About Us

Customer Reviews Pty Ltd (ABN: 42 620 966 663) operates CustomerReviews.io ("we", "us", "our", or "CustomerReviews"). We provide software that helps businesses collect, manage, and display customer reviews.

This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website and services.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We recommend reviewing this policy periodically.

Who Uses Our Service

CustomerReviews serves two distinct groups:

Business Users (Our Customers):
Businesses that use our platform to collect, manage, and display customer reviews.

Review Authors (End Customers):
Individuals who leave reviews about businesses. Review authors submit reviews but do not create accounts.

What We Do

CustomerReviews provides businesses with tools to:

• Collect and manage Google reviews
• Collect reviews on the CustomerReviews.io platform
• Collect and display customer photos
• Send automated review request emails to customers
• Respond to reviews and sync responses to Google Business Profile
• Provide review widgets for display on business websites
• Generate analytics and export review data
• Send service updates and notifications

Information We Collect

1. Information You Provide Directly

For Business Users (our customers):

• Business name and registration details (ABN, company number)
• Your name and email address
• Phone number (optional)
• Physical business address
• Business website URL
• Industry/category information
• Billing information (processed through our payment providers)
• Google Business Profile connection details
• API access keys
• Team member information (if you add team accounts)

For Review Authors (people leaving reviews):

• Name and email address
• Order number or reference ID (if provided by the business)
• Review text and star ratings
• Photos you upload (optional)
• Private feedback (if you choose to submit it instead of or in addition to a public review)
• Any other information you include in your review or feedback

2. Information We Collect Automatically

When you use our website or services, we collect:

• IP address and device information
• Browser type and operating system
• Pages visited and time spent on our site
• Referring website
• Geographic location (city/country level derived from IP address for analytics)
• Review request interaction data (email opens, clicks, submission timing)
• Cookies and similar tracking technologies (see Cookie Policy below)

3. Information From Third Parties

Google: When you connect your Google Business Profile, we receive business information and review data from Google. When you respond to reviews through our platform, we send those responses to Google.

Payment Processors: Transaction confirmation and billing information from Stripe and PayPal

Business Customers: When a business you've interacted with uses CustomerReviews, they may provide us with your email address and order information to send you a review request. If they use our BCC email feature, we receive this information automatically when they copy us on their customer communications.

How We Use Your Information

For Business Users:

• Provide and maintain our review management service
• Process payments and send billing information
• Send service updates and important notices
• Provide customer support
• Improve our services and develop new features
• Provide API access and team collaboration features
• Send marketing communications (only with your express consent via opt-in checkbox)

For Review Authors:

• Send review request emails on behalf of businesses (including reminder emails)
• Process order numbers to track and link reviews to specific purchases
• Publish your reviews on CustomerReviews.io and business websites (via widgets)
• Display your photos alongside reviews (after business approval)
• Collect and forward private feedback to businesses (if you choose this option)
• Send email notifications when businesses respond to your review
• Track geographic distribution of reviews for business analytics
• Respond to your inquiries about reviews

General Purposes:

• Comply with legal obligations
• Prevent fraud and maintain service security
• Resolve disputes and enforce our Terms of Service
• Analyze usage patterns to improve user experience

Email Communications and Tracking

We send emails for review requests, account notifications, and service updates using Amazon Web Services Simple Email Service (AWS SES).

Email Tracking Technology:

When we send review request emails on behalf of businesses, we use tracking technology to detect when emails are opened and which links are clicked. This helps businesses understand engagement with their review requests.

Email tracking collects:

• Email open time and date
• IP address when email is opened
• Device/email client used
• Link click behavior

Legal Basis for Email Tracking:

We process email tracking data based on our legitimate interest in measuring review request effectiveness and helping businesses improve customer engagement (GDPR Article 6(1)(f)). You can object to this processing by unsubscribing from review requests at any time.

Marketing Emails (Business Users Only):

We will only send marketing emails to business users if you have explicitly opted in by checking a consent box. You can unsubscribe from marketing emails at any time.

How to unsubscribe:

• Click the unsubscribe link in any marketing email
• Contact us at support@customerreviews.io
• Manage your preferences in your account settings

Transactional emails (review requests, service notifications, billing) are always sent regardless of marketing preferences, as they are necessary for the service.

Cookie Policy

What Cookies We Use:

Essential Cookies: Required for the service to function (login sessions, security, CSRF protection)

Analytics Cookies: Analytics services (such as SimpleAnalytics and Google Analytics) to understand how visitors use our site

Advertising Cookies: Advertising platforms (such as Meta/Facebook Pixel) for conversion tracking and campaign measurement

Managing Cookies:

When you first visit our site, you'll see a cookie consent banner allowing you to accept or reject non-essential cookies (analytics and advertising). You can control cookies through your browser settings or our cookie preference center.

