Privacy Policy

Effective date: April 14, 2026 · Last updated: April 14, 2026

1. Who We Are

ReviewWidget (“we,” “us,” or “our”) is operated by Photobooth Decor. We provide a software-as-a-service platform that lets businesses display their Google Business Profile reviews as embeddable widgets on their own websites.

This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to our dashboard at reviewwidget.com (the “Dashboard”), the embeddable review widget (the “Widget”), and any related APIs or services (collectively, the “Service”).

2. Information We Collect

2.1 Information you provide

  • Account information — When you sign up we collect your name, email address, and password (or Google account identifier if you use Google Sign-In).
  • Workspace & widget settings — Names, themes, layout preferences, and allowed-domain lists you configure in the Dashboard.
  • Support requests — Any information you provide when you contact us for help.

2.2 Information from Google

When you connect a Google Business Profile, we use OAuth 2.0 to request access. We collect:

  • OAuth tokens — A refresh token that lets us request new access tokens on your behalf. Tokens are stored server-side and never exposed to browsers or the Widget.
  • Business profile data — Account and location identifiers, business name, and reviews (reviewer display name, profile photo URL, star rating, comment text, and timestamps).

We do not access your Gmail, Google Drive, Google Contacts, or any other Google service beyond the Google Business Profile API.

2.3 Information collected automatically

  • Log data — IP address, browser type, operating system, referring URL, pages visited, and timestamps.
  • Widget load data — When a visitor’s browser loads the Widget on your website, we receive the page URL and the widget public ID. We do not set cookies or track individual visitors across sites.

3. How We Use Your Information

  • Provide the Service — Authenticate you, sync reviews, render widgets, and enforce domain allow-lists.
  • Improve the Service — Analyse usage patterns, diagnose technical issues, and develop new features.
  • Communicate with you — Send transactional emails (password resets, account alerts) and, with your consent, product updates.
  • Security & compliance — Detect fraud, enforce our Terms of Service, and meet legal obligations.

4. Google API Services — Limited Use Disclosure

ReviewWidget’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only request the scopes necessary to read your Google Business Profile reviews.
  • We do not sell, lease, or sublicense Google user data to third parties.
  • We do not use Google user data for advertising, market research, or email campaigns.
  • We do not allow humans to read your Google data except where (a) you give explicit consent, (b) it is necessary for security purposes (e.g., investigating abuse), or (c) it is required by law.

5. Data Sharing & Third Parties

We do not sell your personal data. We share information only in these limited circumstances:

  • Service providers — We use Supabase (database & auth hosting), Vercel (application hosting), and Google Cloud (API access). These providers process data on our behalf under contractual data-protection terms.
  • Widget visitors — Review content (reviewer display name, rating, comment, and photo URL as provided by Google) is served publicly through the Widget. This is the core purpose of the Service and only includes data you have chosen to display.
  • Legal requirements — We may disclose data if required by law, regulation, legal process, or governmental request.
  • Business transfers — In the event of a merger, acquisition, or asset sale, user data may be transferred. We will provide notice before data becomes subject to a different privacy policy.

6. Data Retention

  • Account data — Retained while your account is active. If you delete your account, we delete your data within 30 days (except where retention is required by law).
  • Cached reviews — Synced reviews are retained as long as the associated workspace and Google connection exist. Deleting a workspace removes all associated reviews from our database.
  • OAuth tokens — Deleted when you disconnect a Google connection or delete a workspace. You can also revoke access from your Google account permissions page.
  • Server logs — Automatically purged after 90 days.

7. Data Security

We implement industry-standard security measures to protect your data, including:

  • All data transmitted between your browser and our servers is encrypted with TLS.
  • OAuth refresh tokens are stored server-side and never exposed to client-side code.
  • Database access is restricted through row-level security policies so users can only access their own workspace data.
  • Passwords are hashed using bcrypt; we never store plaintext passwords.

No method of transmission or storage is 100% secure. If you discover a security vulnerability, please contact us immediately.

8. Cookies

The Dashboard uses essential cookies for authentication and session management. We do not use advertising or third-party tracking cookies. The embeddable Widget does not set any cookies.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Delete your data (“right to be forgotten”).
  • Export your data in a portable format.
  • Restrict or object to certain processing of your data.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at the address below. We will respond within 30 days.

10. Children’s Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the “Last updated” date. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, reach out to us:

  • Email: privacy@reviewwidget.com
  • Company: Photobooth Decor