This Privacy Policy describes how REVIEWFLOWZ SAS, a French société par actions simplifiée registered under SIREN 928798891, with its registered office at 870 chemin du vallon des mourgues, 13090 Aix-en-Provence, France ("Reviewflowz", "we", "us", or "our"), collects, uses, stores, and protects your personal data when you use our platform and services.
Reviewflowz is the data controller for the personal data described in this Privacy Policy. For data processed on behalf of our customers (Customer Data), we act as a data processor — see Section 7 below.
For any questions about this Privacy Policy or to exercise your rights, contact us at hello@reviewflowz.com.
When you create an account, we collect:
If you register or log in via a third-party provider (Slack, Google), we receive your name, email address, and profile picture from that provider.
We automatically collect data about how you and your users interact with the platform, including:
Service Usage Data may include identifiable information such as your name, email address, and account details. We use this data to monitor, improve, and enhance the Services, diagnose issues, and inform product development. Service Usage Data is collected via PostHog (hosted in the EU).
When you use Reviewflowz, you and your users may upload or configure data including:
We process Customer Data solely on your behalf as a data processor. See Section 7 for details.
The Services collect reviews, ratings, comments, reviewer names, profile information, and associated metadata from Third-Party Platforms (such as Google, Trustpilot, Apple App Store, Google Play Store, and others) on your behalf. This data may include personal data of third-party reviewers (names, profile pictures, review content). We process this data on your behalf as a data processor and at your instruction.
When you contact us via Intercom or email, we collect the content of your messages, your email address, and any attachments you provide.
See Section 5 below for our full cookie policy.
We use your personal data for the following purposes, with the corresponding legal basis under GDPR:
You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
We do not sell your personal data. We share personal data only in the following circumstances:
We use the following sub-processors to provide the Services. All sub-processors processing personal data are based in the EU or process data within the EU:
Note on Intercom: Intercom processes user email addresses for the purpose of providing in-app support. Intercom may transfer data to the US under Standard Contractual Clauses (SCCs). No other personal data is shared with Intercom.
Note on AI providers: When you use AI-powered features, review data and your configuration settings are transmitted to third-party AI providers for processing. These providers process data as sub-processors under our instructions. Their processing is limited to generating the requested output and they do not retain your data for their own purposes.
We may update this list from time to time. Material changes to sub-processors will be communicated via email or notice within the Services.
We use cookies and similar technologies on our website and platform.
These cookies are essential for the platform to function. They handle authentication, session management, and security. They are always active.
We use PostHog (hosted in the EU) for analytics and user session recordings. These cookies help us understand how users interact with the platform, diagnose issues, and improve the Services.
We use cookies from Google Ads and LinkedIn Ads to measure the effectiveness of our advertising campaigns and to serve relevant ads to visitors on other platforms.
Intercom places cookies to provide in-app messaging and support functionality.
For more information about cookies and how to manage or delete them in your browser, visit www.allaboutcookies.org.
We retain your data for the following periods:
You may request deletion of your account and personal data at any time by contacting us at hello@reviewflowz.com. We will process your request within 30 days. Certain data may be retained where required by law.
When you use Reviewflowz, you may instruct us to process personal data on your behalf — for example, reviewer names and profile information in Third-Party Review Data, or email addresses and phone numbers of recipients of review requests. In this context:
Our processing activities as a data processor are governed by our Data Processing Agreement (DPA), available upon request. Enterprise customers with a signed SaaS Services Agreement have a DPA attached as an annex to that agreement.
If you send review requests through the Services (via email, SMS, or WhatsApp), you are responsible for ensuring you have appropriate consent or another lawful basis to contact those individuals. We process their contact information solely to send the review request on your behalf and do not use it for any other purpose.
Your personal data is stored and processed within the European Union. Our primary infrastructure is hosted on in the EU (Dublin).
We do not transfer personal data outside the EU as a matter of course. Where a sub-processor may process data outside the EU (see Section 4), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
We implement appropriate technical and organisational measures to protect your personal data, including:
No method of transmission over the internet or electronic storage is 100% secure. While we take commercially reasonable measures to protect your data, we cannot guarantee absolute security. If you become aware of any security issue, please notify us immediately at hello@reviewflowz.com.
If you are located in the European Economic Area (EEA), you have the following rights regarding your personal data:
To exercise any of these rights, contact us at hello@reviewflowz.com. We will respond within 30 days. If we need more time (up to an additional 60 days for complex requests), we will inform you within the initial 30-day period.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
We do not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on individuals (within the meaning of Article 22 GDPR). Our AI-powered features may generate and publish review responses automatically based on rules configured by the customer. This does not constitute automated decision-making within the meaning of GDPR, as it does not produce legal or similarly significant effects on any individual.
The Services are intended for business use and are not directed at individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected personal data from a minor, we will take steps to delete it promptly. If you believe a minor has provided us with personal data, please contact us at hello@reviewflowz.com.
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page and, for significant changes, by email or prominent notice within the Services. Your continued use of the Services after such changes constitutes acceptance of the revised Privacy Policy.
For any questions about this Privacy Policy, to exercise your data rights, or to raise a privacy concern, please contact us at:
REVIEWFLOWZ SAS
870 chemin du vallon des mourgues, 13090 Aix-en-Provence, France
Email: hello@reviewflowz.com
We do not have a Data Protection Officer, as we are not required to appoint one under Article 37 GDPR (we employ fewer than 250 people and do not carry out large-scale processing of special categories of data or systematic monitoring of individuals). All privacy inquiries are handled directly by the company's management.