ReviewGlass logo

Privacy Policy

Effective date: · Last updated:

1. Introduction

ReviewGlass (“ReviewGlass”, “we”, “us”) provides human-verified reviews, profiles, and widgets for businesses and their customers. This Privacy Policy explains how we collect, use, disclose, and safeguard personal data when you use our websites, widgets, and services (collectively, the “Services”).

By using the Services, you agree to the practices described here. If you do not agree, please do not use the Services.

2. Who is responsible for your data

ReviewGlass is the controller of your personal data for the purposes described in this Policy. If your data is submitted by a business using our Services, that business may also be a controller. For questions, see Contact Us.

3. Data we collect

3.1 Data you provide

  • Account and profile data: name, email address, password, business details.
  • Content: reviews, ratings, comments, messages, attachments, links.
  • Payments: billing name, address, VAT/tax info (processed via our payment processors).
  • Support: information you include in requests via our contact form.
  • Consent & preferences: marketing opt-ins, cookie choices.

3.2 Data collected automatically

  • Usage data: pages viewed, clicks, referring/exit pages, timestamps, language, approximate location derived from IP, and similar diagnostic data.
  • Device & log data: browser type/version, OS, device identifiers, IP address, error logs.
  • Cookies & similar tech: see Cookies & Tracking.

3.3 Data from third parties

  • Business data submitted by businesses using our Services.
  • Integrations you connect (e.g., website, CRM, ecommerce platform) supplying order or customer status for verification.
  • Service providers (fraud prevention, analytics, advertising) and publicly available sources.

4. How we use personal data

  • Provide and operate the Services, including verification, moderation, and widgets.
  • Process transactions and manage subscriptions.
  • Maintain safety, prevent fraud, abuse, spam, and enforce our terms.
  • Improve performance, features, and user experience (including analytics and research).
  • Communicate service updates, security alerts, and administrative messages.
  • Marketing with your consent or as permitted by law, with opt-out options.
  • Legal compliance, record-keeping, and exercising legal claims.

5. Legal bases (EEA/UK)

Where GDPR/UK GDPR applies, we rely on one or more of the following:

  • Contract (Art. 6(1)(b)) – to provide the Services you request.
  • Legitimate interests (Art. 6(1)(f)) – e.g., to secure and improve the Services.
  • Consent (Art. 6(1)(a)) – e.g., for certain cookies or direct marketing.
  • Legal obligation (Art. 6(1)(c)) – to comply with law.

6. Sharing & disclosure

  • Service providers (hosting, security, analytics, email, payments, support) under contracts requiring appropriate safeguards.
  • Verification & moderation partners to detect fraud or policy violations.
  • Business customers (for content you post about them, consistent with the Service purpose).
  • Legal and safety when required by law or to protect rights, users, or the public.
  • Business transfers in connection with a merger, sale, or reorganization.
  • With your direction or consent.

7. Cookies & tracking

We use cookies, local storage, and similar technologies to keep you signed in, remember preferences, perform analytics, and improve the Services. Where required, we request your consent.

  • Strictly necessary (authentication, security, load-balancing)
  • Preferences (language, cookie choices)
  • Analytics (performance, usage patterns)
  • Marketing (only with consent where applicable)

You can change your cookie preferences anytime through your browser settings.

8. Data retention

We retain personal data for as long as necessary to provide the Services, comply with our legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and purpose.

9. Your rights

Depending on your location, you may have rights to access, correct, delete, restrict, or object to processing, to portability, and to withdraw consent. You may also have the right to lodge a complaint with your supervisory authority. We will not discriminate against you for exercising your rights.

To exercise rights, see Contact Us. We may need to verify your identity.

10. International transfers

Where data is transferred internationally, we implement appropriate safeguards such as standard contractual clauses or equivalent mechanisms, and take steps to protect your information in accordance with applicable law.

11. Security

We use technical and organizational measures designed to protect personal data. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

12. Children

The Services are not directed to children under the age where parental consent is required by law in your jurisdiction. We do not knowingly collect data from such children. If you believe a child has provided personal data, contact us to request deletion.

13. Region-specific notices

13.1 California (CCPA/CPRA)

California residents can request access, correction, deletion, and information about disclosures. We do not “sell” or “share” personal information as defined by CPRA, nor use sensitive personal information for the purpose of inferring characteristics. You may use authorized agents subject to verification.

13.2 EEA/UK

You have the rights described in Section 9. Our lawful bases are listed in Section 5. You may contact your supervisory authority, including the ICO (UK) or your local DPA.

14. Changes to this Policy

We may update this Policy from time to time. Material changes will be indicated by updating the “Last updated” date and, where appropriate, by additional notice.

15. Contact Us

If you have questions or requests about this Policy, please reach out: