For the purposes of this Privacy and Cookies Policy (hereinafter the “Policy”), “Personal Data” shall mean any information of a personal nature as defined in the UK GDPR (as incorporated into UK law) and the Data Protection Act 2018, as well as any applicable supplementary legislation (collectively, the “Privacy Laws”), i.e. any information concerning identified or identifiable natural persons.

1 – Controller

Maiony LTD, with a registered office at 71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ, registered under company number 15375841 (hereinafter “Maiony”, “Reviwo” or “we”) owns and operates the “Permanent Website” www.reviwo.com, as well as any ad hoc or temporary pages made available online for campaigns or promotions (collectively, the “Websites”). Maiony also owns and operates the Reviwo web application/dashboard (the “Application”), together with related services (collectively, the “Platform”).

This Policy describes the conditions under which Maiony may, if necessary with your consent, process your Personal Data in relation to your use of the Websites and/or the Application and associated services. Maiony acts as a data controller in accordance with the Privacy Laws.

Without prejudice to the generality of the foregoing, special or additional provisions may apply to specific parts of the Platform and/or specific integrations (taking into account the particularities of such features). In case of conflict between this Policy and any special provisions, the latter shall prevail.

Any reference in this Policy to “we/we”, “us” or “our”, shall be deemed to refer to Maiony.

2 – Importance of this Policy

Maiony attaches great importance to your privacy and to the protection of your Personal Data. This Policy applies to the Websites and the Application and explains exactly how Maiony collects and processes your Personal Data, how it may be used, with whom it may be exchanged where appropriate, and how it is protected.

Maiony processes your Personal Data in accordance with its General Terms and Conditions of Use, any applicable Special Terms and Conditions of Use, this Policy, and the Privacy Laws.

Please note: By visiting, accessing or using the Websites and/or the Application, you accept the applicable terms of use and agree to the application of this Policy. Where processing requires consent, we will request it (for example via cookie preferences or integration authorization), and you may withdraw it at any time.

The Platform is intended for business use and is not directed to individuals under the age of 16.

3 – What Personal Data Does Maiony Collect?

Maiony collects your Personal Data in the course of making the Websites, the Application and related services available. Your Personal Data is collected, processed and used in accordance with this Policy. The Personal Data collected and processed by Maiony includes the following information:

a. General

Personal Data related to your general use of the Websites/Application and related services: IP address; selected language; data relating to when and how long you use the Websites/Application; information related to your operating system, browser and device type; pages visited; actions performed; and diagnostic/security logs (the “Surfing Data”).

Personal Data related to your Reviwo account: name and surname (if provided); business name (if provided); email address; user role/permissions; authentication information and logs; and the log of acceptance of legal documents (the “Account Data”).

Personal Data related to support requests: the Personal Data you choose to provide when you contact us (e.g., name, email, message content), including any attachments you provide (the “Support Data”).

Profile/insights data: based on Platform usage and review data, Reviwo may generate analytics and insights (e.g., sentiment classification, topic detection, trend indicators). This information is used to provide the service and improve it (the “Insights Data”).

b. Review Management Data

Personal Data related to the reviews you connect and manage through Reviwo may include:

• review text/content, star ratings, timestamps,

• reviewer display name and other information made available by the source platform,

• store/location identifiers and channel/source labels,

• your responses to reviews,

• internal notes, tags, assignments, and status flags created by Users in your workspace
  (the “Review Data”).

Reviwo does not create customer reviews. Reviews displayed within Reviwo originate from third-party platforms.

c. Google Business Profile / Google APIs Integration (Reviwo)

When authorized Users connect their Google account (e.g., Google Business Profile) to Reviwo, we may access data through Google APIs such as:

• Business location information (business name, address, phone number, business hours)

• Customer reviews and star ratings from Google listings

• Your responses to customer reviews

• Business photos and media uploaded to your Google Business Profile (if enabled)

• Business performance insights and analytics (if enabled)

• Authentication credentials (OAuth tokens stored securely)

Google API Scopes Used:
Reviwo requests only the scopes necessary to provide the Google Business Profile features you enable (e.g., to read/manage business listings and reviews and to post responses where authorized).

Purpose and Limited Use Disclosure:
Reviwo’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. This integration enables you to manage your Google Business Profile through Reviwo, including:

• viewing and responding to customer reviews,

• updating business information (where enabled),

• managing business photos (where enabled),

• viewing performance insights (where enabled).

Google user data obtained through this integration is used ONLY for the purposes described above. We do NOT use Google user data for:

• serving advertisements,

• selling data to third parties,

• determining creditworthiness or lending purposes,

• any purpose other than providing and improving Reviwo’s Google features.

Data Storage and Security:

• OAuth access tokens and refresh tokens are stored securely with encryption at rest

• Tokens are refreshed securely when required

• Access is restricted to authorized Users within your workspace

• Data transmissions use HTTPS/TLS encryption

Data Sharing:
Google user data accessed through Google APIs is NOT shared with third parties except:

• Google LLC (as necessary for API functionality),

• service providers strictly necessary to provide the Platform (acting as processors),

• as required by law or valid legal process.

Data Retention and Deletion (Google):

• Synced data (e.g., reviews, business info): retained until you revoke Google access or delete your Reviwo account, then deleted within 30 days

• OAuth tokens: deleted promptly upon access revocation or account deletion

• Cached data (if any): deleted within 30 days of access revocation
  You may request deletion at any time by contacting info@reviwo.com.

d. Location Data

Reviwo does not require precise GPS-based location data to provide the Platform. Where location-related functionality exists, it will generally rely on non-precise data such as IP-based country/city inference or business location data you provide through integrations.

e. Sensitive Data

Reviwo does not intentionally collect or process special category (“sensitive”) Personal Data (e.g., health data, biometric data, political opinions). If such data is included in free-text content you choose to submit (e.g., support messages), it will be processed only to the extent necessary to handle your request.

