PRIVACY NOTICE

Last Updated: March 23rd 2025

Welcome to Reavue ("we," "us," "our," or the "Company"). At Reavue, we recognize the importance of privacy and are committed to protecting the personal information of all individuals ("you," "your," "User," or "Client") who access or use our website located at https://reavue.com and all related services, applications, and platforms (collectively, the "Service").

This Privacy Notice describes how we collect, use, disclose, and safeguard your information when you use our Service. It also outlines your privacy rights and choices with respect to the information we collect about you and how you can contact us with any concerns.

We aim to operate in compliance with applicable privacy laws, including but not limited to the European Union General Data Protection Regulation ("GDPR"), the California Consumer Privacy Act ("CCPA"), the California Privacy Rights Act ("CPRA"), and potentially other relevant data protection legislation based on our user base.

Please read this Privacy Notice carefully. By accessing or using our Service, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Notice.

Our approach to privacy is guided by the following principles:

• Transparency: We aim to be clear and open about how we collect, use, and share your information, including our reliance on third-party providers.
• Control: We provide you with meaningful choices regarding your information (such as account deletion) and respect the choices you make.
• Accountability: We take responsibility for handling your information appropriately within our systems and select reputable service providers.
• Proportionality: We strive to collect and process only information that is necessary for the purposes described in this Privacy Notice.
• Security: We rely on the security measures implemented by our enterprise-grade service providers and configure our systems securely where possible.

We may collect various types of information, including personal information, from and about you in connection with your use of our Service. Personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or individual.

2.1 Information You Provide to Us or Authorize Access To

You may provide us with certain information directly, or authorize us to access it, when you:

• Create an Account: When you register for an account, we collect your email address and password (hashed) via Firebase Authentication. If you register using Google or Microsoft authentication, Firebase Authentication facilitates this process, and we receive your email address and potentially the name associated with that third-party account.
• Connect Your Business Accounts: When you connect your Google Business Profile (via Google OAuth 2.0) to enable our AI-powered review response service, we access and collect information made available through the Google Maps API, such as your business name, address, category, review content (text, ratings), and reviewer information (e.g., reviewer name as displayed publicly on Google Maps). This information is necessary to provide the core review management and response features.
• Make Payments: When you purchase credits or subscribe, our third-party payment processors (Stripe, PayPal) collect your full payment details (such as credit card number, security code, expiry date) directly. We do not store your full credit card number on our servers. We receive transaction confirmation details from the processor and store transaction history (amount, date, credits purchased) and potentially the last four digits of your card number and its expiry date for account management, billing verification, and record-keeping purposes.
• Input Data Manually: If using manual modes, you provide review text and related details directly into the Service interface.
• Communicate with Us: When you contact us for customer support, provide feedback, or communicate via email (contact@reavue.com), we collect your email address and the content of your communications.

2.2 Information Collected Automatically (Primarily by Third-Party Infrastructure Providers)

While Reavue itself does not deploy extensive user-tracking analytics, certain technical information is automatically collected by the third-party infrastructure and security providers essential for the operation and security of the Service. This includes:

• Log Data: Our hosting providers (OVHcloud for VPS, Google Cloud for Firebase services) and CDN/security provider (Cloudflare) automatically generate server logs when you access or use the Service. These logs typically include your IP address, the date and time of access, details about your request (e.g., pages visited, HTTP headers), browser type and version, operating system, and referring/exit pages. This data is processed by these providers primarily for service delivery, security monitoring (e.g., DDoS protection, bot detection), performance optimization, troubleshooting, and abuse prevention, according to their respective privacy policies and operational needs.
• Function Execution Logs: Google Firebase Functions logs technical details about function invocations (e.g., start/end times, execution status, resource consumption) necessary for monitoring performance and debugging service operations.
• Aggregated Usage Insights: Cloudflare may provide us with aggregated, non-identifiable statistical insights about website traffic patterns based on the data processed through their network.

We primarily rely on these logs provided by our infrastructure partners for essential operational insights and security purposes, rather than deploying separate user analytics tools ourselves.

