Privacy Policy

Review King Pty Ltd

Last updated: 24 May 2026

1. Introduction

Review King Pty Ltd (ABN pending) (“Review King”, “we”, “our”, “us”) operates the reviewking.au website and the Review King platform — a reputation management service that helps businesses monitor, respond to, and manage their online reviews.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. We are committed to complying with the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) and all applicable Australian privacy legislation.

By using Review King, you consent to the data practices described in this policy.

2. Information We Collect

We collect information necessary to provide our reputation management services. The categories of data we collect depend on which features and integrations you use.

Account & profile data

Identity — Full name, email address, and profile picture

Credentials — Password (bcrypt-hashed, never stored in plaintext)

Organisation — Business name, business type, and team member roles

Billing — Billing name and address (payment card details handled solely by Stripe)

Usage & technical data

Usage patterns — Pages visited, features used, and actions taken within the platform

Device data — Browser type, operating system, IP address, and screen resolution

Cookies — Session cookies for authentication and preference storage

3. Google API & Business Profile Data

When you connect your Google Business Profile via OAuth 2.0, we request the business.manage scope. This grants us access to the following data:

Reviews — Star ratings, reviewer names, review text, and timestamps

Review replies — Existing replies posted by the business owner

Business listing — Business name, address, phone number, website, categories, and hours

Account identifiers — Google account ID and Business Profile IDs

OAuth tokens — Access and refresh tokens (encrypted at rest with AES-256-GCM)

Google API Services User Data Policy

Review King’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

We only use Google data to provide and improve the reputation management features you have explicitly authorised.
We do not use Google data for advertising, and we do not sell Google user data to any third party.
We do not use Google data to build user profiles for advertising or marketing purposes unrelated to our service.
Human access to Google user data is restricted to what is necessary for debugging, security investigations, or responding to your support requests, and only with your consent.

You may revoke our access to your Google Business Profile at any time through your Review King dashboard or via your Google Account permissions page.

4. Point-of-Sale (POS) System Data

Review King integrates with the following POS systems to sync customer contact information for review request campaigns. Connecting a POS is optional.

Square

Customer name, email, phone, and transaction timestamps

Lightspeed

Customer name, email, phone, and sale records

Tyro

Customer identifiers and transaction references

Hike

Customer name, email, phone, and purchase history

POS data is used solely to identify customers for review request outreach. We do not store payment card details, transaction amounts, or itemised purchase data from POS systems.

5. CRM Sync & Communications Data

Go High Level CRM sync

Contact records — Name, email address, phone number, and tags synced from your Go High Level account

Sync metadata — Last sync timestamp and record mapping identifiers

SMS & email communications

SMS messages — Phone numbers and message content for review request campaigns

Email messages — Email addresses, subject lines, and message content for review requests

Delivery status — Sent, delivered, opened, clicked, and bounced status tracking

Opt-out records — Unsubscribe requests and suppression list entries

All SMS and email communications are sent only to customers whose contact information you have provided or imported. We comply with the Spam Act 2003 (Cth) and include unsubscribe mechanisms in all marketing communications.

6. How We Use Your Information

Review monitoring — Display and track your Google Business Profile reviews in real time

Review replies — Post replies to reviews on your behalf, only when you explicitly approve them

AI suggestions — Generate AI-powered reply suggestions and dispute letter drafts

Review requests — Send SMS and email requests to your customers inviting them to leave reviews

Analytics — Provide dashboards showing review trends, sentiment, and response metrics

Notifications — Alert you about new reviews, status changes, and account events

Billing — Process subscription payments and manage your account plan

Service improvement — Analyse aggregated, anonymised usage data to improve our platform

7. AI Processing

Review King uses Anthropic’s Claude AI to generate review reply suggestions and dispute letter drafts. When processing your reviews:

Data sent to AI — Review text, star rating, and your business category. We do not send reviewer names, email addresses, or other personally identifying information.

No training — Your data is not used to train AI models. Anthropic's API terms prohibit use of API inputs for model training.

No storage by provider — AI-processed data is not retained by Anthropic beyond the API request lifecycle.

Human review — All AI-generated content is presented as suggestions. You always review and approve before anything is posted.

8. Third-Party Services

We do not sell your personal data. We share data only with the following service providers, and only to the extent necessary to deliver our service:

Google

Read reviews and post replies via the Business Profile API

Data shared: OAuth tokens, review replies, business identifiers

Stripe

Subscription billing and payment processing

Data shared: Billing name, email, and payment method (card details never touch our servers)

Anthropic (Claude)

AI-generated review replies and dispute letters

Data shared: Review text and star ratings only — no PII

Go High Level

CRM contact synchronisation

Data shared: Contact names, emails, and phone numbers (bidirectional sync)

SMS / Email Providers

Delivering review request messages

Data shared: Recipient phone numbers or email addresses and message content

Hosting Infrastructure

Application hosting and database services

Data shared: All platform data (encrypted in transit and at rest)

9. Data Security

We implement industry-standard security measures to protect your data:

Encryption in transit — All connections use TLS 1.2+ (HTTPS)

Encryption at rest — Database encryption and AES-256-GCM for OAuth tokens and sensitive credentials

Authentication — Passwords are hashed with bcrypt; sessions use secure HTTP-only cookies

Access controls — Role-based access with multi-tenant isolation — users can only access their own organisation's data

Infrastructure — Hosted on enterprise-grade infrastructure with regular security updates

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Data Retention

Active accounts: Data is retained for the duration of your active subscription.

Account deletion: All personal data, reviews, and integration data are permanently deleted within 30 days of your deletion request.

OAuth tokens: Revoked and deleted immediately when you disconnect an integration.

Anonymised analytics: Aggregated, non-identifiable usage data may be retained indefinitely for service improvement.

11. Your Rights

Under the Australian Privacy Principles and applicable law, you have the following rights:

Access

Request a copy of all personal data we hold about you. Most data is accessible directly from your dashboard.

Correction

Request correction of inaccurate or incomplete personal information.

Deletion

Request deletion of your account and all associated personal data.

Data portability

Request an export of your data in a machine-readable format.

Withdraw consent

Disconnect integrations or close your account at any time.

Complaint

Lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

12. Australian Privacy Law

Review King is an Australian company and this policy is governed by the laws of Australia. We comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

If you are located outside Australia, please be aware that your data may be transferred to and processed in Australia. By using our service, you consent to this transfer.

For users in jurisdictions with additional privacy rights (such as the GDPR in the EU/EEA or the CCPA in California), we will honour those rights to the extent they apply.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and/or a prominent notice within the platform at least 14 days before the changes take effect.

The “Last updated” date at the top of this page indicates when the policy was last revised. Continued use of the service after changes take effect constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related inquiries, data requests, or complaints:

[email protected]

Website

reviewking.au

Privacy regulator

Office of the Australian Information Commissioner (OAIC)