Privacy Policy

Last updated: February 5, 2026

1. Introduction

Growmax LLC ("Company," "we," "us," or "our"), a Wyoming limited liability company with principal offices at 30 North Gould Street, Sheridan, WY 82801, USA, operates ReviewNow ("Service"), a Google Business Profile reviews management platform with AI-powered analytics, fake review detection, and WhatsApp-based review collection.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information in compliance with applicable data protection laws including the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other international privacy frameworks.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

For the purposes of GDPR and other applicable data protection laws, Growmax LLC is the data controller responsible for your personal data. For data protection inquiries, contact our Data Protection Officer at:

Data Protection Officer

Growmax LLC

Email: privacy@growmax.io

3. Information We Collect

3.1 Information You Provide Directly

  • Account Information: Name, email address, company/business name, phone number
  • Google Business Profile Data: Business name, location, Google Place ID when you connect your Google account
  • WhatsApp Account Data: Phone numbers and account identifiers for connected WhatsApp accounts used for review collection campaigns
  • Payment Information: Processed securely by Stripe, Inc. We do not store full payment card numbers

3.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, timestamps, click patterns
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies and Similar Technologies: Session cookies for authentication, preference cookies, analytics cookies (see Section 11)

3.3 Google Reviews Data (Publicly Available)

We collect publicly available Google Business Profile reviews via third-party data aggregation services (Apify). This includes:

  • Review text, star ratings, and timestamps
  • Reviewer display names (public profiles)
  • Your business's review responses
  • Competitor review data (publicly posted reviews only)

Note: We only collect reviews that are publicly visible on Google Maps. We do not access private data, reviewer email addresses, or any information not publicly displayed.

3.4 WhatsApp Message Data

When you connect your WhatsApp account for review collection campaigns, we receive and process:

  • Message metadata (sender, recipient, timestamps)
  • Message content for campaign delivery and customer responses
  • Media files shared in conversations

We do not sell, share with third parties, or use message content for advertising purposes.Messages are processed solely to provide the review collection service.

3.5 AI Processing

Our AI systems analyze review data to provide fake review detection, sentiment analysis, and automated response suggestions. This analysis is performed on your data only and is not shared across customers.

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide the Service you subscribed to, including account management, review monitoring, and WhatsApp integration.
  • Legitimate Interests (Art. 6(1)(f)): Processing for fraud prevention, security, service improvement, and analytics, where such interests are not overridden by your rights.
  • Legal Obligation (Art. 6(1)(c)): Processing required to comply with applicable laws, including tax, accounting, and anti-money laundering regulations.
  • Consent (Art. 6(1)(a)): Where required, we obtain your explicit consent for marketing communications and non-essential cookies. You may withdraw consent at any time.

5. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Monitor and display your Google Business reviews
  • Detect potentially fake or suspicious reviews using AI analysis
  • Enable WhatsApp-based review collection campaigns
  • Provide competitor review tracking and benchmarking
  • Process transactions and send billing communications
  • Send service-related notifications (new reviews, alerts, insights)
  • Respond to customer support requests
  • Detect, prevent, and address security threats and abuse
  • Comply with legal obligations

6. Data Sharing & Disclosure

We do not sell your personal data. We may share information with:

  • Service Providers (Sub-processors):
    • Stripe, Inc. (payment processing) - USA
    • Railway Corp. (cloud hosting, database) - USA
    • Apify Technologies s.r.o. (data aggregation) - Czech Republic
    • Google Cloud Platform (AI services) - USA/EU
    • Resend (transactional email) - USA
  • Legal Requirements: When required by law, court order, subpoena, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with appropriate confidentiality protections
  • With Your Consent: When you explicitly authorize sharing

7. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted via TLS 1.3 (HTTPS)
  • Encryption at Rest: Database encryption using AES-256 encryption standards
  • Access Controls: Role-based access, principle of least privilege
  • Infrastructure Security: SOC 2 compliant hosting providers
  • Regular Audits: Security assessments and vulnerability scanning
  • Incident Response: Documented procedures for breach notification (within 72 hours per GDPR)

While we implement robust security measures, no method of electronic transmission or storage is 100% secure.

8. Data Retention

We retain personal data only as long as necessary:

  • Active Account Data: Retained while your account remains active
  • Review Data: Retained for the duration of your subscription plus 30 days
  • WhatsApp Messages: Retained for 12 months, then automatically purged
  • Billing Records: Retained for 7 years per tax/accounting requirements
  • Security Logs: Retained for 12 months

Upon Account Deletion:

  • Account and profile data deleted within 30 days
  • Review data and analytics deleted within 30 days
  • WhatsApp message data deleted within 30 days
  • Backup data purged within 90 days

9. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States. For transfers from the European Economic Area (EEA), UK, or Switzerland:

  • Standard Contractual Clauses (SCCs): We use EU-approved SCCs for transfers to countries without an adequacy decision
  • Adequacy Decisions: Where applicable, we rely on European Commission adequacy decisions
  • Supplementary Measures: We implement additional technical and organizational safeguards as recommended by the EDPB

You may request a copy of the relevant transfer safeguards by contacting us.

10. Your Privacy Rights

10.1 Rights Under GDPR (EEA/UK Residents)

  • Right of Access (Art. 15): Request a copy of your personal data
  • Right to Rectification (Art. 16): Correct inaccurate or incomplete data
  • Right to Erasure (Art. 17): Request deletion of your data ("right to be forgotten")
  • Right to Restriction (Art. 18): Limit processing in certain circumstances
  • Right to Data Portability (Art. 20): Receive your data in a machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Rights Related to Automated Decisions (Art. 22): Request human review of automated decisions

10.2 Rights Under CCPA (California Residents)

  • Right to Know: What personal information we collect and how it's used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

10.3 Exercising Your Rights

To exercise any privacy right, contact us at privacy@growmax.io. We will respond within 30 days (or 45 days for CCPA requests). We may verify your identity before processing requests.

Right to Lodge a Complaint: EEA residents may lodge a complaint with their local supervisory authority. UK residents may contact the Information Commissioner's Office (ICO).

11. Cookies & Tracking Technologies

We use cookies for:

  • Essential Cookies: Required for authentication and core functionality
  • Preference Cookies: Store your settings and preferences
  • Analytics Cookies: Help us understand how visitors use our site

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

12. Third-Party Platform Integration

The Service integrates with third-party platforms:

Your use of these platforms is governed by their respective privacy policies. We are not responsible for the privacy practices of third parties.

13. Children's Privacy

The Service is intended for business use and is not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a minor, please contact us immediately at privacy@growmax.io.

14. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email (to the address associated with your account) or through a prominent notice on our website at least 30 days before the changes take effect. The "Last updated" date at the top indicates the latest revision.

15. Contact Us

For privacy-related questions, data requests, or concerns:

Growmax LLC

30 North Gould Street

Sheridan, WY 82801, USA

Privacy Inquiries: privacy@growmax.io

General Support: hello@growmax.io