Revvy Review Composer - Privacy Policy

(a) Personal information provided by the user

• Email address
• Business name
• API authentication token
• Authentication cookie - the extension reads a session cookie from api.revvy-app.com to verify your login status. This cookie is set by Revvy's own servers and is not read from any third-party site.
• Password - during login, your email and password are transmitted over HTTPS to api.revvy-app.com for authentication. Your password is never stored in the extension or in local storage; it is used only to obtain an authentication token.

(b) User preferences

• Default response tone
• Default response length
• Brand context text

(c) Review data extracted from web pages

When you click the "Draft Reply" button on a supported review platform, the extension reads the following from the page:

• Review text
• Reviewer's public display name
• The star rating, where the platform provides one. On Facebook this is a "recommends / doesn't recommend" recommendation rather than a 1 to 5 star rating
• Platform name

This data is only read when you explicitly click the "Draft Reply" button. The extension never reads review data automatically, and it does not monitor your browsing activity. The extension uses a standard browser API (MutationObserver) to detect when new reviews load dynamically on supported platforms, solely to inject the "Draft Reply" button into the page. This observer does not read, record, or transmit any page content.

(d) Data we do not collect

• Browsing history
• Data from non-review pages
• Analytics or tracking data
• Cookies from third-party sites (the extension only reads its own authentication cookie from api.revvy-app.com, which is a Revvy-operated domain)
• Anything from Google properties (including Google Search, Google Maps, and Google Business Profile)

Local storage

The extension stores data in your browser via chrome.storage.sync:

• API authentication token
• Business ID
• Email address
• Business name
• Preferences (tone, length, brand context)

This data syncs across your Chrome browsers via your Google account. It is not sent to third parties.

Server-side storage

Review text is not logged or permanently stored on our servers. It is used only in real time to generate a draft response. Account data is governed by the main Revvy Privacy Policy.

Retention and deletion

Local data persists until you sign out of the extension, uninstall it, or clear extension data in Chrome settings. To request deletion of your account and associated data, email support@revvy-app.com.

Service providers

Our infrastructure is hosted by Railway under a data processing agreement. Railway does not have independent access to your data and only processes it on our behalf.

Legal disclosure

We may disclose personal information if required to do so by law or in response to valid requests by public authorities.

8.1 UK and EU GDPR

If you are in the United Kingdom or the European Union, you have the following rights under the UK GDPR and EU GDPR:

• Right to access your personal data
• Right to correct inaccurate data
• Right to delete your data
• Right to restrict processing
• Right to object to processing
• Right to data portability

Our legal basis for processing is legitimate interest. The extension is operated by Huw Williams (trading as revvy), registered with the UK Information Commissioner's Office under registration number ZC115483.

8.2 California CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt out of the sale of personal information

We do not sell personal information.