← Back

Privacy Policy

Last updated: April 8, 2026

1. Data controller

The data controller is IRON IT, EURL, SIREN 878 214 329, RCS Paris, represented by Chaker DELI. Contact: contact@reviewpilot.fr

2. Data collected

When using ReviewPilot, we collect:

  • Google identification data (name, email) via secure Google sign-in
  • Your Google Business Profile data (reviews, ratings, responses)
  • Google authentication tokens (encrypted at rest)
  • Browsing data (technical session cookies only)

3. Purpose of processing

Your data is processed exclusively for:

  • Providing the ReviewPilot service (review sync, AI response generation, publishing)
  • Managing your account and subscription
  • Sending service-related notifications (review alerts, transactional emails)

4. Legal basis

Processing of your data is based on:

  • Contract performance (GDPR Art. 6.1.b) — service delivery
  • Your consent (GDPR Art. 6.1.a) — push notifications and marketing emails
  • Legitimate interest (GDPR Art. 6.1.f) — service improvement and security

5. Data retention

Your data is retained for the duration of your active subscription, then deleted within 30 days of account termination. Encrypted backups are kept for 30 days then destroyed. Technical logs (including IP addresses) are retained for 90 days for security purposes, then automatically deleted.

6. Your rights

Under the GDPR, you have the following rights:

  • Right of access — obtain a copy of your personal data
  • Right to rectification — correct inaccurate data
  • Right to erasure — request deletion of your data
  • Right to portability — receive your data in a structured format

To exercise these rights, contact us at: contact@reviewpilot.fr

7. Data sharing

Your data is never sold to third parties. It is shared only with a limited number of sub-processors strictly necessary to operate the service, in the following categories: payment processor, artificial intelligence provider, transactional email provider, infrastructure host, and the Google Business Profile API (to fetch and publish your reviews). All our sub-processors are GDPR-compliant, bound by data processing agreements (DPA), and subject to standard contractual clauses where transfers outside the European Union are necessary. The full named list of our sub-processors is available on written request to contact@reviewpilot.fr.

8. Security

We implement technical and organizational security measures: encryption of tokens at rest, HTTPS-only communications, secure cookie-based sessions, protection against fraudulent requests, and restricted access to production data.

9. Contact and complaints

For any questions regarding data protection, contact us at: contact@reviewpilot.fr. In case of dispute, you may file a complaint with the CNIL (French Data Protection Authority) — www.cnil.fr. contact@reviewpilot.fr

© 2026 ReviewPilot™ — IRON IT (EURL) · All rights reserved