Last updated: February 6, 2026

Privacy Policy

At Reviewlee, we believe your data belongs to you — not us. This Privacy Policy explains how we collect, use, process, and protect your information when you use our review infrastructure platform.

1. Who We Are

Reviewlee Inc. ("Reviewlee", "we", "us", or "our") operates the review infrastructure platform at reviewlee.com. We act as a data processor on behalf of businesses (our customers) who collect and manage customer reviews, and as a data controller for our own account and billing data.

Data Protection Contact: [email protected]

2. Data We Collect

Account Data

When you create an account, we collect:

  • Name and email address
  • Organization name and details
  • Billing information (processed by our payment provider)
  • Authentication credentials (securely hashed)

Review Data

When reviewers submit reviews through our platform, we process:

  • Reviewer name or display name
  • Reviewer email (for verification purposes)
  • Review content, ratings, and attachments
  • Submission metadata (timestamp, verification status)

Usage Data

We automatically collect:

  • Server log data (IP address, browser type, referring pages)
  • Platform usage analytics (pages visited, features used)
  • Performance metrics and error reports

3. How We Use Your Data

We use collected data exclusively for:

  • Providing and maintaining our review infrastructure service
  • Authenticating users and securing accounts
  • Verifying review authenticity (email verification, proof of purchase)
  • Sending transactional emails (account, billing, security alerts)
  • Improving our platform and fixing bugs
  • Complying with legal obligations
  • Responding to support requests

We never sell your data. We never use review content for advertising. We never share data with third parties for their marketing purposes.

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process personal data based on:

  • Contract performance — To provide the services you've subscribed to
  • Consent — When reviewers submit reviews and agree to data processing
  • Legitimate interest — For platform security, fraud prevention, and service improvement
  • Legal obligation — To comply with applicable laws and regulations

5. Data Sharing & Third-Party Services

We share data only with the following categories of service providers, bound by data processing agreements:

  • Cloud hosting — Amazon Web Services (AWS), for infrastructure and data storage
  • Payment processing — For subscription billing (we never store card details)
  • Email delivery — Amazon SES, for transactional and verification emails
  • Analytics — Privacy-focused analytics for platform improvement

International transfers: When data is transferred outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs).

6. Data Retention

We retain data according to these principles:

  • Account data — Retained while your account is active, deleted within 30 days of account closure
  • Review data — Retained as long as the business account is active. Businesses can export all data at any time
  • Server logs — Retained for 90 days for security and debugging purposes
  • Billing records — Retained for 7 years as required by tax and accounting regulations

We use soft deletion — data is marked as deleted immediately but physically removed from our systems within 30 days.

7. Your Rights

Under GDPR and applicable data protection laws, you have the right to:

  • Access — Request a copy of all personal data we hold about you
  • Rectification — Correct any inaccurate or incomplete data
  • Erasure — Request deletion of your personal data ("right to be forgotten")
  • Data portability — Export your data in a structured, machine-readable format (CSV, JSON)
  • Restriction — Request we limit how we process your data
  • Objection — Object to data processing based on legitimate interests
  • Withdraw consent — Withdraw previously given consent at any time

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies & Tracking

We use minimal cookies strictly necessary for the platform to function:

  • Session cookies — Required for authentication and security (essential)
  • Preference cookies — To remember your language and display settings
  • Analytics cookies — Privacy-focused, anonymized usage analytics (optional)

We do not use advertising cookies, tracking pixels, or third-party marketing trackers. Embedded review widgets do not set cookies on your visitors' browsers.

9. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Multi-tenant data isolation — each organization's data is logically separated
  • Secure session-based authentication with rate limiting
  • Automated encrypted backups with point-in-time recovery
  • 24/7 infrastructure monitoring and intrusion detection
  • Strict access controls and audit logging for internal operations

10. Children's Privacy

Reviewlee is a B2B service not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, contact us immediately at [email protected].

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email and by posting the updated policy on this page with a new "Last updated" date. Your continued use of the platform after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, contact us:

Address: Reviewlee Inc.

We aim to respond to all privacy-related inquiries within 5 business days.