Privacy Policy

Effective: [TO BE FILLED IN BEFORE PUBLISH] · Last updated: [TO BE FILLED IN]

⚠️ Draft notice: this is a working draft pending lawyer review. Effective dates and the entity address will be filled in before this page goes live.

ReviewPilot ("ReviewPilot," "we," "us") is operated by Togtuun LLC ("Company"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

1. Who we are

ReviewPilot is a SaaS tool that helps US-based medical spas respond to Google reviews and request post-visit Google reviews via SMS. Contact: support@togtuun.com.

2. Information we collect

2.1 You provide

Account info (name, email, phone, business name, address, EIN), billing info (handled by Stripe), and content you upload (client first name + phone for SMS review requests).

2.2 From Google (Google User Data)

When you connect your Google Business Profile via OAuth: profile email and name, locations, reviews (text, rating, reviewer name, timestamp), and replies you have posted. We use this only to provide the service.

2.3 Automatic

Log data (IP, user agent, timestamps) and aggregate analytics (Plausible, no cookies).

3. Google API Services User Data Policy — Limited Use

ReviewPilot's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

We do not transfer Google user data to third parties except as necessary to provide or improve the service (sending review text to Anthropic to draft a reply for you).
We do not use Google user data to serve ads.
We do not allow humans to read Google user data unless you give explicit consent for specific messages, you uploaded the data, security investigation requires it, or law requires it.
We do not use Google user data to develop, improve, or train generalized AI models. Anthropic, our LLM provider, is contractually bound to not train on customer data.

4. How we use information

To operate the service (read reviews, draft replies, post your approved replies, send SMS), to bill you, to email you about service updates and support, and to comply with law.

5. Subprocessors

Vendor	Purpose	Data shared
Supabase	Database hosting	All app data
Anthropic	LLM (Claude) for reply drafting	Review text + your past replies
Twilio	SMS delivery	Recipient first name, phone, business name
Stripe	Payment processing	Email, billing info
Cloudflare	CDN, DNS, edge	Request metadata
Plausible	Site analytics	Aggregated, no personal data
Google Workspace	Internal email	Inbound/outbound emails to you

We do not sell personal information. We do not share for cross-context behavioral advertising.

6. Retention

Account data: while account is active. Deleted within 30 days of closure on request.
Review text: cached up to 90 days for performance, then purged.
SMS recipient phone numbers: while account is active. Deleted on opt-out within 7 days.
Logs: 30 days.

7. Security

TLS in transit, AES-256 at rest. OAuth tokens encrypted in DB. Secrets stored in encrypted env vars. Access logging on all admin actions.

8. Your rights

Access, correction, deletion, portability. California (CCPA/CPRA), Colorado, Connecticut, Virginia, Utah residents have additional rights. To exercise any right, email privacy@togtuun.com.

9. Revoking Google access

You can revoke ReviewPilot's access to your Google account anytime at myaccount.google.com/permissions. We will retain copies of replies already drafted for 30 days then delete.

10. SMS

SMS goes only to numbers you provide for the service you signed up for. Recipients can reply STOP to opt out, HELP for help. STOP/HELP are honored automatically and the recipient is suppressed within minutes.

11. Children

ReviewPilot is not directed to anyone under 18.

12. International transfers

Our infrastructure is in the US. If you're accessing from outside the US, your data is processed in the US.

13. Changes

We notify you of material changes by email at least 30 days before they take effect.

14. Contact

General: support@togtuun.com · Privacy: privacy@togtuun.com