Privacy Policy

1. Information We Collect

To provide our automated review responder service, we collect several categories of information when you register, link a business storefront, or interact with Bob:

• Account Registration Data: Your name, business name, and work email address provided during account creation, securely stored and authenticated using Supabase.
• Google Business Profile Metadata: When you connect your profile via Google OAuth, we retrieve your location details, business categories, addresses, and business descriptions.
• Review & Response Material: We read incoming customer reviews and historical review replies. This includes ratings, customer names, review text, and your past response styles, which are processed to train the personalized AI agent in your voice.
• Transaction & Billing Records: Stripe processes your monthly flat-rate $125 subscription payment. We store Stripe customer identifiers and subscription statuses but do not store raw credit card numbers.

2. How We Use Your Data

We use the information we collect for specific business purposes linked to operating and optimizing Bob:

1. Personalized Voice Training: Analyzing your historical reviews and replies to build a natural, human-sounding response agent that reflects your unique tone.
2. Automated Responding: Identifying new Google reviews as they land and utilizing secured AI models to formulate and publish customized responses directly to your Google Business Profile.
3. Billing Management: Processing your recurring subscription invoices via Stripe securely.
4. Diagnostics & Communication: Sending you critical notifications (e.g. negative review flagged for manual review, failed API authorization, subscription renewals) and improving application uptime.

3. Data Sharing & Disclosures

We do not sell, rent, or trade your data or your customers' reviews to third parties for advertising or marketing.Your information is shared only with trusted infrastructure providers required to operate the Service:

• Supabase: For cloud hosting, metadata databases, and secure user session management.
• Stripe: For PCI-compliant credit card transaction and subscription processing.
• Google APIs: For secure data interchange to monitor and post replies to your Google Business Profile.
• LLM Providers: Encrypted text-based review data is sent temporarily to advanced, secure large language model APIs (e.g., Gemini, OpenAI) to generate your personalized replies. These APIs operate under strict data privacy rules that forbid training their models on your custom customer reviews.

4. Security and Storage

We are committed to securing your commercial reputation and account metadata. We apply a series of technical and organizational measures designed to defend against unauthorized access, loss, or disclosure:

Your API authorization tokens, which connect Bob to your Google Business Profile, are encrypted at rest using strong cryptographic standards. Authentication is managed by Supabase, incorporating standard JWT token protocols. All communication between our servers, database, Google APIs, and your browser is encrypted in transit using SSL/TLS.

5. Retention and Deletion

We retain your account details, location metadata, and voice guidelines for as long as your Bob subscription remains active to provide uninterrupted service.

Your Right to be Forgotten: You can completely disconnect your Google profile in the dashboard at any time. If you decide to cancel and delete your account, we purge your database records, voice guidelines, cached reviews, and API authorization tokens from our production systems within thirty (30) days of your deletion request. Past reviews and replies already published to your Google Business Profile will remain on Google, as they reside under Google's ownership.

6. Google API Compliance & Limited Use

Bob's use and transfer of information received from Google APIs to any other app will adhere to theGoogle API Services User Data Policy, including the Limited Use requirements. We enforce strict boundary constraints so that Google OAuth tokens are used solely to fetch reviews and publish responses on your behalf.

7. Your Privacy Rights

Depending on your legal jurisdiction (such as GDPR in Europe or CCPA in California), you may hold specific statutory rights regarding your personal information, including:

• The right to access a copy of the metadata we store about your business and account.
• The right to rectify inaccurate or incomplete records.
• The right to request absolute deletion of all account records from our databases.
• The right to revoke API permissions instantly via your Google Account security center.

To exercise any of these privacy rights, please write to our support desk, and we will address your request in compliance with regulatory timelines.

8. Cookies and Session Tracking

Bob uses cookies and web storage elements strictly to ensure functional performance. We do not use third-party cross-site advertising tracking cookies. The cookies we utilize serve to:

1. Maintain your authenticated dashboard login session via Supabase.
2. Preserve your theme preference (Light or Dark mode) between page refreshes.

You may configure your browser to reject all cookies; however, doing so will prevent you from accessing the dashboard.

9. Changes to this Policy

We may revise this Privacy Policy from time to time to align with application features, changes in the API landscape, or regulatory updates. If we make material modifications to how we handle your personal data, we will alert you via email or publish a prominent banner notification on the dashboard homepage prior to the changes taking effect.

10. Contact Us

If you have questions, feedback, or data privacy requests, you can reach out directly to our security coordinator.