2.3 Information We Collect Through Cookies and Similar Technologies

We use cookies and similar technologies minimally and primarily for essential functions. Third parties we rely on also use cookies necessary for their services:

• Reavue Essential Cookies: We may set first-party cookies that are strictly necessary for the core operation of the Service, such as maintaining your login session or essential site navigation.
• Third-Party Necessary Cookies: Our essential third-party service providers utilize their own cookies required for their functionalities. This includes:
  • Cloudflare: For security challenges, bot detection, and load balancing.
  • Stripe / PayPal: For processing payments securely, managing payment sessions, and fraud prevention.
  • Firebase Authentication / Google / Microsoft: For managing authentication sessions when you log in using these methods.

We do not use cookies for non-essential purposes like third-party advertising or detailed user behavior tracking beyond operational necessity. For more details on managing cookies, see Section 9.

2.4 Information We Obtain From Third Parties (Beyond Direct Service Provision)

Aside from the data accessed directly via authorized connections (like Google Maps) or from infrastructure providers (logs), our primary third-party information sources are:

• Authentication Providers: If you sign up/log in via Google or Microsoft, we receive basic profile information (email, name) from them via Firebase Authentication.
• Payment Processors: Transaction confirmation details from Stripe and PayPal.

We use the information we collect or access for the following primary purposes:

3.1 To Provide, Operate, and Maintain Our Service

• Setting up, securing, and managing your user account (via Firebase Authentication).
• Storing your business information, review data, and generated replies (in Google Firebase Firestore).
• Running the backend logic and processing requests (via Firebase Functions and OVHcloud VPS).
• Accessing review data from linked accounts like Google Business Profile (via Google Maps API/OAuth).
• Processing your requests to generate AI-powered responses to customer reviews using third-party AI providers (like Anthropic, potentially OpenAI or others). This involves sending necessary data (review text, reviewer name, business name/category) to the AI provider's API.
• Publishing generated responses to the relevant platforms (e.g., Google Maps) on your behalf when authorized (especially in Automatic mode).
• Processing payments for credits or subscriptions via Stripe and PayPal.
• Providing customer support and responding to your inquiries via email.
• Authenticating your identity and verifying account information.

3.2 For Service Improvement, Security, and Operational Monitoring

• Analyzing aggregated usage patterns derived from infrastructure logs (provided by Firebase, OVHcloud, Cloudflare) to monitor service health, identify bottlenecks, and ensure stability.
• Monitoring for and preventing fraudulent transactions, security incidents, unauthorized access, and other illegal activities, utilizing tools and logs from our infrastructure and security providers (Cloudflare, Google Cloud, OVHcloud).
• Troubleshooting technical issues using logs and diagnostics provided by our infrastructure partners.

3.3 For Communication

• Communicating with you about your account status, transactions, security alerts, and usage of our Service.
• Providing you with important administrative notices and updates regarding our Service, Terms, or this Privacy Notice.
• Responding to your support requests and feedback.

(We do not currently use your contact information for promotional marketing campaigns unrelated to your direct use of the service.)

3.4 For Legal and Compliance Purposes

• Complying with applicable laws, regulations, legal processes, or governmental requests.
• Protecting our rights, property, or safety, and that of our users or the public.
• Enforcing our Terms of Use and other policies.
• Addressing disputes or misuse of our Service.

3.5 With Your Consent

We may use your information for any other purpose disclosed to you at the time we collect the information or pursuant to your specific consent.

If you are located in the European Economic Area (EEA), United Kingdom, or regions where similar laws apply, we rely on the following legal bases to process your personal information:

• Performance of a Contract: Processing is necessary to provide the Service you have requested and perform our obligations under our Terms of Use (e.g., creating your account, processing payments, generating and publishing replies as instructed).
• Legitimate Interests: Processing is necessary for our legitimate interests, provided these interests are not overridden by your fundamental rights and freedoms. Our legitimate interests include operating and securing our Service (using infrastructure logs for monitoring and security), providing customer support, enforcing our terms, preventing fraud, and managing our business operations efficiently.
• Compliance with Legal Obligations: Processing is necessary to comply with applicable laws, regulations, court orders, or other legal processes (e.g., retaining transaction records for financial audits).
• Consent: In specific situations where required (though less common for our core processing), we may rely on your explicit consent (e.g., if we were to introduce optional marketing communications). You can withdraw consent where applicable.

