Privacy Policy

1. Information We Collect

When you create a Replizer business account, we collect your name, username, email address, and phone number. Payment processing is handled entirely by Stripe — Replizer never collects, stores, or has access to your credit card or billing information. When you connect a review platform, you authorize Replizer through that platform's own login page using OAuth. Replizer never receives, stores, or has access to your platform passwords. We receive only an OAuth access token, which is encrypted and stored securely. We also collect the review data associated with your connected business listings, including review text, ratings, and reviewer information provided by the platform. When customers create accounts in the Replizer Rewards app, we collect their name, email address, visit history, points balance, and rewards activity. This data is associated with the customer's account and is used solely to operate the loyalty and rewards program.

2. How We Use Your Information

We use your information solely to provide the Replizer service — monitoring your reviews, generating reply suggestions, posting approved replies on your behalf, detecting fake reviews, managing customer loyalty programs, analyzing sentiment, tracking competitor ratings, and generating reports. We do not sell your personal information to third parties. We do not use your review data for any purpose other than generating replies and analysis for your business. We may use anonymized and aggregated data to improve the service, generate industry benchmarks, and develop new features. Customer data collected through the Replizer Rewards app is used exclusively to operate the loyalty program — tracking visits, points, and rewards for each customer. Customer data is NOT shared between businesses. Each business can only access data belonging to their own customers.

3. Data Storage and Security

All data is stored using industry-standard encryption at rest and in transit. We use Supabase for database storage and Stripe for payment processing. Payment card data is never stored on Replizer servers — it is handled entirely by Stripe, which is PCI-DSS compliant. OAuth tokens are encrypted at rest and scoped only to the permissions you authorized. Replizer never stores your platform usernames or passwords. Your Replizer account password is hashed using bcrypt with a unique salt — it cannot be read by anyone, including Replizer staff.

4. Third-Party Services and Integrations

Replizer integrates with third-party services to deliver platform functionality. The following categories of third-party services may receive data as part of normal platform operations: (a) REVIEW PLATFORMS — Google, Yelp, Facebook, and other connected review platforms receive OAuth authorization and may return review data to Replizer. Your use of those platforms remains subject to their own privacy policies and terms of service. (b) PAYMENT PROCESSING — Stripe processes all payment transactions. Replizer does not store payment card data. Stripe's privacy policy governs how your payment information is handled. (c) EMAIL DELIVERY — Replizer uses third-party email delivery infrastructure (including providers such as Resend and SendGrid) to distribute emails on behalf of businesses. Email delivery data, including delivery status, open rates, and bounce information, may be processed by these providers. (d) AUTOMATED CONTENT GENERATION — Replizer uses third-party service providers for automated content generation (such as system-generated reply suggestions and content drafts). Review text and related business data may be sent to these providers for this purpose and is subject to their data usage policies. (e) RESERVATION PLATFORMS — If your business uses Replizer's reservation integration features, data may be shared with reservation platforms such as OpenTable and Resy to facilitate bookings. (f) ANALYTICS — Usage analytics may be collected to help improve the platform. We do not share personally identifiable business or customer information with analytics providers.

4A. Email Tracking

When Replizer distributes emails on behalf of a business, we track delivery and engagement data including delivery status, open rates, and click data. This data is used solely to provide analytics and reporting to the business that sent the email. Email tracking data is not sold or shared with third parties. Recipients of business emails distributed through Replizer may contact us at contact@replizer.com to request information about data collected in connection with those emails.

4B. Location Data

The Replizer Rewards customer app includes a Nearby feature that uses the device's location to show businesses near the customer. Location access is entirely optional and only used when the customer explicitly grants location permission through their device's operating system. Location data is used in real time to surface nearby participating businesses and is not stored permanently on Replizer servers. Customers can revoke location permission at any time through their device settings.

4C. Push Notifications

The Replizer Rewards customer app may send push notifications to customers regarding rewards, offers, and account activity. Push notifications are only sent if the customer has granted notification permission on their device. Customers can opt out of push notifications at any time through their device's notification settings or within the Replizer Rewards app. Opting out of push notifications does not affect the customer's ability to use the app or earn rewards.

