Privacy Policy
Effective date: May 2025
This Privacy Policy explains how Atomus Global ("we", "us", "our") collects, uses, and protects personal data in connection with the ReviewGuard service (the "Service").
1. Data We Collect
In order to provide the Service, we may collect and process:
- Account information: name, email address, business name;
- Google Business / Google Business Profile identifiers and connection metadata required to access reviews;
- Reviews and review metadata (review text, author display name shown by Google, timestamps, ratings);
- Generated response drafts and approval history;
- Report data (sentiment, value reports, internal analytics);
- Support communications you send to us;
- Billing and customer identifiers received from Paddle (such as customer ID, country, invoice references).
2. Payment Card Data
We do not collect or store complete payment card details. All payments are processed by Paddle as our merchant of record and payment processor. Paddle is responsible for handling card data in accordance with PCI-DSS requirements and applicable payment regulations.
3. Subprocessors
We use carefully selected third-party subprocessors to operate the Service. Each subprocessor processes data only to support our operations:
- Paddle - payments, billing, invoicing, taxes;
- Supabase - application database and authentication;
- n8n - workflow automation orchestration;
- OpenAI - AI-assisted draft response generation;
- Resend - transactional email delivery;
- Outscraper - Google reviews data retrieval;
- Vercel - hosting and content delivery for our public site.
4. How We Use Data
We use collected data to:
- Deliver the core features of the Service;
- Generate AI-assisted response drafts;
- Produce reputation, sentiment, and value reports;
- Handle billing, customer support, and contract fulfilment;
- Maintain security, prevent abuse, and improve the Service.
5. Legal Bases
Where applicable law (such as GDPR) requires a legal basis for processing, we rely on: (a) performance of a contract with you; (b) our legitimate interests in operating, securing, and improving the Service; and (c) compliance with legal obligations.
6. Your Rights
Subject to applicable law, you may have rights to access, correct, update, port, or delete the personal data we hold about you, and to object to or restrict certain processing. You can exercise these rights by contacting admin@atomusglobal.com. We will respond within a reasonable timeframe.
7. Data Retention
We retain personal data for as long as your account is active or as necessary to provide the Service. We may retain data for longer where required to comply with legal, accounting, or operational obligations, to resolve disputes, or to enforce our agreements. Upon termination, operational data is deleted or anonymized within a reasonable period unless retention is required by law.
8. International Transfers
Our subprocessors may process data in countries outside your country of residence. Where required, we rely on appropriate safeguards such as the subprocessor's own contractual commitments.
9. Security
We apply reasonable technical and organizational measures to protect personal data, including encryption in transit and access controls. No system is fully secure, and we cannot guarantee absolute security.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated through reasonable means.
11. Contact
For privacy questions or requests, contact us at admin@atomusglobal.com.