We do not sell your personal information. We share your information only in the following circumstances, as necessary to provide and maintain the Service:

5.1 With Service Providers

We engage third-party companies and individuals to perform services on our behalf. These providers act as Data Processors processing data under our instructions or as independent Data Controllers for their specific functions. We share only the information necessary for them to perform their designated functions:

• AI Providers (e.g., Anthropic, potentially OpenAI): We send review data (text, reviewer name) and relevant business context (name, category) via API to generate replies. Their use of data is governed by their terms and privacy policies.
• Cloud Infrastructure Providers (Google Cloud for Firebase services, OVHcloud for VPS): Host our application code, database (Firestore), authentication system (Firebase Auth), and backend functions (Firebase Functions, VPS services). They process the data stored on or passing through their systems.
• Payment Processors (Stripe, PayPal): Process financial transactions directly. They receive payment details and related user information necessary to complete the purchase.
• Authentication Services (Firebase Authentication, leveraging Google/Microsoft accounts): Manage the user login and authentication process.
• CDN and Security Provider (Cloudflare): Processes website traffic to provide security (DDoS mitigation, bot protection), performance optimization (caching), and related services. They see IP addresses and request data passing through their network.
• Platform Providers (Google, via Google Maps API/OAuth): Necessary for accessing review data from your Google Business Profile and publishing replies back to Google Maps upon your authorization.

We endeavor to select reputable providers with strong privacy and security practices, but their processing is ultimately governed by their respective agreements and policies.

5.2 Business Transfers

If Reavue is involved in a merger, acquisition, reorganization, sale of assets, bankruptcy, or similar transaction, your information may be transferred as part of that transaction. We will endeavor to ensure the transferee honours the commitments made in this Privacy Notice.

5.3 Legal Requirements and Protection

We may disclose your information if we believe in good faith that such disclosure is necessary to:

• Comply with applicable laws, regulations, valid legal processes (like subpoenas or court orders), or governmental requests.
• Enforce our Terms of Use, including investigating potential violations.
• Detect, prevent, or otherwise address fraud, security incidents, or technical issues.
• Protect against harm to the rights, property, or safety of Reavue, our users, or the public as required or permitted by law.

5.4 With Your Consent

We may share your information with third parties when we have your explicit consent to do so.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected and processed, including providing the Service, complying with our legal obligations, resolving disputes, and enforcing our agreements.

• Reavue-Controlled Active Data: Information directly managed by us within our primary systems (e.g., your account details, business info, review data stored in Firebase Firestore, linked payment transaction history) is retained while your account is active. If you choose to delete your account, we will initiate the deletion process, and this data will typically be permanently removed from our active databases within approximately one (1) month, unless retention is strictly required for overriding legal or security reasons (e.g., unresolved disputes, fraud investigations).
• Third-Party Infrastructure Logs: Technical logs generated by our providers (Google Cloud/Firebase, OVHcloud, Cloudflare) are subject to their independent retention policies. These periods vary depending on the provider and log type (often ranging from several days to several months) and are primarily maintained by them for security, operational analysis, and compliance purposes. We do not directly control these retention schedules.
• Payment Processor Records: Stripe and PayPal retain transaction data according to their own policies and applicable financial regulations, which often requires retention for several years.

When information is no longer needed for its specified purpose, we take steps to securely delete or anonymize it, where feasible.

We take the security of your information seriously and rely significantly on the robust security measures implemented by our enterprise-grade third-party service providers. This includes:

• Utilizing platforms like Google Cloud (Firebase) and OVHcloud, which offer features like encryption of data at rest and in transit, secure data centers, and network security controls.
• Leveraging Cloudflare for web application firewall (WAF), DDoS protection, and secure connections (SSL/TLS).
• Relying on Stripe and PayPal for secure handling of payment card information according to PCI DSS standards.
• Implementing appropriate access controls and authentication procedures within our own application configuration on these platforms (e.g., secure password handling via Firebase Auth).

