comply with legal obligations.

If you are in the European Economic Area or the United Kingdom, we rely on the following legal bases under the GDPR and the UK GDPR:

• Contract. Processing necessary to provide the Service to you as a user or to the business that sent you an invite.
• Legitimate interests. Operating, securing, and improving the Service; preventing abuse; aggregate analytics.
• Consent.When required — for example, for any optional marketing emails or non-essential cookies.
• Legal obligation. When we must retain or disclose information to comply with the law.

We share information only in the limited ways below:

• With you and your team. Account and review data is visible to the team account that owns it.
• Publicly, when you publish reviews. Once you approve a review, its author name, avatar, rating, title, body, photos, and verified badge are visible on your public review page and wherever you embed the widget. Reviewer email addresses are never displayed publicly.
• Sub-processors. We use a small number of trusted vendors to run the Service: Supabase (database, authentication, file storage), a transactional email provider for invites and notifications, and a hosting and CDN provider. We require these sub-processors to protect your data to a standard at least as strong as this Policy.
• Legal and safety. We may disclose information when required by law, to respond to valid legal process, or to protect the rights, property, or safety of ReliableReviews, our users, or the public.
• Business transfers. If ReliableReviews is involved in a merger, acquisition, or asset sale, information may be transferred to the successor, subject to this Policy.

We do not sell personal information, and we do not share personal information for cross-context behavioral advertising.

Our servers and sub-processors may be located outside your country. Where required, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses to protect personal data transferred internationally.

We keep personal data for as long as needed to provide the Service and for the purposes described in this Policy. Specifically:

• Account and site data is retained for the lifetime of your account.
• Reviews, invites, and moderation records are retained for the lifetime of the site they belong to, unless you delete them sooner.
• Widget analytics events are retained for up to 24 months in a form that allows individual events to be distinguished, and may be kept longer in aggregated form that is not tied to a reviewer.
• Operational logs are typically retained for 30 to 90 days.

When you delete your account, we delete or anonymize your data within a reasonable period, except where we must retain it for legal reasons.

Depending on where you live, you may have rights to access, correct, delete, restrict, or port your personal data, and to object to certain uses. You can exercise many of these rights directly from the dashboard:

• Access and export. Export your reviews to CSV at any time.
• Correction and deletion. Edit your profile and site details, or delete a site to remove the reviews tied to it.
• Account deletion. Delete your account from the settings page; we will delete associated personal data on a reasonable schedule.

For anything you cannot accomplish in the dashboard, email privacy@reliablereviews.com. If you are a reviewer whose data is held by one of our customers, please contact the business that sent you the invite first — they are the data controller for that data. We will help them respond to your request.

You also have the right to lodge a complaint with your local data protection authority.

We protect personal data with technical and organizational measures, including row-level security on every database table so that data from one account is isolated from others, encrypted transport (HTTPS) for all data in motion, encryption at rest for stored data and files, hashed passwords, short-lived authentication tokens, and access controls for our own team.

No system is perfectly secure. If we learn of a security incident that affects your personal data, we will notify you in accordance with applicable law.

The Service is not directed to children under 16. If we learn that we have collected personal data from a child under 16 without verified parental consent, we will delete it.

We may update this Policy from time to time. If we make material changes, we will update the effective date above and give you reasonable notice — typically via the dashboard or email.

Email privacy@reliablereviews.com for any privacy-related question, request, or concern.