Privacy Policy

1. Who We Are

AutoReviewsPilot ("we", "our", "us") operates the website at autoreviewspilot.com and provides an automated review collection platform for small and medium businesses.

For the purposes of the General Data Protection Regulation (GDPR) and UK GDPR, AutoReviewsPilot is the Data Controller for personal data you provide to us directly. When you upload customer lists to our platform, you act as a Data Controller and we act as your Data Processor.

Contact: privacy@autoreviewspilot.com

2. Data We Collect

2.1 Account Data

• Full name and business name
• Email address and password (hashed — never stored in plain text)
• Billing address and payment method details (processed by Paddle — we do not store card numbers)
• Timezone and account preferences

2.2 Platform Usage Data

• Campaign names, settings and email sequences you create
• Customer lists you upload (names, email addresses, phone numbers)
• Review funnel performance and click statistics
• QR code generation and scan data

2.3 Technical Data

• IP address and browser/device type
• Pages visited and time spent on the platform
• Email delivery logs (sent, opened, bounced)
• Error logs for technical support purposes

2.4 Communications

• Support ticket content and history
• Feedback you voluntarily provide

3. How We Use Your Data

Purpose	Data Used
Providing the review collection service	Account data, customer lists, campaign settings
Processing payments and billing	Name, email, billing address (Paddle handles card data)
Sending transactional emails	Email address (verification, password reset, receipts)
Technical support	Account data, error logs, support messages
Platform security and fraud prevention	IP address, login history, technical logs
Product improvement and analytics	Anonymised usage statistics
Legal compliance	Any data required by applicable law

We do not use your data for advertising, profiling, or selling to third parties.

4. Legal Basis for Processing (GDPR Article 6)

• Contract performance (Art. 6(1)(b)): Processing necessary to deliver our service, including account creation, billing and sending automated review emails.
• Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, technical diagnostics and platform improvement.
• Legal obligation (Art. 6(1)(c)): Retaining financial records and complying with regulatory requirements.
• Consent (Art. 6(1)(a)): Marketing emails and non-essential cookies (where applicable).

5. Data Sharing

We share data only with trusted service providers necessary to operate our platform:

• Paddle: Payment processing (PCI-DSS compliant)
• Amazon Web Services / cPanel Hosting: Server infrastructure
• Your SMTP provider (Gmail, Outlook, etc.): Email delivery

All processors are bound by data processing agreements and comply with GDPR. We do not sell, rent, or share your personal data with advertisers or data brokers.

We may disclose data if required by law, court order, or to protect the rights and safety of AutoReviewsPilot, our users, or the public.

6. Data Retention

• Active accounts: Data retained while your account is active.
• After account deletion: Account data deleted within 30 days. Billing records retained for 7 years to comply with UK/EU tax law.
• Customer lists: Deleted immediately upon your request or account closure.
• Email logs: Retained for 90 days for deliverability monitoring.
• Backups: Encrypted backups purged within 90 days after deletion.

7. Your Rights Under GDPR

If you are in the European Economic Area (EEA) or UK, you have the following rights:

• Right of access (Art. 15): Request a copy of data we hold about you.
• Right to rectification (Art. 16): Correct inaccurate personal data.
• Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten").
• Right to restriction (Art. 18): Request we limit how we process your data.
• Right to data portability (Art. 20): Receive your data in a machine-readable format.
• Right to object (Art. 21): Object to processing based on legitimate interests.
• Right to withdraw consent: Where consent is the legal basis, withdraw at any time.

To exercise any of these rights, email us at privacy@autoreviewspilot.com. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority (e.g., the UK ICO at ico.org.uk or your EEA equivalent).

8. Cookies

We use only essential cookies required to operate the service (session authentication). We do not use advertising or tracking cookies. See our Cookie Policy for full details.

9. Security

We implement industry-standard security measures including:

• TLS/SSL encryption for all data in transit
• Bcrypt password hashing (passwords never stored in plain text)
• Database encryption at rest
• Access controls and principle of least privilege
• Regular security updates and monitoring

10. Children's Privacy

Our service is intended for business owners and professionals aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe a minor has provided us with data, contact us immediately and we will delete it.

11. International Data Transfers

Your data is primarily stored on servers within the EU/EEA. Where data is transferred outside the EEA (e.g., to US-based service providers), we ensure adequate safeguards are in place through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable

12. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes via email or a prominent notice on our platform at least 30 days before the change takes effect. Continued use of the platform after the effective date constitutes acceptance.

13. Contact Us

For any privacy-related queries or to exercise your rights:

• Email: privacy@autoreviewspilot.com
• Website: autoreviewspilot.com
• Response time: Within 30 days