While we configure our services with security in mind and choose reputable providers, please understand that no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security against all threats. If you have reason to believe that your interaction with us is no longer secure (e.g., compromise of your account password), please immediately notify us using the contact information provided below.

Depending on your location and applicable data protection laws (such as GDPR or CCPA/CPRA), you may have certain rights regarding your personal information. These may include:

• Right to Access: You may request access to the personal information we hold about you.
• Right to Rectification (Correction): You may request that we correct inaccurate or incomplete personal information about you. You can often update some account information directly within the Service settings.
• Right to Erasure (Deletion): You may request that we delete your personal information. You can initiate the deletion of your entire account and associated data directly via the Service settings or by contacting us. Deletion is subject to legal and operational retention requirements (see Section 6).
• Right to Restrict Processing: You may request that we restrict the processing of your personal information under certain conditions (e.g., if you contest the accuracy of the data).
• Right to Object to Processing: You may object to our processing of your personal information based on legitimate interests, under certain conditions.
• Right to Data Portability: You may request to receive a copy of certain personal information you provided to us in a structured, commonly used, and machine-readable format, and potentially request its transfer to another controller, where technically feasible.
• Right to Withdraw Consent: Where our processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with a relevant data protection supervisory authority if you believe our processing of your personal information violates applicable law.

To exercise any of these rights (other than account deletion initiated via settings), please submit a verifiable request to us by contacting contact@reavue.com. We will review your request and respond within the timeframe required by applicable law. We may need to verify your identity before processing your request. Please note that in some circumstances, legal obligations or technical limitations may prevent us from fully complying with your request, but we will inform you of any such limitations.

9.1 What Are Cookies

Cookies are small text files stored on your device (computer, tablet, mobile phone) when you visit websites. They help websites remember information about your visit, like your login status or preferences, and can enable various functionalities.

9.2 How We Use Cookies

As detailed in Section 2.3, Reavue's use of cookies is limited to those strictly necessary for providing the core functionality and security of the Service. We do not use cookies for tracking users across unrelated websites, for targeted advertising, or for detailed non-essential analytics ourselves.

• Essential First-Party Cookies: Set directly by Reavue for vital functions like keeping you logged in during your session.
• Essential Third-Party Cookies: Set by our integrated service providers (Cloudflare, Stripe, PayPal, Firebase Authentication, Google/Microsoft Auth) and are necessary for their services to work correctly (e.g., security checks, payment processing, managing third-party logins).

9.3 Your Cookie Choices

Most web browsers provide controls to manage cookies through their settings. You can typically:

• View cookies that have been set.
• Delete specific cookies or all cookies.
• Block cookies from specific sites or all sites.
• Configure settings to clear cookies when you close the browser.

Please be aware that blocking or deleting cookies, especially those categorized as essential by us or our core service providers, may significantly impair or prevent you from using certain features or the entirety of the Reavue Service. For more information on managing cookies, you can consult resources like allaboutcookies.org.

While our primary hosting infrastructure (OVHcloud VPS, Google Firebase for selected EU regions) is located within the European Union (Germany, Belgium), the nature of our Service requires the use of several key third-party providers who operate globally, particularly in the United States. This means your personal information will inevitably be transferred to and processed in countries outside of the EEA, UK, or your home country, including the United States.

Specifically, data may be transferred internationally when:

• Processing payments via Stripe or PayPal (US-based companies).
• Using AI services from providers like Anthropic or potentially OpenAI (US-based).
• Utilizing Google Cloud services (including Firebase) which may involve US processing even if primary storage is in the EU.
• Using Microsoft authentication services.
• Routing traffic through Cloudflare's global network (US-based company).
• Interacting with Google Maps APIs (US-based company).

