This policy covers the Amazon sellers who create a ReviewLoop account ("you"). ReviewLoop does not collect or store any personal data about your customers — see section 3.
We don't store your customers' names, email addresses, or any other personal data. Order identifiers are used transiently, in memory, for the length of a single daily run, to ask Amazon's own API whether a review request can be sent — they are not written to our database.
We don't sell your data, and we don't share it with anyone for advertising or marketing purposes.
Amazon credentials are encrypted at rest (AES-256 via Fernet) with the key held separately from the data it protects. Passwords are hashed with bcrypt and never stored in plain text. All traffic to and from the app is encrypted in transit (HTTPS).
We keep your data for as long as your account is active. If you close your account, we'll delete your stored data — including your encrypted Amazon credentials — within a reasonable period, except where billing records must be kept for legal or accounting reasons.
You can ask us at any time for a copy of the data we hold about you, ask us to correct it, or ask us to delete it. To do so, contact us at [support email once the domain is set up]. If you're not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) (placeholder — confirm the appropriate regulator if the business isn't UK-based).
ReviewLoop doesn't use tracking or advertising cookies. Your session is kept in your browser's local storage as a signed token, not a cookie, and is only used to keep you signed in.
If we make a material change to how we handle your data, we'll email the address on your account before it takes effect.
Questions about this policy can be sent to [support email once the domain is set up].