ReviewLab — Global Privacy Policy

Effective date: 29 October 2025

At ReviewLab Lda. (hereinafter, "ReviewLab," "Company," "we," "us," or "our"), we respect and protect the privacy of visitors to our websites under the reviewlab domain (collectively, the "Sites") and our customers who use our SaaS product, review widgets, tools, and related services (together with the Sites, the "Platform").

This Global Privacy Policy (the "Policy") explains how we collect, use, disclose, and protect information when you interact with the Platform. Any discussion of your use of the Platform in this Policy includes your visits and other interactions with the Sites, whether or not you are a registered customer of ReviewLab.

Capitalized terms not defined in this Policy have the meanings assigned in our Terms of Service (including any agreement, policy, or addendum incorporated therein, as amended from time to time).

By accessing or using the Platform, you agree to this Policy. If you do not agree with any part of this Policy, please discontinue use of the Platform.

  1. Scope and Roles
    1. Scope. This Policy applies to: (i) our Sites; (ii) our SaaS Platform for business customers; (iii) our embeddable review widgets displayed on customers' websites; and (iv) our support, billing, and communications.
    2. Controller / Processor.
      • For our Sites, accounts, billing, analytics, support, and marketing, ReviewLab. acts as controller.
      • For aggregation of publicly available reviews and ratings from third-party platforms (e.g., Google Maps), ReviewLab acts as an independent controller.
      • Where we process personal data on a customer's documented instructions (e.g., via API/inputs they provide), we act as a processor under our Data Processing Addendum (DPA).
    3. Third-party reviews. We do not author third-party reviews. Requests to edit or remove review content should be directed to the original platform. Our copy refreshes on a schedule.
  2. Just-in-Time Notices (Layered Transparency)

    We provide layered transparency through this Policy and just-in-time notices (e.g., cookie banner/consent manager and context-specific prompts) that explain data collection and choices where they are most relevant.

  3. Personal Data We Collect

    Depending on how you interact with ReviewLab, we may process:

    • Account & billing (B2B): name, work email, password hashes, company, role, subscription and plan details, billing contact, invoices/receipts (payment tokens are handled by our payment providers), VAT/TIN where applicable.
    • Widget configuration: links to public profiles of your business on review platforms, optional API keys or tokens you choose to provide, filter rules, and display settings.
    • Public review data: reviewer handle/name as publicly shown, rating, text, timestamps, media/links, platform name/URL, business/location metadata, and derived metrics (e.g., averages, trends, categories, AI-based summaries/tags).
    • Usage & device: IP address, timestamps, user-agent, device/OS/browser, referrer, on-page events, approximate geolocation inferred from IP.
    • Cookies & similar tech: strictly necessary (auth, security, fraud prevention); with consent—analytics/measurement and, where used, marketing.
    • Support communications: messages you send (email/chat/forms), attachments, and call notes.
    • Payments: processed by payment providers; we receive limited status details for reconciliation and fraud prevention.

    We do not intentionally collect data about children or special categories of personal data. See §13.

  4. Sources of Personal Data
    • Directly from you (sign-up, purchase, support requests, forms).
    • Automatically via your device and our services (cookies, logs, events).
    • Public sources/platforms: publicly available reviews/ratings from third-party sites you connect or we support.
    • Service providers/partners (e.g., hosting, analytics, anti-fraud, payments) and, where lawful, public business records.

    Because public reviews are authored on third-party platforms, contacting each reviewer individually is often not feasible. We therefore rely on this Policy and in-product notices to provide transparency and we honor rights requests sent to info@reviewlab.pro.

  5. How We Use Personal Data (Purposes & Legal Bases)

    We use personal data to:

    • Provide and secure the Platform: set-up, authentication, syncing sources, rendering widgets, uptime, security, and fraud prevention.
      Legal bases: contract, legitimate interests.
    • Aggregate public reviews & provide analytics/AI summaries: compute averages, trends, categories, and insights for our customers.
      Legal bases: legitimate interests.
    • Billing & administration: invoicing, account management, compliance with financial/tax rules.
      Legal bases: contract, legal obligations.
    • Product improvement & diagnostics: analytics, performance, debugging, anti-abuse.
      Legal bases: legitimate interests.
    • Communications: service notices and support.
      Legal bases: contract, legitimate interests.
    • Direct marketing: newsletters or promotional messages where permitted.
      Legal bases: consent where required, or legitimate interests (with opt-out available at any time).
  6. Direct Marketing

    Direct marketing includes communications that primarily promote our products or services. Transactional or service emails (e.g., security alerts, billing notices) are not direct marketing. You can opt out of direct marketing at any time via the unsubscribe link in our emails, through account email settings (where available), or by emailing info@reviewlab.pro. We will stop direct marketing without undue delay.

  7. Cookies & Similar Technologies

    We use necessary cookies for core functionality (authentication, security, fraud prevention). With your consent, we may use analytics to understand usage and improve the product and, where used, advertising technologies to reach or re-engage audiences.

    Manage preferences via our cookie banner/consent manager at any time. Where supported, we honor browser-level signals such as Global Privacy Control for relevant choices.

  8. How We Share Information

    We share personal data only as necessary to operate and improve the Platform, comply with law, and protect our users. We do not publicly list every service provider. Instead, we describe the categories of recipients below.

