Privacy Policy

Introduction

ReviewBunch LLC ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use ReviewBunch ("the Service"). By using the Service, you consent to the data practices described in this policy. If you do not agree with this Privacy Policy, please do not use the Service.

1. Definitions

For the purposes of this Privacy Policy:

• "Personal Data" means any information that relates to an identified or identifiable individual.
• "Usage Data" means data collected automatically from use of the Service (e.g., page views, time spent, device information).
• "Account" means a unique account created for you to access the Service.
• "Service Provider" means any third-party company or individual that processes data on our behalf.
• "Cookies" means small data files placed on your device by a website, used to remember information about your visit.

2. Information We Collect

2.1 Personal Information You Provide

When you create an account and use the Service, we collect:

• Name, email address, and profile information
• Account role selection (Author, Reviewer, or Both)
• Genre preferences and reading interests
• Book information and metadata you submit (titles, descriptions, cover images)
• Review content, star ratings, and Amazon review URLs
• Communication with our support team
• Notification and email preferences

2.2 Payment Information

Payment processing is handled securely by Stripe, Inc. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. Stripe may collect and store payment information in accordance with their own privacy policy. We receive only limited transaction information such as the last four digits of your card, payment status, and billing address.

2.3 Automatically Collected Information

When you access the Service, we automatically collect:

• IP address, browser type, and operating system
• Device information (type, screen resolution, language)
• Pages visited, features used, and time spent on each page
• Referring website or source
• Date and time of access

2.4 Security and Fraud Prevention Data

To protect our platform and users, we collect data for security and fraud detection purposes, including login timestamps, IP addresses used at sign-in, and behavioral patterns that help us identify suspicious activity. This data is retained for up to 24 months or until your account is deleted, whichever comes first.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Provide the Service: Operate the platform, match books with readers, process credits, and verify reviews
• Account Management: Create and manage your account, process transactions, and handle subscriptions
• Quality Assurance: Verify review authenticity, run comprehension quizzes, detect AI-generated content, and check for plagiarism
• Fraud Prevention: Detect and prevent multi-accounting, review swapping, and other prohibited activities
• Communications: Send transactional emails (review notifications, deadline reminders), weekly book digests, and account updates
• Improvement: Analyze usage patterns to improve features, fix bugs, and enhance user experience
• Legal Compliance: Fulfill legal obligations, respond to legal requests, and enforce our Terms of Service

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

• Service Providers: Third-party vendors who perform services on our behalf, including Stripe (payment processing), Clerk (authentication), SendGrid (email delivery), and Vercel (hosting). These providers only access the data necessary to perform their services.
• Between Users: Limited information is shared between authors and reviewers as necessary for the Service. Reviewers are identified by anonymous IDs (e.g., "Reader #1234") — your real name and email are never disclosed to other users.
• Legal Compliance: When required by law, subpoena, court order, or other legal process.
• Rights Protection: When necessary to protect our rights, safety, or property, or the rights, safety, or property of our users or others.
• Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets. We will notify you before your data is transferred and becomes subject to a different privacy policy.

We do NOT sell your personal information to third parties, and we never will. We do not share your data for advertising purposes.

5. Amazon Integration and Review Verification

ReviewBunch verifies reviews posted on Amazon to ensure authenticity. In connection with this:

• We verify publicly available Amazon review URLs that you provide to us.
• We do not store Amazon login credentials and cannot access your Amazon account.
• We only access information that is publicly visible on Amazon's website.
• ReviewBunch is not affiliated with Amazon in any way.

6. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to operate and improve the Service. Types of cookies we use:

• Essential Cookies: Required for the Service to function (authentication, session management, security). These cannot be disabled.
• Functional Cookies: Remember your preferences, settings, and choices to improve your experience.
• Analytics Cookies: Help us understand how users interact with the Service so we can improve it. We use privacy-respecting analytics tools.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service. We do not use cookies for third-party advertising.

7. Data Retention

We retain your personal information for the following periods:

• Account Data: Retained for the lifetime of your account and for 30 days after account deletion to allow for recovery.
• Review Content: Retained indefinitely as part of the platform's review history, even after account deletion. Reviewer identity is anonymized upon account deletion.
• Security Data: Sign-in security data and fraud prevention records are retained for up to 24 months.
• Payment Records: Transaction records are retained as required by tax and financial regulations (typically 7 years).
• Usage Data: Aggregated and anonymized usage data may be retained indefinitely for analytics purposes.

8. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit (TLS/SSL) and at rest
• Regular security audits and vulnerability assessments
• Role-based access controls and principle of least privilege
• Secure payment processing through PCI DSS-compliant providers (Stripe)
• Authentication managed by Clerk with industry-standard security practices
• Database hosted on encrypted, access-controlled infrastructure

While we take reasonable measures to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. If you discover a security vulnerability, please report it to security@reviewbunch.com.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to certain exceptions (e.g., legal retention requirements).
• Restriction: Request that we restrict processing of your personal data in certain circumstances.
• Portability: Request your data in a structured, commonly used, machine-readable format.
• Objection: Object to processing of your personal data for certain purposes, including direct marketing.
• Opt-Out: Unsubscribe from marketing communications at any time via your account settings or the unsubscribe link in any email.

To exercise any of these rights, contact us at privacy@reviewbunch.com. We will respond to your request within 30 days (or sooner if required by applicable law).

10. GDPR Rights (European Economic Area and UK)

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) provides you with additional rights. Our legal bases for processing your personal data include:

• Contractual Necessity: Processing necessary to perform our contract with you (providing the Service).
• Legitimate Interests: Processing for fraud prevention, security, and service improvement, where our interests do not override your rights.
• Consent: Processing based on your explicit consent (e.g., marketing communications). You may withdraw consent at any time.
• Legal Obligation: Processing required to comply with applicable laws.

You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data has been processed in violation of the GDPR.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with additional rights:

• Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You may request correction of inaccurate personal information.
• Right to Opt-Out of Sale: We do not sell personal information. However, you have the right to opt-out if we ever change this practice.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Categories of Personal Information Collected: Identifiers (name, email), commercial information (transaction history, credits), internet activity (usage data, browsing history on our site), and geolocation data (IP-based location).

To submit a CCPA request, email privacy@reviewbunch.com with the subject line "CCPA Request."

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from your jurisdiction. When we transfer data internationally, we implement appropriate safeguards (such as Standard Contractual Clauses approved by the European Commission) to ensure your data receives adequate protection in accordance with applicable laws.

13. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@reviewbunch.com. We will take steps to delete such information from our records.

14. Third-Party Links and Services

The Service may contain links to third-party websites and services, including Amazon, Stripe, and Clerk. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will also send an email notification or display a prominent notice within the Service. Your continued use of the Service after the effective date of changes constitutes acceptance of the revised policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at: