Privacy Policy

This Privacy Policy describes how Greotech ("We," "Us," or "Our") collects, accesses, uses, stores, and shares information when you use our GBReplAi Service ("Service").

1. Data Accessed

We only access the minimum data necessary to provide and improve the GBReplAi Service.

1.1 Google User Data Accessed (via Google APIs)

When you connect your Google Business Profile via Google's OAuth process, and only after your explicit consent, we access:

• Google Business Profile Reviews: Public review text, star rating, reviewer display name, and timestamps associated with your locations.
• Google Business Profile Metadata: Business name(s), Business ID(s), categories, primary business address, and related configuration needed to identify and manage your locations.
• Review Response History: Existing owner responses, reply timestamps, and related review interaction history.
• Google Account Identity Data: Your Google account ID, email address, and basic profile information (such as name and profile picture URL) used to link your Google account with your GBReplAi account.

To access this data, our application requests the following Google OAuth scopes:

• https://www.googleapis.com/auth/business.manage – to read your Google Business Profile data (including reviews) and post owner responses on your behalf.
• openid, https://www.googleapis.com/auth/userinfo.email, https://www.googleapis.com/auth/userinfo.profile – to authenticate your Google account and associate it with your GBReplAi account.

1.2 Other Data We Collect

• Account Information: Name, email, company name, and other details you provide when registering or updating your profile.
• Billing Information: Information required to process your subscription payments (handled via our payment processor).
• Technical & Usage Data: IP address, browser and device type, pages visited, features used, timestamps, and similar log data collected automatically to secure and improve the Service.

2. Data Usage

We use the data we access solely for the purposes described below and in accordance with Google's API Services User Data Policy. We do not use Google user data for advertising, profiling, or selling to third parties.

• Provide the Service: Monitor your Google Business Profile reviews; generate, queue, and post AI-assisted owner responses according to your chosen settings; and display analytics about your reviews and responses.
• Account Management & Support: Create and manage your GBReplAi account, authenticate you, provide customer support, and communicate about changes, security alerts, or billing.
• Service Improvement: Analyze aggregated or de-identified usage patterns (for example, response performance, common review topics) to improve the quality, reliability, and safety of our features.
• Security & Abuse Prevention: Detect, investigate, and prevent fraud, abuse, or security incidents, and enforce our Terms of Service.
• Google Analytics (planned): We plan to use Google Analytics / Google Analytics for Firebase to measure usage and performance (for example, page views, feature usage). You can manage your Google Analytics data preferences via your Google account or device settings.
• AI Training (Opt-in only): If you explicitly opt in and have more than 1000 review responses, we may use your historical review responses to train models that generate better, more personalized responses for your future reviews. This is never enabled by default and only applies to your own model customization.

3. Data Sharing

We do not sell, rent, or trade your personally identifiable data, including Google user data, to third parties for marketing or advertising purposes.

3.1 Service Providers

We may share your data with trusted third-party service providers who process data on our behalf and under our instructions, solely to help us operate and improve the Service. These may include:

• Google Firebase (hosting, database, authentication);
• Cloud infrastructure providers;
• Payment processors;
• Email delivery and customer support tools;
• Analytics providers (e.g., Google Analytics);
• AI/LLM providers (for generating review responses and summaries).

These providers are contractually required to protect your data and may not use it for any purpose other than providing their services to us.

3.2 AI / Large Language Model (LLM) Processing

To generate AI-assisted review responses and summaries, we may send review content and related context to external AI providers (for example, Google Cloud AI or equivalent). This data is used exclusively to generate the requested output and is not used by those providers for their own advertising or marketing.

Unless you have explicitly opted in to AI training as described above (and meet the >1000 responses threshold), we do not allow our providers to use your content to train their general models beyond what is necessary for providing the Service.

3.3 Legal Disclosures

We may disclose information if required to do so by law or in response to valid legal requests, or when we believe in good faith that such disclosure is reasonably necessary to:

• Comply with applicable laws or legal processes;
• Protect and defend our rights, property, or safety, or those of our users or the public;
• Investigate or prevent fraud or abuse.

4. Data Storage & Protection

All data collected through the Service is stored on Google Firebase / Google Cloud infrastructure. Firebase encrypts data in transit (HTTPS/TLS) and at rest by default.

• Encryption: Data is encrypted in transit between your browser and our servers, and at rest within Firebase databases and storage.
• Access Controls: Access to production data is limited to authorized personnel who need it to operate, develop, or support the Service.
• Secrets Management: Sensitive credentials (such as OAuth client secrets and API keys) are stored using secure environment configuration and are not exposed in client-side code or public repositories.
• Security Practices: We apply secure development practices, use Firebase security rules to restrict access, and periodically review our systems for vulnerabilities.

While we strive to use commercially reasonable measures to protect your data, no method of transmission over the internet or electronic storage is 100% secure.

5. Data Retention & Deletion

We retain your Google Business Profile data and account information for as long as your account remains active and as necessary to provide the Service.

After you close your account or request deletion, we will begin deleting or anonymizing your data from active systems within 60 days, except where we are required or permitted by law to retain it longer (for example, for billing, accounting, tax, security, or dispute resolution purposes).

We currently do not provide a self-service data export feature. If you would like to know what data we hold about you, you can contact us and we will respond in accordance with applicable law.

6. Your Rights & Choices

6.1 Access and Correction

You can view and update most of your account information directly from your GBReplAi dashboard. If you believe we hold other personal data about you that you cannot access via the Service, you may contact us to request access or correction.

6.2 Deletion and Revocation of Google Access

You may request deletion of your GBReplAi account and related data by contacting us at the number below. You may also revoke GBReplAi's access to your Google Business Profile at any time through your Google Account security settings.

Please note that revoking access or deleting your account will disable some or all features of the Service.

6.3 AI Training Opt-in / Opt-out

AI training on your historical responses is disabled by default. You may choose to opt in (if you have more than 1000 review responses) via your account settings, and you may opt out at any time. When you opt out, your future data will no longer be used for model training as described above.

7. International Data Transfers

Our use of Firebase and cloud service providers may involve transferring and processing your data in countries other than your own, which may have different data protection laws. Where required, we implement appropriate safeguards to protect such transfers.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last Updated" date at the top of this page. If we make material changes, we will provide notice through the Service or by email where appropriate. Your continued use of the Service after such changes become effective constitutes your acceptance of the revised Privacy Policy.

9. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

Email: support@greotech.com
WhatsApp: 0696974422

Also see our Terms of Service.