RateCollectorratecollector

Privacy Policy

Last updated: September 29, 2025

This Privacy Policy explains how RateCollector (“we”, “us”, or “our”) collects, uses, discloses, and protects information when you use our software-as-a-service platform, integrations, websites, and related services (collectively, the “Service”). By accessing or using the Service, you agree to this Policy. If you do not agree, you must discontinue use of the Service.

1. Information We Collect

We collect the following categories of information to operate and improve the Service:

  • Account Information: name, email address, password hash (managed by Firebase Auth), authentication tokens, and profile settings you provide during registration or sign-in via Google or email.
  • Business & Location Data: Google Place IDs, location names, industry/category details, branding assets, banners, and QR templates you upload or configure in the dashboard.
  • Customer Interaction Data: quiz responses, AI-generated review drafts, selected star ratings, and review replies prepared through the dashboard. We store drafts and interaction metadata to help you manage customer feedback.
  • Payment & Subscription Data: subscription status, plan selection, billing history, and Stripe customer identifiers. Full payment card data is processed and stored exclusively by Stripe.
  • Support & Communications: messages sent through the contact form, email correspondence, and any files or screenshots you choose to share with us.
  • Device & Usage Information: IP address, browser type, device metadata, language preference, and session cookies necessary for authentication, security, and fraud prevention.
  • Google Business Profile Data: OAuth tokens, account lists, location metadata, and public review content retrieved when you connect your Google Business Profile to the Service.

2. How We Use Your Information

We use collected information to:

  • Authenticate users, manage subscriptions, and deliver core Service features.
  • Create, customize, and distribute QR codes, banners, and review collection experiences.
  • Generate AI-assisted review drafts and suggested responses aligned with your brand voice.
  • Sync Google Business Profile data, display recent reviews, and streamline reply management.
  • Process payments, detect fraud, and enforce our Terms of Service.
  • Provide customer support, respond to inquiries, and troubleshoot issues.
  • Analyze aggregated, anonymized usage patterns to improve performance and reliability.

3. Legal Bases for Processing

If you reside in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal grounds for processing include: (i) performance of a contract to deliver the Service; (ii) our legitimate interests in operating, securing, and improving the Service; (iii) compliance with legal obligations; and (iv) your consent for optional integrations, marketing communications, or other processing that requires consent.

4. AI Review Generation

When you or your customers request AI assistance, prompts and contextual data are sent securely to Google Gemini APIs. We transmit only the minimum information necessary to generate relevant output (e.g., business category, tone, customer notes). Generated content is returned to the dashboard and stored in Firestore so you can review, edit, or discard it. We do not use AI outputs to train our own models.

5. Data Sharing & Disclosure

We do not sell your personal information. We share data only with:

  • Service Providers: Firebase (hosting, authentication, database, storage), Google (OAuth, Gemini, Google Business Profile APIs), Stripe (billing), email service providers, customer support tools, and trusted infrastructure partners. Each provider processes data under written agreements and implements industry-standard safeguards.
  • Authorized Users: Business owners and team members you invite can access the data stored within your workspace, subject to your permissions.
  • Legal & Compliance: We may disclose information to regulators, law enforcement, or other parties when required by law, court order, or to protect your rights, our rights, or the safety of others.
  • Business Transfers: If we enter into a merger, acquisition, or asset sale, your information may be transferred as part of that transaction, subject to this Policy.

6. Data Storage & Security

  • Customer and business data are stored in Google Cloud Firestore with role-based access controls.
  • Authentication tokens, API keys, and OAuth credentials are encrypted at rest and in transit.
  • We apply least-privilege access, audit logs, and automated monitoring to detect suspicious activity.
  • While we work hard to secure your data, no method of transmission or storage is 100% secure. If we detect a breach, we will notify affected users in line with applicable regulations.

7. Data Retention

We retain data for as long as your account remains active or as needed to provide the Service. When you delete content or close your account, we schedule associated data for deletion within a reasonable timeframe unless retention is required for legal, tax, or compliance purposes. Aggregated or anonymized analytics may be stored indefinitely.

8. International Data Transfers

We operate primarily from the European Union but rely on global cloud infrastructure. When data is transferred outside your jurisdiction, we implement safeguards such as Standard Contractual Clauses and data processing agreements to protect your rights.

9. Your Rights

Depending on your location, you may have the right to access, correct, update, export, restrict, delete, or object to our processing of your personal information. You can manage most settings from the dashboard or by contacting us. We will respond to verified requests within the timeframe required by law.

10. Cookies & Similar Technologies

We use essential cookies and local storage to maintain sessions, remember language preferences, and protect against CSRF attacks. We do not run third-party advertising trackers. You can control cookies through your browser settings, but disabling required cookies may impact functionality.

11. Children’s Privacy

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us so we can delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page and, when appropriate, notify you via email or dashboard alerts. Continued use of the Service after changes are posted constitutes acceptance of the revised Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please reach out to us at contact@ratecollector.com.