Privacy Policy

Introduction

Welcome to ALEEV. This Privacy Policy explains how ALEEV ("we," "us," or "our") collects, uses, shares, and protects your personal information when you use our web application and services (collectively, the "Service").

ALEEV is a software-as-a-service (SaaS) platform that helps businesses manage their Google Business Profile reviews more efficiently. We provide a centralized dashboard where you can view customer reviews, generate AI-assisted reply drafts, and publish approved responses back to your Google Business Profile listings.

By using ALEEV, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Service.

Contact Information:
Email: raouparsa@gmail.com
Response time: Within 72 hours

Information We Collect

3.1 Information You Provide

When you sign up for ALEEV, we collect:

• Google Account Information: Your email address, name, and profile picture from your Google account when you sign in using Google OAuth 2.0.
• Business Settings: Your business name, brand voice preferences, tone settings, and custom brand rules that you configure in the app.
• Review Reply Drafts: Text of reply drafts you create or edit within ALEEV before publishing.
• Feedback: Any feedback, comments, or support requests you send us via email or in-app forms.

3.2 Information from Google Business Profile

When you authorize ALEEV to access your Google Business Profile (via OAuth 2.0 scope https://www.googleapis.com/auth/business.manage), we collect:

• Google Business Account ID: Your unique Google Business Profile account identifier.
• Location Information: Names, addresses, and IDs of your business locations connected to your Google Business Profile.
• Review Data: Customer review text, star ratings, author names (public information), author profile pictures (public information), review timestamps, and review URLs.
• Existing Replies: Any replies you've already posted to reviews through Google Business Profile or other tools.
• OAuth Tokens: Access tokens and refresh tokens provided by Google to enable API access on your behalf. These tokens are encrypted and stored securely.

3.3 Automatically Collected Information

When you use ALEEV, we automatically collect:

• Usage Data: Pages you visit within the app, features you use, time spent on pages, and actions you take (e.g., generating a reply, approving a draft).
• Device Information: Browser type and version, operating system, screen resolution, and device type (desktop, mobile, tablet).
• IP Address: Your internet protocol address for security purposes and to detect potential abuse.
• Cookies and Session Data: Session identifiers to keep you logged in and maintain your preferences. See Section 11 (Cookies) for details.
• Error Logs: Technical error information when something goes wrong, including error messages and stack traces (which do not contain personal information).

3.4 Information We Do NOT Collect

We do NOT access or collect:

• Your Gmail messages or contacts
• Your Google Drive files
• Your Google Calendar events
• Your YouTube history or subscriptions
• Any other Google services beyond Google Business Profile
• Credit card or payment information (handled entirely by Stripe if you subscribe)

How We Use Your Information

We use the information we collect for the following specific purposes:

4.1 To Provide Core Service Functionality

• Display Your Reviews: We fetch and display customer reviews from your Google Business Profile locations in a centralized dashboard.
• Generate AI Reply Suggestions: We send review text, your business name, and your brand settings to OpenAI's API to generate suggested replies tailored to your business.
• Post Approved Replies: When you approve a reply draft, we post it to the corresponding Google Business Profile review on your behalf using the Google Business Profile API.
• Sync Review Data: We periodically fetch new reviews from Google Business Profile to keep your inbox up-to-date.
• Track Response Metrics: We calculate your response coverage rate, average response time, and rating trends to show in your analytics dashboard.

4.2 To Maintain and Improve the Service

• Detect and Fix Bugs: We use error logs to identify and resolve technical issues.
• Improve AI Quality: We analyze aggregate patterns (not individual reviews) to improve reply suggestions. We do NOT send your data to OpenAI for model training.
• Optimize Performance: We monitor usage patterns to improve load times and app responsiveness.
• Develop New Features: We analyze which features are used most to prioritize development.

4.3 For Security and Fraud Prevention

• Prevent Abuse: We monitor for unusual patterns that might indicate account compromise or misuse.
• Enforce Terms: We use logs to investigate potential violations of our Terms of Service.
• Protect Infrastructure: We use IP addresses to block malicious traffic and prevent attacks.

