ReviewTowerReviewTower

Privacy Policy

Last updated: May 1, 2026

1. Introduction

ReviewTower ("we," "us," or "our") operates a review management platform for mobile app developers and teams. This Privacy Policy explains how we collect, use, and protect information when you use our service at reviewtower.com.

2. Information We Collect

  • Account information: Email address and password (hashed) when you sign up.
  • Organization data: Organization name, team member email addresses, and roles.
  • App store credentials: API keys and service account credentials you provide to connect App Store Connect and Google Play. These are encrypted at rest using AES-256 and are never stored in plaintext.
  • Review data: App store reviews fetched via official APIs on your behalf and stored in your account.
  • Billing information: Payment details are processed by Stripe and are never stored on our servers.
  • Usage data: Log data including IP addresses, browser type, and pages visited, used for security and debugging.

3. How We Use Your Information

  • To provide and operate the ReviewTower service.
  • To sync and display app store reviews from connected stores.
  • To send transactional emails such as invitations, billing receipts, and notifications you opt into.
  • To improve and debug the service using aggregated, anonymized usage data.
  • To comply with legal obligations.

4. Data Sharing

We do not sell, rent, or share your personal data with third parties for marketing purposes. We share data only with:

  • Supabase — our database and authentication provider, hosted on AWS.
  • Stripe — for payment processing.
  • Vercel / Netlify — for hosting and deployment.
  • Law enforcement when legally required.

5. Data Security

App store credentials are encrypted at rest before storage. All data is isolated per organization using row-level security in our database. We use HTTPS for all data in transit. Access to production data is restricted to authorized personnel only.

6. Data Retention

Your data is retained for as long as your account is active or as needed to provide the service. You may delete your account and associated data at any time by contacting us. Review data fetched from app stores may be retained for up to 90 days after account deletion.

7. Your Rights

Depending on your location, you may have rights under GDPR, CCPA, or other laws to access, correct, or delete your personal data. To exercise these rights, use the issue report form inside the app.

8. Cookies

We use session cookies required for authentication and security. We do not use third-party tracking or advertising cookies.

9. Changes to This Policy

We may update this policy from time to time. We'll notify you of significant changes by email or in-app notice. Continued use of ReviewTower after changes constitutes acceptance.

10. Contact

Questions? Use the issue report form inside the app.

Privacy Policy — ReviewTower