Privacy Policy

1. Introduction

Welcome to GhostReview™ ("we", "us", "our"). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered review analysis platform ("Service").

By using GhostReview, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

• Name and email address
• Password (encrypted using bcrypt hashing)
• Profile picture/avatar (optional)
• Business type (solo business or team)
• Phone number (if you enable SMS alerts)

Review Content:

• Review text that you submit for analysis
• Platform source (Google, Yelp, TripAdvisor)
• Business information associated with reviews
• Review metadata (dates, ratings, reviewer information when available)

Connected Accounts:

• Google Business Profile information (when you connect via OAuth)
• Business name, address, and profile ID
• OAuth access and refresh tokens (encrypted in our database)

White-Label Customization (Agency Plan):

• Custom company name
• Custom logos and favicons
• Custom color schemes
• Branding preferences

Communication Preferences:

• Email alert settings
• SMS alert settings (if enabled)
• Notification preferences
• Alert threshold settings

2.2 Information Collected Automatically

Usage Data:

• Number of scans performed
• API calls made (Agency plan)
• Features used (smart reply, dispute templates, exports, analytics)
• Subscription plan and billing period
• Last sync timestamps for connected accounts
• Login history and session data

Technical Data:

• IP address
• Browser type and version
• Device information
• Operating system
• Time zone and locale settings
• Session cookies and tokens

AI Analysis Results:

• Suspicion scores (0-100)
• Classification results (Authentic, Possibly Manipulated, Likely Fake)
• AI-generated summaries and reasoning
• Generated responses to reviews
• Raw AI responses (for debugging purposes)

2.3 Payment Information

Payment processing is handled by Paddle, our third-party payment processor. We do not store your complete credit card information on our servers. We only store:

• Paddle customer ID
• Paddle subscription ID
• Subscription status and billing dates
• Payment method type (e.g., "card")
• Transaction IDs for payment tracking

3. How We Use Your Information

We use your information for the following purposes:

3.1 To Provide and Improve the Service

• Analyze review content using Google Gemini AI
• Generate suspicion scores and classifications
• Create AI-powered response suggestions
• Generate dispute templates
• Monitor connected review platforms for new reviews
• Provide analytics and reporting features
• Enable white-label dashboard customization
• Process API requests (Agency plan)

3.2 Account Management

• Create and manage your account
• Authenticate your identity
• Verify your email address
• Reset your password when requested
• Manage OAuth connections to third-party platforms

3.3 Billing and Subscription Management

• Process subscription payments
• Manage plan upgrades and downgrades
• Track usage limits (scans and API calls)
• Send billing-related communications
• Prevent fraud and abuse

3.4 Communication

• Send account verification emails
• Send transactional emails (password resets, subscription changes)
• Send alerts about suspicious reviews (if enabled)
• Send usage limit notifications
• Respond to support inquiries
• Send important service updates

3.5 Analytics and Improvement

• Analyze feature usage patterns
• Improve AI accuracy and performance
• Identify and fix bugs
• Develop new features
• Monitor system performance
• Create aggregated, anonymized statistics

3.6 Legal and Security

• Enforce our Terms of Service
• Comply with legal obligations
• Protect against fraud and abuse
• Resolve disputes
• Ensure platform security

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Third-Party Service Providers

We share information with trusted third-party service providers who help us operate our Service:

• Google Gemini AI: Review text is sent to Google's AI service for analysis
• Paddle: Payment and subscription information for billing
• Gmail SMTP: Email delivery service for transactional emails
• Kairoo Storage: Image storage for white-label logos and favicons (Agency plan)
• Vercel: Hosting infrastructure and environment management

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.2 Business Transfers

If GhostReview is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or use of your personal information.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

• Valid legal requests (subpoenas, court orders)
• Government or law enforcement investigations
• Protection of our rights, property, or safety
• Prevention of fraud or security threats
• Enforcement of our Terms of Service

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4.5 Aggregated Data

We may share aggregated, anonymized data that cannot be used to identify you for research, marketing, or analytics purposes.

