Privacy Policy

EZReview (“we,” “us,” or “our”) is committed to protecting the privacy of business owners (“Users”) who use our platform and the customers (“End Users”) who interact with the EZReview review flow.

This Privacy Policy explains what information we collect, how we use it, how we protect it, and your rights with respect to your information. By using EZReview — including by logging in — you agree to the practices described in this policy.

Simple version:We store the minimum data needed to run the service. We don't collect customer names or contact details. We use AI to generate review text but don't use your data to train AI models without your consent. We don't sell your data. Ever.

2.1 From Business Owners (Registered Users)

2.2 From End Customers (Unauthenticated Users)

When a customer scans a business's QR code and goes through the review flow, we collect only:

• Star rating — the 1–5 star rating the customer selects.
• Survey responses— the multiple-choice answers the customer selects during the survey (e.g., “food quality: fresh and delicious”).
• Generated review text — the AI-generated review text (and which variant the customer selected or edited).
• Posted flag— whether the customer clicked “Copy & Post on Google.”

2.3 Technical Data

We automatically collect limited technical data when you access EZReview:

• IP address (for security and rate-limiting purposes — not stored long-term)
• Browser type and device type (for compatibility purposes)
• Pages visited and time spent (for service improvement)

We use the data we collect exclusively for the following purposes:

• Providing the service: Generating personalised survey questions and review text for your business using your business information and seeded reviews.
• Account management: Managing your login, subscription, and profile.
• Subscription & billing: Processing payments and managing your plan via Razorpay.
• Service improvement: Analysing aggregated, anonymised usage patterns to improve our AI models and product features.
• Security: Detecting and preventing fraud, abuse, and security threats.
• Communication: Sending transactional emails (account creation, password reset, subscription confirmations). We do not send marketing emails unless you explicitly opt in.

AI Model Training

EZReview uses OpenAI's API to power our review generation. Your seeded reviews and generated review content are not used to train OpenAI's base models.OpenAI's API usage via the Business tier does not use customer data for training. For details, see OpenAI's Enterprise Privacy Policy.

EZReview does not train its own AI models on your business data or customer survey responses. We use your seeded reviews only as context to prompt the AI during review generation.

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

We also share data if required by law, court order, or regulatory authority, or if necessary to protect the rights, property, or safety of EZReview, our users, or the public.

We implement the following security measures to protect your data:

• All data in transit is encrypted using HTTPS/TLS 1.3.
• Passwords are hashed using bcrypt — we never store plain-text passwords.
• Database access is restricted to authorised application servers only.
• API keys and secrets are stored as environment variables, never in code.
• Regular security dependency updates and vulnerability scanning.
• Session tokens are short-lived JWTs stored in secure, HTTP-only cookies.

While we take security seriously, no system is perfectly secure. In the event of a data breach that affects your personal data, we will notify affected users within 72 hours of becoming aware of the breach, in accordance with applicable law.

We retain your data for as long as your account is active or as needed to provide the service:

• Account data: Retained until you delete your account. Upon deletion, all your data is permanently removed within 30 days.
• Generated review records: Retained while your account is active. Deleted upon account deletion.
• Payment records: Retained for 7 years as required by Indian financial regulations, even after account deletion.
• Server logs (IP addresses, access logs): Retained for 30 days for security purposes, then deleted.

You can delete your account at any time from Dashboard → Settings → Account → Danger Zone. This permanently deletes all your business data, seeded reviews, generated reviews, and customer survey responses.

EZReview uses the following minimal cookies:

• Session cookie: A secure, HTTP-only cookie containing your encrypted session token. This is strictly necessary for login and cannot be disabled while using the service.
• CSRF token: A security cookie that protects against cross-site request forgery attacks.

We do not use advertising cookies, tracking pixels, or third-party analytics that track you across websites. We do not use Google Analytics, Facebook Pixel, or similar tools.

EZReview integrates with the following third-party services. Each has its own privacy policy that governs their data handling:

• OpenAI: Powers our AI review generation. Survey responses are sent to OpenAI as prompt context. OpenAI does not use API data for model training (as per their enterprise privacy commitments).
• Razorpay:Handles all payment processing. EZReview never stores your card details. Razorpay's privacy policy governs payment data.
• Google (for Google login): If you sign in with Google, we receive your name and email address from Google. We do not receive your Google Business Profile access or any data about your Google reviews.
• MSG91: Used only for sending OTP verification SMS. Your mobile number is passed to MSG91 only at the time of verification.
• Vercel:Our hosting platform. Vercel's infrastructure privacy policy applies to server-level data (logs, request metadata).

You have the following rights with respect to your personal data:

• Access: Request a copy of all personal data we hold about you and your business.
• Correction: Update or correct inaccurate information in your account settings.
• Deletion: Delete your account and all associated data from Dashboard → Settings → Account → Danger Zone. This action is irreversible.
• Portability: Request an export of your business data, seeded reviews, and generated review history in a machine-readable format.
• Objection: Object to specific processing of your data where we rely on legitimate interests as the legal basis.

To exercise any of these rights (other than deletion, which is available directly in the app), contact us at support@ezreview.in. We will respond within 30 days.

EZReview is not directed at children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete it promptly.

The end-customer review flow (scanning a QR code) does not collect any personal information, making it accessible and safe for all ages. However, account registration for business owners requires the registrant to be at least 18 years old.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by:

• Sending an email to the address on your account at least 14 days before changes take effect.
• Displaying a prominent notice in your EZReview dashboard.

The “Last updated” date at the top of this page will always reflect the date of the most recent revision. We encourage you to review this policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: