← Back to home

Privacy Policy

Effective May 14, 2026

Introduction

ReviewCraft (“ReviewCraft,” “we,” “our”) provides a review-request and review-drafting platform that helps businesses collect feedback from their customers and post-service reviews on third-party sites. This Privacy Policy describes the information we collect, how we use and share it, and the choices available to you.

Who this policy applies to

  • Business users who create an account to send review requests (operators, owners, staff).
  • Customers of those businesses who receive a review request via SMS or email and may complete a questionnaire.

Information we collect

From business users:

  • Account details: name, email address, hashed password, business name, business vertical, service offerings, location details.
  • Configuration: brand voice, keyword profile, questionnaire choices, integration credentials (CRM webhook keys, Twilio identifiers).
  • Usage data: pages visited, features used, requests sent, server log timestamps and IP addresses.

From customers of business users:

  • Contact information provided by the business owner: name, phone number, email address, service date, and any optional notes.
  • Questionnaire responses (multiple choice selections, free-text comments) submitted voluntarily after clicking a review request link.
  • Technical information from interactions with our questionnaire pages: timestamps, browser type, IP address.

How we use information

  • To provide and operate the review-request service.
  • To generate AI-assisted review drafts based on questionnaire responses.
  • To deliver SMS and email messages to customers on behalf of the business user.
  • To honor opt-out requests and other privacy choices.
  • To detect, investigate, and prevent abuse, fraud, or security incidents on the service.
  • To comply with applicable laws and respond to legal requests.

How we share information

We do not sell personal information. We share data only with the limited service providers needed to operate the platform:

  • Supabase— database and authentication hosting.
  • Twilio— SMS message delivery.
  • Resend— email message delivery.
  • Anthropic— AI processing of questionnaire responses to generate review drafts. Questionnaire content is sent to Anthropic in real time and is not retained for model training under our processing terms.
  • Vercel— application hosting and request logging.

We may also disclose information when required by law, to protect our rights, or in connection with a business transfer such as a merger or acquisition.

SMS messaging and consent

Business users enter their customers’ phone numbers into the platform to send review requests by SMS. By entering a phone number, the business user represents that they have a direct relationship with that customer and have lawful authority to contact them with a transactional follow-up message about a completed service.

Customers can opt out of receiving further messages at any time by replying STOP to any SMS. Opt-out is processed within seconds and blocks any future SMS to that number from the requesting business. Replying HELP returns identification of the sender and instructions. Standard message and data rates may apply; ReviewCraft does not charge customers for messages.

ReviewCraft does not share customer phone numbers with marketers or other third parties. Phone numbers are used only to deliver the review request and any allowed reminder messages.

Data retention

We retain account and request data for as long as the business user’s account is active. When an account is closed, associated customer contact details are deleted within thirty days, except where retention is required for legal, security, or audit purposes.

Your choices and rights

  • Customers can opt out of SMS messages at any time by replying STOP.
  • Customers or business users can request access to, correction of, or deletion of their personal information by emailing the contact below.
  • Residents of jurisdictions with applicable privacy laws (such as the GDPR or CCPA) may have additional rights, including the right to object to processing or to receive a portable copy of their data.

Security

ReviewCraft uses industry-standard safeguards including encryption in transit, access-restricted infrastructure, row-level security on customer data, and audited third-party processors. No system is perfectly secure; please report any suspected vulnerability to the contact below.

Children

ReviewCraft is intended for use by businesses contacting their adult customers and is not directed at children under sixteen. We do not knowingly collect information from children.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated through the dashboard or by email. The effective date above will reflect the latest revision.

Contact us

Questions, requests, or complaints can be sent to privacy@reviewcraft.app.

Terms of Service·Home