ReviewFlow AI

Privacy Policy

Last updated: April 9, 2026

1. Who we are

ReviewFlow AI (“we”, “us”) provides an online service for businesses to manage feedback and review-related workflows. The operator’s contact details are listed in our Legal Notice.

2. Information we collect

Depending on how you use the Service, we may process:

  • Account data: email address, name, password hash, and preferences associated with your account.
  • Business content: business names, links, notification addresses, and content you configure in the product.
  • Feedback data: information submitted by your customers through your flows (for example names, emails, ratings, and comments).
  • Technical data: IP address, browser type, cookies or similar identifiers, and logs used for security and operations.
  • Payment data: payments are handled by third-party processors (such as PayPal or Stripe). We typically receive limited billing metadata, not full card numbers.

3. How we use information

We use personal information to:

  • Provide, secure, and improve the Service.
  • Authenticate users and prevent fraud or abuse.
  • Deliver subscription features and process payments through partners.
  • Send service-related messages (for example alerts you enable).
  • Comply with legal obligations and enforce our terms.

4. Legal bases (EEA/UK)

Where GDPR applies, we rely on appropriate bases such as contract performance, legitimate interests (security, analytics at an appropriate level), and consent where required (for example certain cookies or marketing, if offered).

5. Sharing and subprocessors

We use infrastructure and service providers (for example hosting, database, and payment processors). They process data on our instructions and under agreements that require protection of personal information. We may disclose information if required by law or to protect rights and safety.

6. International transfers

If data is transferred across borders, we use appropriate safeguards (such as standard contractual clauses) where required by applicable law.

7. Retention

We retain information as long as needed to provide the Service and for legitimate business and legal purposes (for example billing records and security logs). Retention periods may vary by data category.

8. Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict processing of your personal information, and to object to certain processing or port data. To exercise rights, contact us using the details in the Legal Notice. You may also lodge a complaint with a supervisory authority.

9. Cookies and similar technologies

We use cookies and similar technologies for session management, security, and preferences. You can control cookies through your browser settings; disabling some cookies may affect functionality.

10. Children

The Service is not directed at children under 16 (or the age required in your region). We do not knowingly collect personal information from children.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and revise the “Last updated” date.

12. Contact

For privacy inquiries, contact us using the details in the Legal Notice.