4.4 To Communicate with You

• Service Updates: Important notifications about new features, maintenance, or changes to our service.
• Support Responses: Replies to your support requests and questions.
• Security Alerts: Notifications about unusual account activity or security issues.
• Policy Changes: Updates to this Privacy Policy or our Terms of Service.

We do NOT use your data for:

• Serving advertisements
• Selling or renting to third parties
• Marketing unrelated products or services
• Training AI models (your data is not used by OpenAI for training)

Third-Party Services and Data Sharing

ALEEV uses the following third-party services to operate. We only share data necessary for each service to function:

5.1 Google Cloud Platform

• Purpose: OAuth authentication and Google Business Profile API access
• Data Shared: Your Google account credentials, Business Profile data, OAuth tokens
• Privacy Policy: https://policies.google.com/privacy
• Why Necessary: Required to connect your Google Business Profile and access reviews

5.2 OpenAI

• Purpose: AI-powered reply generation using GPT-4
• Data Shared: Review text, star rating, your business name, your brand tone settings
• Data NOT Shared: Customer email addresses, phone numbers, your Google account info
• Training: Per OpenAI's API Terms, data sent to their API is NOT used to train their models
• Retention: OpenAI retains API data for 30 days for abuse monitoring, then deletes it
• Privacy Policy: https://openai.com/policies/privacy-policy
• Why Necessary: Generates the AI-assisted reply suggestions

5.3 Vercel (Hosting & Database)

• Purpose: Web application hosting and PostgreSQL database
• Data Shared: All data stored in ALEEV (user accounts, reviews, replies, settings)
• Location: United States (AWS US-East region)
• Security: Data encrypted at rest and in transit (TLS 1.3)
• Privacy Policy: https://vercel.com/legal/privacy-policy
• Why Necessary: Hosts the application and stores your data

5.4 Stripe (Payment Processing - If Applicable)

• Purpose: Process subscription payments (if you upgrade from free tier)
• Data Shared: Your email address, billing information (handled entirely by Stripe)
• Card Data: We never see or store your credit card information. Stripe handles all payment data.
• Privacy Policy: https://stripe.com/privacy
• Why Necessary: Enables paid subscriptions

5.5 Sentry (Error Monitoring)

• Purpose: Monitor application errors and crashes
• Data Shared: Error messages, stack traces, your user ID (not email), browser info
• Data NOT Shared: Personal information, review content, or reply drafts
• Privacy Policy: https://sentry.io/privacy/
• Why Necessary: Helps us quickly identify and fix bugs

5.6 When We Share Data

We will share your personal information only in these circumstances:

• With Your Consent: When you explicitly authorize us to share data
• For Service Operation: With the third parties listed above to provide ALEEV's functionality
• Legal Requirements: If required by law, court order, or government request
• Security Threats: To protect against fraud, abuse, or security threats
• Business Transfer: If ALEEV is acquired or merged, your data may transfer to the new owner (you'll be notified)

We do NOT sell, rent, or trade your personal information to third parties for their marketing purposes.

Google API Services User Data Policy

ALEEV's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Our Commitments:

• Limited Access: We only request access to Google user data that is necessary to provide our review management features. Specifically, we access only your Google Business Profile locations and reviews.
• No Advertising: We do not use Google user data for serving advertisements.
• Human Access Restrictions: We do not allow humans to read your Google data unless:
  • You give us explicit consent for specific troubleshooting
  • It is necessary for security purposes (e.g., investigating abuse)
  • It is required to comply with applicable law
  • The data has been aggregated and anonymized
• Limited Third-Party Transfer: We do not transfer Google user data to third parties except:
  • As necessary to provide ALEEV's features (e.g., sending review text to OpenAI to generate replies)
  • For security purposes (e.g., detecting abuse)
  • To comply with applicable law
  • With your explicit consent

Your Control:

You can revoke ALEEV's access to your Google data at any time through:

• ALEEV Settings: Go to Settings → Integrations → Disconnect Google Account
• Google Account Settings: Visit https://myaccount.google.com/permissions and remove ALEEV

When you disconnect, ALEEV will immediately stop accessing your Google Business Profile data. Your cached review data in ALEEV will be deleted within 30 days.

