Privacy Policy

Last updated: March 24, 2026

1. Information We Collect

We collect the following information:

• Account information: Your name, email address, and business name when you sign up.
• Review data: Customer reviews from your connected business listings, including reviewer names, ratings, and review content.
• Response data: AI-drafted responses, your edits, and approval/rejection decisions.
• Usage data: How you interact with the Service (login times, features used, approval patterns).
• Waitlist data: Email address and submission timestamp when you join our waitlist.

2. How We Use Your Information

• To provide the Service: monitoring reviews, drafting responses, sending notifications.
• To improve response quality by learning your brand voice and approval patterns.
• To generate analytics and reports about your review performance.
• To communicate with you about your account and the Service.

3. Third-Party Data Processing

We use the following third-party services to process your data:

• Anthropic (Claude AI): Review content is sent to Anthropic's API to generate response drafts. Anthropic's data usage policy applies. Anthropic does not use API inputs to train models.
• Supabase: Our database provider, hosted in the United States. Stores all account, review, and response data.
• Stripe: Payment processing. We do not store your credit card information directly.
• Google Business Profile API: To read your reviews and post approved responses.

4. Data Retention

• Active account data is retained for the duration of your subscription.
• After cancellation, data is retained for 30 days and then permanently deleted.
• You may request immediate deletion at any time by contacting us.
• Waitlist data is retained until you unsubscribe or the waitlist closes.

5. Data Security

We use industry-standard security measures including:

• Encryption in transit (TLS/HTTPS) for all data transmission.
• Row-level security policies on our database restricting access to authorized services only.
• Webhook authentication for all inbound data.
• No public access to client review data or response drafts.

6. Your Rights

You have the right to:

• Access all data we hold about your business.
• Request correction of inaccurate data.
• Request deletion of your data.
• Export your data in a standard format.
• Withdraw consent for data processing (which will require cancellation of the Service).

7. Cookies

Our landing page does not use cookies. The application dashboard may use session cookies for authentication purposes only.

8. Children's Privacy

GradeGuard is a business service not intended for use by individuals under 18 years of age.

9. Changes to This Policy

We will notify active subscribers of material changes via email. The "Last updated" date at the top of this page indicates when changes were last made.

10. Contact

For privacy-related questions or data requests, contact us at privacy@gradeguard.co.