4D. Location Data for Geofencing

The Replizer Rewards app may use location data with customer consent to deliver proximity-based notifications, such as alerting customers when they are near a participating business. Location data used for geofencing is processed in real-time and is not stored permanently on Replizer servers. Customers can disable location access at any time through their device's operating system settings. Disabling location access will prevent proximity-based notifications but will not affect the customer's ability to use other features of the Replizer Rewards app, including earning and redeeming points.

4E. Photo Uploads

Customers may submit photos through the Replizer Rewards app as part of loyalty program activities (such as earning points for photo submissions or completing challenges). Photos submitted through the app are stored securely and are accessible only to the business associated with the loyalty program. Photos are not shared between businesses or with third parties. If a customer requests deletion of their Replizer Rewards account, all associated photos and user-generated content will be deleted within 30 days of the verified deletion request.

4F. Weather Data

Replizer may use publicly available weather data associated with a business's zip code or geographic area to trigger automated promotions and offers on behalf of businesses. Weather data is sourced from third-party weather data providers and is associated with business locations, not individual customer locations. No customer location data or personal information is used to retrieve or process weather data. Weather data is used solely to enable businesses to offer weather-triggered promotions to their customers.

4G. Loyalty Analytics

Replizer collects and processes loyalty program data to provide businesses with analytics and insights about their customers' engagement, visit patterns, and program performance. Anonymized and aggregated loyalty data may be used to generate industry benchmarks and trend reports. Individual customer data is never shared between businesses. Each business can only access analytics and data pertaining to their own customers and loyalty program. Aggregated benchmark data does not contain personally identifiable information and cannot be used to identify individual customers or businesses.

4H. Card Linking for Loyalty Programs

The Replizer Rewards app allows customers to link a payment card to their loyalty account so that points can be awarded automatically when they make a purchase at a participating business. When a customer links a card, Replizer stores only the last 4 digits of the card number, the card brand (e.g., Visa, Mastercard), and a secure token provided by the payment processor. Replizer does NOT store full card numbers, CVV/security codes, expiration dates, or any information that could be used to make a charge. The stored data is used solely to match a transaction at a participating business to the customer's loyalty account. Customers can unlink a card at any time from within the Replizer Rewards app, which permanently deletes the stored token and card reference from Replizer's systems.

4I. RFM Scoring

Replizer analyzes customer behavior data — including visit recency, visit frequency, and monetary spend — to generate RFM (Recency, Frequency, Monetary) scores for each customer. RFM scoring is used to help businesses better understand and serve their customers by identifying engagement levels and customer segments. RFM scores and associated customer behavior data are visible only to the business that the customer is associated with. RFM data is not shared between businesses or with third parties. Customers may request information about the data used to generate their scores by contacting the business directly.

4J. Employee Data Collection

When a business uses Replizer's employee management features, we collect the following employee data: clock-in and clock-out times, location data at the time of clock-in and clock-out events (when geofencing is enabled), task assignments and completion status, break start and end times, performance metrics and scores, and tip amounts where applicable. This data is collected solely to provide employee management functionality to the business and is accessible only to the business owner and authorized managers. Employee data is retained for as long as the business account is active. Upon account cancellation, employee data is deleted within 30 days in accordance with our standard data retention policy. Businesses are responsible for informing their employees about the data collected through Replizer's employee management tools.

4K. POS Transaction Data

When a business connects a point-of-sale system such as Square or Clover to Replizer, we receive transaction data including transaction amounts, itemized product details, transaction timestamps, and tokenized card identifiers. This data is used exclusively for loyalty program point accrual, transaction matching for card-linked offers, and business analytics within the Replizer platform. POS transaction data is not shared with other businesses or third parties. Transaction data is retained for as long as the business account is active and is deleted within 30 days of account cancellation.

4L. Phone and IVR Data

When a business uses Replizer's phone system features, we collect and store call recordings, voicemail recordings, and caller phone numbers. Call recordings and voicemail recordings are retained for 30 days by default unless the business configures a longer retention period. Caller phone numbers are stored for call routing and analytics purposes. Phone data is accessible only to the business owner and authorized employees. Replizer does not share call recordings, voicemail recordings, or caller information with third parties.