Note that disabling essential cookies may prevent you from using certain features of our service.

Review Widgets

Our review widgets display reviews on business websites. The widget:

• Fetches review content from our servers
• Does NOT track website visitors
• Does NOT set cookies on website visitors
• Does NOT require cookie consent from visitors

Businesses can install our widget without needing to update their privacy policy specifically for our widget.

Automated Review Collection via Email (BCC Feature)

Business customers can use our BCC email collection feature to automatically request reviews from their customers.

How it works:

When a business BCCs our system email address (e.g., reviews-[id]@customerreviews.io) on their customer communications, we automatically extract customer information (name, email address, and optionally order/reference numbers) to send a review request after a configurable delay (typically 24-48 hours).

Data we process from BCC'd emails:

• Recipient email addresses
• Recipient names (from email headers)
• Order numbers or reference IDs
• Email timestamp (to calculate review request delay)

Important data handling:

Email body content is deleted immediately after data extraction (within minutes)

• Extracted customer data (name, email, order number) is retained for business record-keeping, performance analytics, and customer re-engagement purposes

• You can request deletion of your information at any time by contacting support@customerreviews.io (processed within 30 days)

For review authors:

If a business uses our BCC feature, you may receive a review request email from us even though you only communicated with the business directly. The business has shared your contact information with us for the purpose of collecting your feedback.

For Business Customers Using BCC Feature:

By using our BCC email feature, you confirm that you have the lawful authority to share customer contact information with us for review collection purposes and that your customers are aware of your use of third-party services as disclosed in your own privacy policy or terms of service.

We do not permanently store email communications and only extract the minimum information necessary to send review requests.

Private Feedback Option

When you receive a review request, you have multiple options for providing feedback:

Public Reviews:

• Leave a review on Google Business Profile (publicly visible)
• Leave a review on CustomerReviews.io (publicly visible on business profile pages)

Private Feedback:

You can optionally send private feedback directly to the business instead of leaving a public review. This feedback is only visible to the business and is not published publicly. Private feedback allows you to share concerns or suggestions confidentially.

Important: The public review option is always available. Private feedback is an optional alternative, not a replacement. You can choose which option works best for you.

Review Request Management

Review Reminders:

If you don't respond to the initial review request, we may send reminder emails (typically 1-2 reminders over 7-14 days). You can unsubscribe from these reminders at any time using the link in any email.

Request Blocking:

Businesses can stop or block review requests to specific email addresses. If blocked, you will not receive future review requests from that business through our platform.

To stop receiving review requests, click the unsubscribe link in any review request email or contact the business directly.

Analytics and Performance Tracking

We collect and analyze data to help businesses understand and improve their review collection:

Email Performance: Open rates, click rates, and delivery status
Conversion Metrics: Percentage of requests that result in submitted reviews
Geographic Distribution: IP address-based location tracking (city/country level) to show where reviews originate
Response Times: How quickly customers respond to review requests
Rating Distribution: Analysis of star ratings and review sentiment

This analytics data is aggregated and provided to business customers through dashboard reports, charts, and insights. Individual customer behavior is tracked to improve service delivery.

Third-Party Services

We share your information with the following trusted service providers:

Payment Processing: Stripe & PayPal

Review Management: Google (review synchronization, Google Business Profile integration, syncing review responses to Google)

Email Services: Amazon SES (AWS) for sending review requests and notifications with open/click tracking

Infrastructure: Hetzner (server hosting in United States), Cloudflare (content delivery and security)

Analytics: Website analytics services (such as SimpleAnalytics and Google Analytics)

Advertising: Advertising platforms (such as Meta/Facebook) for conversion tracking and campaign measurement

Customer Support: Customer support and communication tools

We may also use additional third-party service providers for analytics, customer support, infrastructure, or other operational purposes as needed to deliver and improve our services.

These providers are contractually required to protect your data and use it only for the purposes we specify.

Data Retention

We retain your personal information based on the following categories:

Business Accounts:

• Active accounts: Duration of subscription plus 12 months
• Inactive accounts: Automatically deleted after 24 months of inactivity

Published Reviews:

Retained as long as the review remains published or until you request deletion. We need your email address to send response notifications, verify your identity for review changes or deletions, and prevent duplicate reviews.

Private Feedback:

Retained as long as the business account is active. Private feedback is business property used for service improvement and internal record-keeping. It is deleted when the business closes their account or upon your deletion request.