4 – For What Purposes is Your Personal Data Processed and on What Legal Bases?

Maiony collects and processes your Personal Data solely for the purposes stated in this Policy.

Purposes

• making the Websites/Application and related services available;

• managing the contractual relationship between you and Maiony (account creation, workspace management, support);

• enabling integrations (including Google Business Profile features where authorized);

• verifying that your use of the Websites/Application complies with applicable terms and law;

• preventing fraud, misuse and security incidents;

• responding to your requests, questions and/or complaints;

• improving the Platform, developing enhancements and new features.

Legal bases

Depending on the context, processing is based on one or more of:

• performance of a contract (providing the Platform);

• legitimate interests (security, service improvement, fraud prevention);

• consent (where required, e.g., certain cookies, certain marketing, certain integration authorizations);

• legal obligations (where applicable).

Direct marketing and profiling

If you consent to receive marketing communications, Maiony may send you product updates, offers, or announcements. You may withdraw your consent or unsubscribe at any time (see Section 8).

Reviwo may perform analytics such as sentiment classification and topic detection to provide insights. These processes are intended to help your business manage reviews and do not produce legal effects on individuals by default.

5 – Who Has Access to Your Personal Data?

Maiony may share your Personal Data with:

• Authorized Users within your organization/workspace (based on roles and permissions);

• Trusted service providers who process data on our behalf (hosting, infrastructure, security, analytics, communications), under contractual obligations and confidentiality;

• Google LLC when you use Google integrations (as necessary for API functionality);

• Authorities or third parties where required by law or valid legal process.

We do NOT:

• sell your Personal Data (including Google user data),

• share data for third-party advertising,

• provide data to data brokers or information resellers,

• transfer Google user data to third parties except as described in this Policy.

6 – International Data Transfers

Your Personal Data may be processed in the United Kingdom and may be transferred to and processed in other countries (including the United States) depending on the location of our service providers.

Where international transfers occur, Maiony implements appropriate safeguards, including contractual protections and security measures, in accordance with the Privacy Laws.

7 – How Long Do We Keep Your Data?

We retain Personal Data only as long as necessary for the purposes described in this Policy and to comply with legal obligations.

Retention depends on the category of data and may include:

• Account Data: for the duration of the account and a reasonable period thereafter unless deletion is requested and no legal obligation requires retention;

• Support Data: as long as needed to handle requests and maintain a support history;

• Security logs: limited retention for security and compliance purposes;

• Review Data and Insights Data: for the duration needed to provide the service and your workspace history;

• Google Data: handled as described in Section 3(c) (deleted upon revocation or account deletion, typically within 30 days).

After applicable retention periods, data is securely deleted or anonymized.

8 – Your Rights

Under Privacy Laws, you may have the following rights:

• Access your Personal Data

• Rectification of inaccurate or incomplete data

• Erasure (deletion), subject to legal obligations

• Restriction of processing

• Portability (where applicable)

• Objection to certain processing

• Withdraw consent where processing is based on consent

How to exercise your rights:
Email us at info@reviwo.com with your request. We may request additional information to verify your identity. We will respond within the legally required timeframe.

Complaints:
If you are unhappy with how we handle your data, you may lodge a complaint with the UK supervisory authority, the Information Commissioner’s Office (ICO), or your local authority.

9 – Data Security

We implement appropriate technical and organizational measures to protect your data, including:

• encryption of data in transit (HTTPS/TLS),

• access controls and authentication,

• secure credential handling,

• regular updates and security monitoring,

• incident response procedures.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay where required by law.

10 – Automated Decision-Making

Reviwo may use automated processes for:

• analyzing sentiment,

• detecting topics and recurring issues,

• prioritizing items requiring attention.

These features are intended to assist Users and do not, by default, produce legal effects on individuals. You may contact us for clarification at info@reviwo.com.

11 – Cookies and Third-Party Services

Essential cookies

We use strictly necessary cookies for:

• user authentication,

• security features,

• session management.

These cookies are essential for the Platform to function.

Optional cookies

Where enabled, we may use:

• preference cookies (language, settings),

• analytics cookies (usage patterns, performance).

You can manage cookie preferences through your browser settings and (where implemented) via our cookie banner/preferences tool.

Third-party services

We may use third-party services for security, analytics, communications, and integrations. These services may set cookies or use similar technologies in accordance with their own policies.

12 – Google API Services User Data Policy (Limited Use)

Reviwo’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In particular:

• Google user data is used only for providing and improving Reviwo’s Google Business Profile features

• Google user data is not used for serving advertisements

• Google user data is not sold

• Google user data is not used to determine creditworthiness or for lending

• Google user data is not transferred to third parties except as necessary for service provision or as required by law

You may revoke access at any time via your Google account permissions. Upon revocation, Reviwo stops accessing Google data and deletes tokens promptly; cached data is deleted within 30 days.

13 – Children’s Privacy

Our services are not directed at individuals under 16 years of age. We do not knowingly collect Personal Data from children. If you believe we have collected data from a minor, please contact us at info@reviwo.com.

14 – Changes to This Policy

We may review and update this Policy periodically. Significant changes may be communicated via:

• notice on our website,

• in-app notification,

• email notification to registered users (where appropriate).

15 – Contact Us

Controller: Maiony LTD
Address: 71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
Company number: 15375841

Privacy & Support contact: info@reviwo.com
Last update: December 2025
Version: 1.0