StarRespond

Privacy Policy

Last updated: April 1, 2026

1. Who we are

StarRespond ("we", "us", "our") is an AI-powered Google review reply tool for small business owners, operated at starrespond.com. This policy explains what data we collect, why, and how we protect it.

2. Data we collect

  • Account data: Your Google email address and display name when you sign in with Google.
  • Business data: Your business name and description that you provide during onboarding.
  • Google Business Profile data: Your business locations and customer reviews, fetched via the Google Business Profile API on your behalf.
  • Reply data: AI-generated replies and whether they were posted to Google.
  • Billing data: Stripe handles payment processing. We store only your Stripe customer ID and subscription status — never raw card details.
  • OAuth tokens: Google access and refresh tokens, stored encrypted, used solely to fetch reviews and post replies on your behalf.

3. How we use your data

  • To authenticate you and maintain your session.
  • To fetch your Google Business Profile reviews and post replies you approve.
  • To generate AI reply suggestions using Claude (Anthropic). Only the review text and your business description are sent — never your personal details.
  • To enforce usage limits (10 free replies) and manage your subscription.
  • To send transactional emails (subscription receipts via Stripe).

4. Data sharing

We do not sell your data. We share data only with:

  • Anthropic: Review text and business description to generate reply suggestions. Subject to Anthropic's Privacy Policy.
  • Google: OAuth tokens used to read reviews and post replies via the Google Business Profile API.
  • Stripe: Billing and subscription management. Subject to Stripe's Privacy Policy.
  • Supabase: Database hosting for your account and reply data, hosted in the US.
  • Vercel: Application hosting infrastructure.

5. Data retention

We retain your account data for as long as your account is active. Reply history is retained for 12 months. You can request deletion at any time by emailing privacy@starrespond.com — we will delete your account and all associated data within 30 days.

6. Google API scopes

StarRespond requests the following Google permissions:

  • email / openid / profile: To identify you and create your account.
  • business.manage: To read your Google Business Profile reviews and post replies on your behalf.

We do not use these scopes for any purpose beyond what is described here. Our use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.

7. Security

All data is transmitted over HTTPS. OAuth tokens are stored encrypted in our database. We use Row Level Security in Supabase and never expose raw tokens to the client. Stripe handles all payment data in a PCI-compliant environment.

8. Your rights

You have the right to access, correct, or delete your personal data. To exercise these rights, email privacy@starrespond.com. You may also revoke StarRespond's Google access at any time via Google Account Permissions.

9. Cookies

We use a single session cookie managed by NextAuth to keep you signed in. We do not use advertising or tracking cookies.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes via email or an in-app notice. Continued use after changes constitutes acceptance.

11. Contact

Questions about this policy? Email privacy@starrespond.com.