ReviewAI (“we,” “our,” or “us”) is operated by DJUMP, MB, a private limited company registered in the Republic of Lithuania. This Privacy Policy explains how we collect, use, store, and protect information when you use the ReviewAI mobile application and related services (the “Service”). By using ReviewAI, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

  • Email address (for authentication and account recovery)
  • Full name (for profile display)
  • Authentication credentials (securely hashed, never stored in plaintext)

Business Data

  • Business location information (name, address, Google Place ID)
  • Customer review text and metadata (reviewer name, rating, date, platform)
  • AI-generated response text and tone selections
  • Response history and usage statistics

Device and Usage Information

  • Device type and operating system version
  • Push notification tokens (opt-in only)
  • App usage analytics (screen views, feature interactions via Mixpanel)
  • Crash reports and error logs

Information We Do Not Collect

  • Payment information (handled entirely by Apple/Google via RevenueCat)
  • Precise location or GPS data
  • Contacts, photos, or other personal files
  • Browsing history outside of the app

2. How We Use Your Information

  • Authentication. To verify your identity and secure your account.
  • Review aggregation. To fetch and display your business reviews from Google.
  • AI response generation. To send review text to OpenAI for generating response suggestions.
  • Analytics. To understand app usage patterns and improve the Service.
  • Notifications. To send push notifications about new reviews (opt-in).
  • Support. To respond to your inquiries and troubleshoot issues.

3. AI and Third-Party Data Processing

When you generate an AI response, the review text, star rating, and business name are sent to OpenAI’s API (GPT-4o) for response generation. This data is processed solely for the purpose of generating your response and is subject to OpenAI’s API data usage policies. OpenAI does not use API data for model training. We do not send any personally identifiable information about you (the business owner) to OpenAI.

Business location data is retrieved using the Google Places API. Google Place IDs are stored to enable review fetching. We access only publicly available review data through the Google Places API.

4. Data Storage and Security

Your data is stored on Supabase (built on PostgreSQL) with row-level security (RLS) policies. Each user can access only their own business locations, reviews, and AI responses. All data is encrypted in transit via HTTPS/TLS. Database backups are encrypted at rest.

5. Data Sharing

We do not sell, rent, or trade your personal or business data to third parties. We share data only with the following service providers, strictly for operating the Service:

  • Supabase. Database hosting, authentication.
  • OpenAI. AI response generation (review text only).
  • Google. Places API for review data.
  • RevenueCat. Subscription management.
  • Mixpanel. Anonymous usage analytics.
  • Apple / Google. Push notifications.

6. Data Retention and Deletion

Your data is retained as long as your account is active. You can delete individual locations and their associated reviews at any time within the app. To delete your entire account and all associated data, use the account deletion option in Settings. Upon account deletion, all your data (profile, locations, reviews, AI responses) is permanently removed from our servers within 30 days.

7. Your Rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or export your personal data. You may also have the right to object to or restrict certain processing activities. To exercise these rights, please write to us via the contact form or email start@djump.io.

8. Children’s Privacy

ReviewAI is designed for business owners and is not intended for children under 16. We do not knowingly collect personal information from children. If we discover that a child under 16 has provided us with personal information, we will delete that information promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please use the contact form or email start@djump.io. The data controller is DJUMP, MB, registered in the Republic of Lithuania.