Privacy Policy

Last updated: May 27, 2026

Who We Are

Respondyr LLC ("Respondyr," "we," "us," "our") provides AI-powered Google review response management for small businesses. Respondyr LLC is a Colorado limited liability company based in Montrose, Colorado. You can reach us at privacy@respondyr.com.

Information We Collect

  • Contact form data: When you use our waitlist (email and optional business name) or Get started form (business name, email, optional phone, optional Google Business Profile URL, city/state), we collect what you submit.
  • Google Business Profile data: When you authorize our app via OAuth, we access your Google reviews, business information, and listing data as needed to provide our review response service.
  • Account information: Email address and business details provided during onboarding.
  • Payment information: Processed and stored by Stripe. We do not store credit card numbers.
  • Server logs: IP addresses, browser type, and access times collected automatically by our hosting infrastructure.

How We Use Your Information

  • Review response service: Reading your Google reviews, generating AI-powered responses, and posting them on your behalf.
  • Weekly intelligence reports: Analyzing review sentiment, velocity, and competitor activity to generate your weekly report.
  • Payments: Processing monthly subscription payments via Stripe.
  • Communication: Sending you reports, approval requests for negative review responses, and service updates.

Google User Data — Scopes We Request

When you connect your Google Business Profile to Respondyr, you grant us access through Google OAuth 2.0 to the following Google APIs and scopes:

  • openid, userinfo.email, userinfo.profile — to identify the Google account that connected the profile so we can attribute actions to the correct account owner.
  • https://www.googleapis.com/auth/business.manage — the Google Business Profile management scope. We use this scope only for the following purposes:
    • Reading the reviews left on your Google Business Profile listing(s) so we can draft responses.
    • Reading the basic listing metadata (business name, location ID, primary category) needed to associate reviews with the correct profile.
    • Posting, editing, and deleting your review replies when you authorize us to (either by approving each draft or by enabling auto-post for the star ratings you choose).
    • Subscribing to Google Business Profile notifications so we can react to new and edited reviews promptly.

We do not use this scope to modify listing content (business name, address, hours), photos, posts, or other non-review fields. We do not write to any GBP surface other than review replies.

Google API Services User Data Policy — Limited Use

Respondyr's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Google user data we receive is:

  • Used only to provide and improve user-facing features. The data is used to generate and publish AI review responses, surface review activity in your Respondyr platform, and produce the weekly intelligence reports you subscribe to.
  • Not transferred to others except for the limited purposes listed below. We share review text with our AI model providers (e.g., OpenAI, Anthropic) only as needed to generate the response draft for that specific review, under their data-processing terms. We do not transfer Google user data to advertising platforms, data brokers, or any party that would use it for purposes beyond providing the service to you.
  • Not used or transferred for serving advertisements. Respondyr does not run an ad network and does not enable advertising or remarketing against Google user data.
  • Not read by humans except (a) with your explicit consent when you ask our support team to look at a specific review or response; (b) to the minimum extent necessary for security investigations or to comply with applicable law; or (c) when the data has been aggregated and anonymized for internal analytics and is not linked to your account or business.

No general-purpose ML training. Respondyr does not use Google user data to train or improve generalized AI models. AI model providers we use to draft individual review responses are configured to not retain Google user data for their own model training, in accordance with their respective enterprise / API terms.

Data Sharing

We share data only as necessary to operate the service:

  • AI providers: Review text is sent to AI language model providers to generate responses. Only the review text and your brand voice configuration are shared — not your personal or payment information.
  • Stripe: Payment information is processed by Stripe under their privacy policy.
  • Email delivery: We use third-party email services to send reports and notifications.

We do not sell your data. We do not share your data with advertisers.

Health Information

Respondyr is not designed to receive Protected Health Information (PHI) as defined under HIPAA. We ask that customers do not submit PHI to the Service. Respondyr is not a HIPAA Business Associate and does not sign Business Associate Agreements. See our Terms of Service for full detail.

Data Retention and Deletion

We retain your data for the duration of your subscription. After you cancel your subscription or revoke our OAuth access, we will:

  • Stop polling Google for new reviews and stop posting any further replies within 24 hours.
  • Delete OAuth tokens and refresh tokens within 24 hours.
  • Retain your account record and historical review/response data for up to 90 days to allow account recovery and to honor backup retention. After 90 days, we permanently delete this data from production systems. Backup copies are rotated out within an additional 30 days.

You may request earlier deletion at any time by emailing privacy@respondyr.com; we will complete the deletion within 30 days of your request.

Security

  • All data in transit is encrypted via TLS 1.2 or higher.
  • OAuth access and refresh tokens are encrypted at rest using AWS KMS-managed keys.
  • Access to production systems requires single sign-on (SSO) with multi-factor authentication and is limited to a minimal set of authorized personnel.
  • We never store Google account passwords. Respondyr authenticates to Google exclusively via short-lived OAuth 2.0 access tokens, with refresh tokens used only by automated, audited service workers.
  • We log a per-action audit trail (who acted on which review, when, and via which workflow) for security investigations and account recovery.

Your Rights

You have the right to:

  • Access the data we hold about your business.
  • Correct inaccurate information.
  • Delete your data — request deletion at any time and we will comply within 30 days.
  • Revoke OAuth access — disconnect your Google Business Profile from Respondyr at any time. You can revoke our access directly from your Google account at https://myaccount.google.com/permissions (find "Respondyr" and choose "Remove access"), from your Respondyr platform, or by emailing us at privacy@respondyr.com. Revoking access stops Respondyr from reading new reviews or posting any further replies.
  • Cancel your subscription at any time — no long-term contracts.

Cookies

We use minimal cookies necessary for site functionality. We do not use tracking cookies, advertising cookies, or third-party analytics that track you across sites.

Children's Privacy

Our service is not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "last updated" date. Continued use of the service after changes constitutes acceptance.

Contact

Questions about this policy? Email us at travis@respondyr.com.