    Categories of recipients we may engage:

    • Processors (service providers): hosting/IaaS, databases, CDN, analytics/metrics, logging/monitoring, email/SMS delivery, payment processing, customer-support tools, and fraud prevention.
    • Communications & CRM tools: in-app messaging, helpdesk, ticketing, and customer communications.
    • Product analytics (with consent, where required): usage measurement to improve the Platform.
    • AI/ML utilities (where enabled): services that help derive summaries, sentiment, or categorization from publicly available reviews.
    • Professional services: auditors, legal counsel, and advisors bound by confidentiality.
    • Integrations you enable. When you connect external platforms/APIs, relevant data flows as required to sync and display reviews.
    • Legal and safety. We may disclose information to comply with law or valid legal process, and to protect rights, safety, and service integrity.
    • Business transfers. In the event of a merger, acquisition, or asset sale, your information may be transferred; we will provide appropriate notice.
    • De-identified/aggregated insights. We may share statistics and trends that do not identify individuals.
    • Access to the current list (non-public). Where we act as a processor for a customer, we engage third-party subprocessors solely on documented instructions and with appropriate safeguards. Customers can view the current list applicable to their account by contacting info@reviewlab.pro.

    Our Commitments for Onward Transfers & Subprocessors. We contractually require our processors and sub-processors to: (i) process personal data only for specified purposes and on our documented instructions; (ii) implement protections equivalent to applicable Data Protection Laws; (iii) assist us in honoring data-subject requests; and (iv) notify and cooperate with us regarding lawful government access requests where legally permitted.

    International transfers are addressed in the "International Data Transfers" section of this Policy.

  9. International Data Transfers

    We are established in the EU (Portugal). When personal data is transferred outside the EEA/UK/Switzerland, we use appropriate safeguards, such as adequacy decisions and/or Standard Contractual Clauses, along with supplementary measures where appropriate. Further information is available on request.

  10. Retention

    We retain personal data only as long as necessary for the purposes described above or as required by law. In addition to general practices, we apply these category-specific timeframes:

    • Account & billing: for the duration of your subscription and as required by tax/accounting laws (commonly 7–10 years for invoices).
    • Public review data & widget cache: retained while your widget/site uses our service. Sources typically refresh about every 72 hours; we may keep historical snapshots/metrics for trends and anti-abuse.
    • Product analytics (usage metrics): up to 36 months, then deletion or anonymization on a rolling basis.
    • Cookies/trackers: up to 12 months from last use (unless a shorter period applies).
    • Marketing contact data: retained until you unsubscribe; we then keep a suppression list so we can honor your opt-out.
    • Support records: kept for the lifecycle of the request and for service improvement.

    When data is no longer needed, we delete or anonymize it.

  11. Your Choices & Rights

    Depending on where you live, you may have rights to access, portability, rectification, erasure, restriction, and objection (including to processing based on legitimate interests and to direct marketing), and to withdraw consent where processing relies on consent. You also have the right to contact your local data-protection authority (e.g., CNPD in Portugal).

    How to exercise. Email info@reviewlab.pro. We may need additional information to verify your identity before acting on a request. We aim to respond within one month; where requests are complex or numerous, we may reasonably extend this timeframe and will let you know.

    Limitations. We may deny or restrict a request when required or permitted by law, when fulfilling it would adversely affect the rights and freedoms of others, when necessary to protect our rights or property, or when a request is manifestly unfounded or excessive.

    Notifications to recipients. When we rectify, erase, or restrict processing of your personal data, we will notify recipients to whom the data was disclosed, unless this proves impossible or involves disproportionate effort; upon request, we will inform you about those recipients.

    Public reviews. If you authored a public review and object to our reuse of your personal data in our widgets, contact us with a link to the review and the platform name. We will assess and, where appropriate, suppress display of our cached copy. You can also edit or remove your review on the original platform; our systems reflect changes on refresh.

  12. Security

    We use technical and organizational measures appropriate to the risk, including encryption in transit, access controls and segmentation, environment isolation, backups, monitoring, and least-privilege practices. No online service can guarantee absolute security; please keep your credentials confidential and use strong passwords and, where available, two-factor authentication.

  13. Children's Privacy

    The Platform is intended for business use and is not directed to children. We do not knowingly collect personal data from anyone under the local age of digital consent (which varies by jurisdiction, typically 13–16). If you believe a child has provided personal data to us, please contact us so we can take appropriate steps.

  14. Automated Features & AI

    Our analytics may include AI-based summaries, categorization, and sentiment/rankings of publicly available reviews. These features are designed to provide business insights and are not intended to produce legal or similarly significant effects for individuals. You may contact us to learn more about the logic involved and safeguards, and you may object to these uses where applicable.

  15. Personal Data Breaches

    If a personal data breach occurs, we will assess the risk and notify the competent supervisory authority without undue delay and, where feasible, within 72 hours, unless the breach is unlikely to pose a risk to individuals. Where there is a high risk, we will also inform affected individuals without undue delay, subject to applicable exceptions.

  16. Changes to This Policy

    We may update this Policy from time to time. The Effective date shows the latest revision. For material changes, we will provide prominent notice (for example, through the Platform and/or by email, where appropriate).

  17. Contact & Representatives

    ReviewLab is operated by Roman Verevkin, self-employed individual registered in Portugal (NIF 323154190), with registered address in Matosinhos, Portugal.

    Email: info@reviewlab.pro

Links

ExampleFAQFeaturesFor Developers / APIPricingCareersSitemapPromotionsReviewsContactsAbout usAPI documentation

Contacts

info@reviewlab.pro
ReviewLab 2026 © All rights reservedPrivacy PolicyUser AgreementDPACookie Policy