Privacy Policy

Last updated: 1 June 2025

ReviewBoost AI ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at reviewboosted.in (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. This policy complies with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDPA) of India.

1. Information We Collect

1.1 Information You Provide

• Account information: Name, email address, password (hashed), and profile picture when you register.
• Business information: Business name, address, Google review URL, industry, and logo you upload.
• Payment information: Processed securely via our payment partners (Razorpay). We do not store card details.
• Communications: Messages you send us via email or WhatsApp support.

1.2 Information Collected Automatically

• Usage data: Pages visited, features used, click patterns, and session duration.
• QR scan data: Timestamp, device type, and approximate location (city-level) of each scan — not linked to any individual customer without consent.
• Reviews generated: AI-generated review text and final posted text (anonymised).
• IP addresses: For rate limiting and fraud prevention — not sold or shared.
• Cookies and local storage: See our Cookie Policy.

1.3 Information from Third Parties

• Google OAuth: If you sign in with Google, we receive your name, email, and profile photo from Google.

2. How We Use Your Information

• To create and manage your account and business profile.
• To generate QR codes and AI-powered review text on your behalf.
• To process payments and send invoices (including GST invoices on request).
• To send service emails: account verification, subscription updates, important notices.
• To improve our AI models and product features using anonymised, aggregated data.
• To prevent fraud, abuse, and comply with legal obligations.
• To send marketing emails — only if you opt in. You can unsubscribe at any time.

3. AI-Generated Reviews

When a customer scans your QR code, they may optionally share what they purchased (e.g., "Biryani") and a staff name. This information is sent to Groq Inc. (our AI provider) to generate a review. We do not share any personally identifiable information about the customer with Groq — only anonymous product context.

Groq's privacy policy is available at groq.com/privacy-policy.

4. Sharing Your Information

We do not sell your personal data. We share data only with:

• Service providers: Neon (database), Vercel (hosting), Groq (AI), Cloudinary (image storage), Razorpay (payments). All under strict data processing agreements.
• Legal requirements: If required by Indian law, court order, or government authority.
• Business transfer: In the event of a merger or acquisition, you will be notified.

5. Data Storage and Security

• Your data is stored on Neon PostgreSQL servers located in the United States (AWS us-east-1 region). Cross-border transfer is covered under standard contractual clauses.
• All data in transit is encrypted using TLS 1.2+. Passwords are hashed using bcrypt and never stored in plain text.
• We implement rate limiting, IP-based abuse detection, and access controls to protect your data.

6. Your Rights (DPDPA 2023)

As an Indian data principal, you have the right to:

• Access: Request a copy of your personal data we hold.
• Correction: Request correction of inaccurate data.
• Erasure: Request deletion of your account and associated data.
• Grievance redressal: Contact our Data Protection Officer below.
• Withdraw consent: Opt out of marketing communications at any time.

To exercise any right, email us at reworksstudio1@gmail.com or WhatsApp us.

7. Data Retention

• Account data is retained while your account is active.
• On account deletion, personal data is removed within 30 days. Anonymised analytics data may be retained longer.
• Payment records are retained for 7 years as required by Indian tax laws.

8. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us data, contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notice. Continued use of the Service after changes constitutes acceptance.

10. Contact & Grievance Officer

For privacy concerns or grievances (as required under IT Act 2000):

• Name: Rishi Yadav
• Designation: Data Protection Officer
• Email: reworksstudio1@gmail.com
• WhatsApp: +91 87089 05369
• Response time: Within 30 days of receipt