Data Storage, Security, and Retention

7.1 Where Your Data is Stored

• Primary Database: Vercel PostgreSQL hosted in United States (AWS US-East-1 region)
• Application Servers: Vercel edge network (globally distributed)
• Backups: Automated daily backups stored in United States (AWS S3)

7.2 Security Measures

We implement industry-standard security practices to protect your data:

• Encryption in Transit: All data transmitted between your browser and ALEEV is encrypted using TLS 1.3 (HTTPS)
• Encryption at Rest: All database data is encrypted using AES-256 encryption
• OAuth Token Encryption: Google OAuth tokens are encrypted with additional application-level encryption before storage
• Access Controls: Database access restricted to authorized personnel only via secure VPN and multi-factor authentication
• Regular Security Updates: We apply security patches to all dependencies within 48 hours of release
• No Plain-Text Passwords: User passwords (if we add password auth) are hashed using bcrypt with salt
• Rate Limiting: API endpoints are rate-limited to prevent brute-force attacks
• Input Validation: All user input is validated and sanitized to prevent injection attacks

7.3 Data Retention

• Active Accounts: Your data is retained as long as your account is active
• Review Data: Cached review data is synchronized with Google Business Profile. If a review is deleted from Google, it will be removed from ALEEV within 24 hours during the next sync
• Reply Drafts: Draft replies are retained until you delete them or delete your account
• Usage Logs: Server logs retained for 90 days, then automatically deleted
• Error Logs: Error logs in Sentry retained for 90 days, then automatically deleted
• Deleted Accounts: When you delete your account, all personal data is deleted within 30 days (see Section 9.2)
• Backup Retention: Encrypted backups retained for 30 days for disaster recovery, then overwritten

7.4 Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

• Notify you via email at your registered email address within 72 hours of discovering the breach
• Describe what information was compromised
• Explain what we're doing to resolve the breach and prevent future incidents
• Provide recommendations for steps you can take to protect yourself
• Notify relevant regulatory authorities as required by law (e.g., GDPR, CCPA)

If you suspect unauthorized access to your account, immediately email raouparsa@gmail.com.

Your Privacy Rights

Depending on your location, you have specific rights regarding your personal data under GDPR (European Union), CCPA (California), and other privacy laws:

8.1 Right to Access

You have the right to request a copy of all personal data we hold about you.

• How to Request: Email raouparsa@gmail.com with subject line "Data Access Request"
• What You'll Receive: JSON file containing your account info, business settings, cached review data, reply drafts, and usage logs
• Timeline: We will respond within 30 days (GDPR/CCPA requirement)
• Format: Machine-readable JSON format or PDF upon request
• Cost: Free for first request; reasonable fee for excessive repeated requests

8.2 Right to Deletion

You have the right to request deletion of your personal data ("Right to be Forgotten").

• How to Request:
  • Via ALEEV: Go to Settings → Account → Delete Account
  • Via Email: Send request to raouparsa@gmail.com with subject "Delete My Data"
• What Gets Deleted:
  • Your account information (email, name, profile picture)
  • All cached review data from Google Business Profile
  • All reply drafts and sent replies stored in ALEEV
  • Your business settings and preferences
  • OAuth tokens (access revoked immediately)
  • All personally identifiable information in logs
• What's Retained:
  • Aggregated, anonymized usage statistics (no personal identifiers)
  • Financial records for tax/accounting purposes (7 years as required by law)
  • Data in encrypted backups for 30 days (then overwritten)
• Timeline: Deletion completed within 30 days of verification
• Confirmation: You'll receive email confirmation when deletion is complete

8.3 Right to Rectification

You have the right to correct inaccurate personal data.

• How to Correct: Update your information in Settings → Profile, or email raouparsa@gmail.com
• What You Can Update: Business name, brand settings, tone preferences
• Note: Your Google account information (email, name) is controlled by Google and must be updated there

8.4 Right to Data Portability

You have the right to receive your data in a portable format and transmit it to another service.

• How to Request: Email raouparsa@gmail.com with subject "Data Export Request"
• Format: JSON (machine-readable) or CSV
• Includes: All personal data we store (account, settings, review cache, drafts)
• Timeline: Provided within 30 days

8.5 Right to Object / Restrict Processing

You have the right to object to certain types of data processing.