4M. Chrome Extension Data

The Replizer Chrome extension collects publicly visible review data from third-party review platforms, including review text, star ratings, and reviewer display names as they appear on public review pages. This data is transmitted securely to the business's Replizer account and is used for review management purposes only. The extension does not collect browsing history, personal data, or any information from pages other than supported review platform pages. Data collected by the extension is subject to the same storage, security, and retention policies as all other data in the Replizer platform.

4N. Google Places Data

Replizer uses the Google Places API to retrieve publicly available business information including business names, addresses, ratings, review counts, and other data from public Google listings. This data is used to provide business search functionality, review monitoring, and prospect reports. Google Places data is publicly available information and is not combined with private business account data. Replizer's use of Google Places data complies with Google's API terms of service.

4O. Administrative Access

Replizer staff may access business account data for the purposes of providing customer support, troubleshooting technical issues, investigating suspected fraud or policy violations, and improving platform functionality. All administrative access is logged, restricted to authorized personnel, and conducted in accordance with Replizer's internal data access policies. Replizer staff will not access financial data without the business owner's explicit written consent, as described in Section 11 of this policy.

4P. Free Reply Generator

When a user accesses Replizer's free reply generator tool, we collect the user's email address and, optionally, business name. We also track usage data for rate-limiting purposes. Email addresses collected through the free reply generator may be used for follow-up marketing communications about Replizer's products and services. All marketing emails include a clear and functional unsubscribe option. Users may opt out of marketing communications at any time by clicking the unsubscribe link in any email or by contacting contact@replizer.com.

4Q. Employee Geofencing Data

When a business enables geofencing for employee time tracking, Replizer collects employee location data at the time of clock-in and clock-out events only. Replizer does not perform continuous location tracking of employees. Location data is stored alongside the associated time record and is accessible only to the business owner and authorized managers. Employee location data is retained for as long as the business account is active and is deleted within 30 days of account cancellation. Businesses are responsible for notifying employees about location data collection in accordance with applicable laws.

5. Data Retention

We retain business account data for as long as the account is active. If a business account is cancelled, account data is deleted within 30 days in accordance with the payment failure and cancellation policies described in the Terms of Service. Review data imported from connected platforms is retained only while the account is active. For customer accounts in the Replizer Rewards app: points and rewards data are retained indefinitely — points do not expire as long as the customer's account is active. Customers may request deletion of their account at any time, and upon verified request, account data will be deleted within 30 days. Email distribution records may be retained for up to 12 months for compliance and deliverability purposes.

6. Publicly Available Business Information

Replizer may collect and process publicly available business information, including business names, addresses, phone numbers, review ratings, and review content from public review platforms such as Google, Yelp, and others. This information is used to provide free tools such as review grade reports, review monitoring alerts, and prospect reports. If your business information appears in a Replizer report and you would like it removed, please contact us at contact@replizer.com.

7. Your Rights

You may request a copy of your data, correction of inaccurate data, or deletion of your account at any time by emailing contact@replizer.com. For users in the European Economic Area, you have additional rights under GDPR including the right to data portability and the right to object to processing.

8. California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have the right to: (a) know what personal information we collect, use, and disclose about you; (b) request deletion of your personal information; (c) opt out of the sale of your personal information (note: we do not sell personal information); and (d) not be discriminated against for exercising your privacy rights. To exercise any of these rights, contact us at contact@replizer.com. We will respond to verifiable consumer requests within 45 days.

9. Cookies

We use strictly necessary cookies to maintain your login session. We do not use advertising cookies or sell cookie data to third parties. You may disable cookies in your browser settings, but doing so will prevent you from staying logged in.

10. Intellectual Property and Proprietary Data

All analysis, reports, scores, grades, automatically generated content, and derivative insights produced by the Replizer platform are the intellectual property of Replizer, LLC. The algorithms, methods, and technology used to generate this content are protected by pending patents, copyright, and trade secret law. You may not reproduce, distribute, or use Replizer-generated content to build or improve a competing product or service.

11. Financial Data

12. Contact

Questions about this policy? Email us at contact@replizer.com.