5. Data Security

We implement industry-standard security measures to protect your information:

5.1 Technical Security

• Passwords are hashed using bcrypt (10 rounds)
• OAuth tokens are encrypted before storage
• All data transmission uses HTTPS/TLS encryption
• Database access is restricted and authenticated
• API keys and secrets are stored as environment variables
• Session tokens use JWT-based authentication
• Paddle webhook signatures are verified

5.2 Operational Security

• Regular security audits and updates
• Access controls and role-based permissions
• Monitoring for suspicious activity
• Secure development practices
• Data backup and recovery procedures

5.3 Limitations

While we use reasonable efforts to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for a reasonable period after deletion to comply with legal obligations
• Review Analysis History: Retained indefinitely while your account is active; deleted upon account deletion
• Usage Analytics: Aggregated data may be retained indefinitely for statistical purposes
• Payment Records: Retained for 7 years to comply with tax and accounting regulations
• Communication Logs: Retained for 2 years for support and legal purposes
• Security Logs: Retained for 1 year for security monitoring

When you cancel your subscription, your account is downgraded to the Free plan but not deleted. You must explicitly request account deletion to remove your data.

7. Your Rights and Choices

7.1 Access and Portability

You have the right to access your personal information and export your data (review analysis history, generated responses) in CSV format through the dashboard.

7.2 Correction

You can update your account information (name, email, profile picture, business type) directly through the dashboard settings.

7.3 Deletion

You can request account deletion by contacting support. Upon deletion, we will remove your personal information, except where retention is required by law or for legitimate business purposes (e.g., payment records, dispute resolution).

7.4 Communication Preferences

You can control email and SMS alert settings through the monitoring settings page. You cannot opt out of essential transactional emails (account verification, password resets, billing notices) while maintaining an active account.

7.5 Connected Accounts

You can disconnect OAuth integrations (Google Business Profile) at any time through the monitoring page. Disconnecting will stop automatic review syncing and delete stored OAuth tokens.

7.6 Cookie Management

We use essential cookies for authentication and session management. You can control cookies through your browser settings, but disabling cookies may prevent you from using the Service.

7.7 Rights for EEA, UK, and California Residents

If you are located in the European Economic Area, United Kingdom, or California, you have additional rights:

• Right to know what personal information we collect and how it's used
• Right to request deletion of your personal information
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising privacy rights
• Right to data portability
• Right to object to processing
• Right to restrict processing
• Right to lodge a complaint with a supervisory authority

8. Children's Privacy

GhostReview is not intended for users under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information immediately. If you believe we have collected information from a child, please contact us at boussettah.dev@gmail.com.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction. When we transfer your information internationally, we ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable laws.

By using GhostReview, you consent to the transfer of your information to the United States and other countries where our service providers operate.

10. Third-Party Links and Services

Our Service may contain links to third-party websites or integrate with third-party services (Google Business Profile, Yelp, TripAdvisor). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you interact with.

When you connect your Google Business Profile, you are granting us permission to access your business information in accordance with Google's OAuth policies. You can revoke this access at any time through your Google account settings or through our monitoring page.

11. AI Data Processing

Google Gemini AI Processing:

When you submit reviews for analysis, the review text is sent to Google's Gemini AI service for processing. Google's use of this data is governed by their own privacy policy and terms of service. We use the Gemini 2.0 Flash model, which is an experimental, free service provided by Google.

Google may use submitted data to improve their AI models. We recommend not submitting reviews containing highly sensitive personal information. We store the AI's analysis results (suspicion scores, classifications, summaries) in our database to provide the Service.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Sending an email to the address associated with your account
• Posting a prominent notice on our Service
• Updating the "Last updated" date at the top of this policy

Material changes will be announced at least 30 days before they take effect. Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to your inquiry within 30 days in accordance with applicable privacy laws.