Review Request Data (including customer email addresses):

Retained for as long as necessary for business record-keeping, performance analytics, and customer re-engagement purposes. This data helps businesses understand review collection performance and maintain customer communication history.

You can request deletion of your information at any time by contacting support@customerreviews.io. We will process deletion requests within 30 days.

BCC Email Content:

Email body content is deleted immediately after data extraction (within minutes)

• We only retain customer name, email address, and order number extracted from the email
• We do not store full email communications or message content

Order Numbers:

Retained with associated review or feedback data

Billing Records:

7 years (Australian tax compliance requirements)

Marketing Consent Records:

Until consent is withdrawn, then deleted within 30 days

Your Right to Deletion:

You can request deletion of your personal data at any time by contacting support@customerreviews.io. We will process deletion requests within 30 days. Once deleted from our platform, reviews may still appear in search engine caches or third-party archives.

International Data Transfers

Your data is stored on servers in the United States (Hetzner). For customers in the UK, Australia, Canada, and other countries, this means your data is transferred internationally.

We ensure your data is protected through:

Standard Contractual Clauses with our hosting and service providers for UK/EU data transfers

• Use of providers with strong data protection certifications (AWS, Cloudflare, Hetzner)
• Encryption of data in transit (SSL/TLS) and at rest
• Regular security audits and compliance reviews

Data Security

We implement industry-standard security measures including:

• Encrypted data transmission (SSL/TLS)
• Secure password hashing
• Regular security audits
• Access controls and authentication
• Secure payment processing (we never store full credit card details)

While we take all reasonable precautions, no internet transmission is 100% secure. We cannot guarantee absolute security.

Photo Uploads and Privacy

When you upload photos with your review:

• Photos are automatically resized and optimized for web display
• All metadata (EXIF data) including GPS location, camera information, and timestamps is automatically removed to protect your privacy
• Business owners must approve photos before they become publicly visible
• Once approved, photos are publicly displayed alongside your review

Your location privacy is protected - we automatically strip GPS coordinates and other identifying metadata from all uploaded photos.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and privacy, we will:

• Notify relevant authorities within 72 hours (as required by GDPR)
• Notify affected users without undue delay
• Provide details of the breach and steps we're taking
• Offer guidance on protecting yourself

Your Rights

All Users:

Access: Request a copy of the personal data we hold about you
Correction: Update or correct inaccurate information
Deletion: Request deletion of your personal data ("right to be forgotten")
Objection: Object to certain types of processing
Portability: Receive your data in a machine-readable format
UK/EU/EEA Residents (GDPR):
Restriction: Request we limit how we use your data
Withdraw Consent: Withdraw previously given consent at any time
Lodge a Complaint: Contact your local Data Protection Authority

To exercise any of these rights, contact us at support@customerreviews.io. We'll respond within 30 days.

Review Author Rights

Once you submit a review, it becomes part of the business's public profile.

To request changes or deletion:

Email support@customerreviews.io with your name, email address used for the review, business name, and details of your request. We will verify your identity and process requests within 30 days.

Important:

• Deletion removes your review from CustomerReviews.io and business widgets
• Reviews may persist in search engine caches even after deletion
• For Google reviews: Manage those through Google directly (we cannot delete them)
• Review responses from businesses will also be removed when you delete a review

Children's Privacy

CustomerReviews.io is not intended for individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected information from someone under 18, please contact us immediately and we will delete it.

Public Review Pages and Search Engines

IMPORTANT: Reviews you submit will be publicly visible and searchable.

When you leave a review:

• Your review appears on the business's public CustomerReviews page
• This page is indexed by search engines (Google, Bing, etc.)
• Your name, review text, star rating, and photos (if uploaded) are PUBLIC
• Your review may appear in Google search results
• Reviews may be displayed on business websites via our widgets
• Reviews may be cached by search engines or archived by third parties even after deletion

Public review page format example: https://business.customerreviews.io/[business-name]

Contact Us

For privacy-related questions, to exercise your rights, or to make a complaint:

Email: support@customerreviews.io
Privacy Inquiries: privacy@customerreviews.io
Business Details: Customer Reviews Pty Ltd, ABN: 42 620 966 663

If you're unsatisfied with our response, you may contact:

Australia: Office of the Australian Information Commissioner (www.oaic.gov.au)
United Kingdom: Information Commissioner's Office (ico.org.uk)
Canada: Office of the Privacy Commissioner of Canada (priv.gc.ca)
EU/EEA: Your local Data Protection Authority

This Privacy Policy is governed by the Privacy Act 1988 (Cth) and complies with the General Data Protection Regulation (GDPR) and UK GDPR where applicable.