We rely on the international data transfer mechanisms implemented by these third-party providers to ensure that such transfers comply with applicable data protection laws like GDPR. These mechanisms may include:

• Adequacy decisions by the European Commission (e.g., regarding countries deemed to have adequate data protection).
• Standard Contractual Clauses (SCCs) approved by the European Commission, incorporated into Data Processing Agreements (DPAs) with these providers.
• For transfers to the US, reliance on providers' certification under the EU-U.S. Data Privacy Framework (DPF), where applicable and valid.

By using our Service, you acknowledge and consent to the transfer, storage, and processing of your information in countries outside your country of residence, including the United States, as necessary to provide the Service described.

11.1 How It Works

Our "Automatic" mode feature uses AI to automatically generate and publish responses to customer reviews received via your linked accounts (e.g., Google Business Profile) on your behalf. When you enable this fully automated feature:

• You authorize us to continuously monitor for new reviews via the connected platform's API.
• Our system sends review details (review text, rating, reviewer name) and business context (name, category) to our AI provider (e.g., Anthropic) to generate an appropriate response.
• The AI-generated response is automatically published back to the originating platform (e.g., Google Maps) under your business profile, without requiring your prior manual review or approval for each individual reply.
• You are typically charged credits for each response generated and published via this mode, according to our pricing structure.

Important: You accept full responsibility for the content of replies published automatically via this mode (as detailed in our Terms of Use).

11.2 Your Control Over Response Features

You retain control over how responses are handled:

• You can enable or disable the fully "Automatic" mode at any time through your account settings.
• You can utilize our other modes ("Manual" or "Linked Account Management") which allow you to manually trigger AI generation for specific reviews and/or review and edit AI-generated suggestions before you choose to publish them.
• You can revoke Reavue's access to your linked accounts (e.g., Google Business Profile) via the "Manage my Businesses" tab or directly through the third-party platform's settings, which will stop further review collection and automatic posting.
• You can typically edit or delete replies directly on the review platform (e.g., Google Maps) after they have been published by Reavue.

Our Service is not intended for or directed at individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a child under 18 without appropriate consent, we will take steps to delete such information as soon as possible. If you believe that we might have any information from or about a child under 18, please contact us immediately at contact@reavue.com.

If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) provides you with specific rights regarding your personal information.

13.1 Right to Know/Access

You have the right to request that we disclose certain information about our collection and use of your personal information over the past 12 months, including the categories of personal information collected, sources, purposes for collection, categories shared with third parties, and the specific pieces of personal information collected.

13.2 Right to Delete

You have the right to request that we delete personal information that we collected from you and retained, subject to certain exceptions (such as information needed to complete a transaction, comply with legal obligations, or maintain security).

13.3 Right to Correct

You have the right to request that we correct inaccurate personal information that we maintain about you.

13.5 Right to Opt-Out of Sale/Sharing

Reavue does not "sell" personal information in the traditional sense or "share" it for cross-context behavioral advertising as defined under CCPA/CPRA. We only disclose information to service providers as necessary to provide the Service requested by you.

13.6 Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. This means we will not deny goods or services, charge different prices, provide a different level of quality, or suggest that you may receive discriminatory treatment.

To exercise your California privacy rights (Know, Delete, Correct), please submit a verifiable consumer request to us by contacting contact@reavue.com. Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your personal information. We will need to verify your identity before processing your request.

We may update this Privacy Notice from time to time to reflect changes in our practices, technologies, service providers, legal requirements, or other factors. When we make changes, we will revise the "Last Updated" date at the top of this Notice.

If we make material changes to how we treat your personal information, we will provide notice through the Service interface or by other means, such as sending an email to the address associated with your account, potentially in advance of the change becoming effective. We encourage you to review this Privacy Notice periodically to stay informed about how we are protecting your information.

Your continued use of our Service after any changes or revisions to this Privacy Notice shall indicate your agreement with the terms of such revised Privacy Notice. If you do not agree to the updated terms, you must stop using the Service.

If you have any questions, comments, or concerns about this Privacy Notice, our data practices, or your privacy rights, please do not hesitate to contact us at:

Email: contact@reavue.com

We will endeavor to respond to your inquiry promptly and within any timeframe required by applicable law.

© 2025 Reavue. All rights reserved.