Privacy Policy · ReviewScan

ReviewScan ("we", "us") helps small businesses collect feedback and Google reviews via QR codes. This policy explains what data we collect, why, and the choices you have. We aim to collect the minimum needed to operate the service.

1. Information We Collect

Account information

Email address and display name (for sign-up / sign-in).
Authentication provider (email + password, Google, or Apple).

Business information you create

Business name, category and Google Review URL.
QR codes generated for that business.

Customer scans (anonymous)

Star rating (1–5) submitted by your customers.
Optional private feedback text submitted when a customer rates 3 or below. We do not collect the customer's identity.
Timestamp of the scan.

Subscription / purchase data

Receipts validated server-side via Apple App Store Server API or Google Play Developer API.
Subscription product id, expiry, auto-renew status. We never see or store your payment card details — those stay with Apple / Google.

Diagnostics

Server-side error logs (no personal data) for reliability and abuse prevention. We do not use third-party analytics or ad SDKs.

2. How We Use Your Data

To create and operate your account.
To generate your QR codes and route scans to Google reviews or to your private feedback inbox.
To verify subscription purchases and unlock Pro features.
To enforce daily scan quotas on the free tier and prevent abuse.
To respond to support requests.

3. Sharing & Sub-processors

We do not sell your data. We share data only with the sub-processors required to run the service:

Google Firebase (Authentication, Firestore, Cloud Functions, Hosting) — primary backend.
Apple App Store / Google Play — for purchase verification and subscription notifications.

When a customer chooses to leave a Google review, they leave the app and are redirected to Google. Google's privacy policy then applies.

4. Retention

We retain account and business data for as long as your account is active. You may delete your account at any time from inside the app ("Settings → Delete account"). On deletion we remove your account, businesses, scans and subscription record. Backups are purged on a rolling 30-day schedule.

5. Your Rights

Depending on where you live (e.g. EU/UK GDPR, California CCPA) you may have rights to access, correct, export or delete your data. Email us at support@reviewscan.app and we will respond within 30 days.

6. Children

ReviewScan is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children.

7. Security

Data is encrypted in transit (TLS) and at rest (Firebase managed). Only Cloud Functions running with admin privileges can write to subscription and scan records — clients cannot bypass these checks.

8. Contact

Questions about this policy? Email support@reviewscan.app.