• How to Object: Email raouparsa@gmail.com specifying what processing you object to
• Note: ALEEV's core functionality requires processing your review data. Objecting to this processing will prevent use of the service, effectively requiring account closure.
• You Can Object To: Marketing emails (though we send very few), optional analytics features (if we add them)

8.6 Right to Withdraw Consent

You have the right to withdraw consent for data processing at any time.

• OAuth Access: Disconnect your Google Business Profile in Settings → Integrations
• Service Use: Delete your account in Settings → Account
• Effect: Service access will be terminated immediately upon withdrawal of consent

8.7 Right to Lodge a Complaint

If you believe we have violated your privacy rights, you have the right to file a complaint:

• Contact Us First: Please email raouparsa@gmail.com so we can address your concern
• EU Users: Contact your local Data Protection Authority. List available at https: //edpb.europa.eu/about-edpb/about-edpb/members_en
• California Users: Contact California Attorney General at https://oag.ca.gov/contact

International Data Transfers

ALEEV is operated from the United States. If you are accessing ALEEV from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States where our servers and database are located.

For European Union and United Kingdom Users:

Data protection laws in the United States may differ from those in your country. By using ALEEV, you consent to the transfer of your personal data to the United States. We implement appropriate safeguards to protect your data in accordance with this Privacy Policy and applicable law, including:

• Encryption of data in transit and at rest (AES-256, TLS 1.3)
• Contractual protections with our service providers (Data Processing Agreements based on Standard Contractual Clauses approved by the European Commission)
• Access controls and security measures meeting or exceeding GDPR standards
• Regular security audits and assessments

If you do not consent to your data being transferred to and processed in the United States, please do not use ALEEV.

Children's Privacy (COPPA Compliance)

ALEEV is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If you are under 18 years old, do not use ALEEV, create an account, or provide any personal information to us.

If we learn that we have collected personal information from a child under 18, we will delete that information immediately. If you believe we have collected information from a child under 18, please contact us immediately at raouparsa@gmail.com.

Parents and Guardians: If you believe your child has provided personal information to ALEEV, please contact us at raouparsa@gmail.com and we will promptly delete the information.

Cookies and Tracking Technologies

11.1 What Cookies We Use

ALEEV uses cookies and similar tracking technologies to maintain your session and preferences:

11.2 Cookie Types

• Essential Cookies: Required for authentication and security. Cannot be disabled without breaking functionality.
• Functional Cookies: Remember your preferences (e.g., theme). Can be disabled but will reset preferences each visit.
• Analytics Cookies: We currently do NOT use analytics cookies (no Google Analytics, no tracking pixels).
• Advertising Cookies: We do NOT use advertising cookies.

11.3 How to Control Cookies

You can control and delete cookies through your browser settings:

• Chrome: Settings → Privacy and security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Cookies and website data
• Edge: Settings → Cookies and site permissions → Manage and delete cookies

Warning: Disabling essential cookies will prevent you from logging in and using ALEEV.

11.4 Do Not Track

Some browsers have a "Do Not Track" (DNT) feature. Because ALEEV does not use tracking cookies for advertising or analytics, the DNT setting does not affect your use of ALEEV. We respect your privacy regardless of DNT settings.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We Notify You

• Minor Changes: We will update the "Last updated" date at the top of this page
• Material Changes: We will notify you via:
  • Email to your registered email address at least 30 days before the changes take effect
  • Prominent notice on the ALEEV homepage and dashboard

Your Options

If you disagree with changes to this Privacy Policy, you have these options:

• Close your account before the changes take effect (Settings → Account → Delete Account)
• Contact us at raouparsa@gmail.com to discuss your concerns

Continued use of ALEEV after the effective date constitutes acceptance of the updated Privacy Policy.

Version History

• Version 1.0 (March 27, 2026): Initial version

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

How to Exercise Your Rights

To exercise any of the privacy rights described in this policy:

1. Email raouparsa@gmail.com with your request
2. Include your registered email address so we can verify your identity
3. Clearly state which right you wish to exercise
4. We will respond within 30 days as required by GDPR and CCPA
5. If we need additional information to verify your identity, we'll contact you

Last Updated: March 27, 2026
Effective Date: March 27, 2026

← Back to Home