← Back to automine.reviews

Privacy policy

How we handle your data.

Effective April 22, 2026. Written in plain language, compliant with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

§ 1.Who we are

AutoMine Reviews ("we", "us") is a service operated from Ontario, Canada. We provide QR-code-based review-collection tools to local businesses. If you have privacy questions, email [email protected].

§ 2.What we collect

From business owners

  • Email address (for sign-in and notifications)
  • Full name and optional phone (entered by you)
  • Business details — name, category, city, province, Google Place ID, review URL
  • Billing metadata from Stripe when you upgrade: Stripe customer ID, subscription ID, invoice status. We never see or store your credit card number.
  • Internal notes made by our admin team when assisting you

From customers who scan a QR code

  • IP address, user-agent string, and approximate timestamp
  • The star rating they selected and the language they chose
  • Whether they tapped "Post to Google Reviews" (we do not store the review text itself — the customer copies it and posts it on Google directly)

§ 3.Why we collect it

  • Service delivery. To create your account, generate QR codes, serve the review page, and process subscriptions.
  • Analytics. To show you scan counts, conversion rates, and weekly summaries inside your dashboard.
  • Abuse prevention. To rate-limit suspicious traffic and flag accounts showing unusual scan velocity.
  • Email notifications. To alert you to low-rating scans, send weekly summaries, and confirm billing events.

§ 4.Who processes it

We share data with a small set of carefully chosen processors:

  • Supabase (Amazon Web Services, US-East) — database and authentication.
  • Anthropic (US) — generates the review drafts from your business name, category, city, rating, and chosen tone. No scanner identity is sent.
  • Stripe (Canada/US) — processes subscription payments. All card data is held by Stripe, not us.
  • Resend (US) — delivers transactional email.
  • Cloudflare (global) — hosts the site, the API, and the DNS.
  • Google Analytics (US) — aggregate visitor measurement on our marketing site and dashboard. Runs with Consent Mode v2: no analytics cookies are set until you accept on the first visit, and declining keeps everything cookie-free with no loss of site functionality. Not loaded on the customer review flow at all.

§ 5.How long we keep it

  • Account and business records are kept while your account is active and deleted within 30 days of a closure request.
  • Scan metadata is kept for 24 months, then aggregated and removed. This is long enough to show year-over-year trends in your dashboard.
  • Single-use session tokens expire after 30 minutes and are hard-deleted nightly.
  • Billing records are retained for seven years for Canadian tax purposes.

§ 6.Your rights

Under PIPEDA you can:

  • Request a copy of the personal information we hold about you.
  • Request correction of inaccuracies.
  • Withdraw consent and request account deletion.
  • Lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca.

To exercise any of these, email [email protected] from the email address on your account. We respond within 30 days.

§ 7.Cookies

We use the minimum set of first-party cookies required for authentication and remembering which location you're viewing in a multi-location account. We do not use advertising cookies or third-party trackers.

§ 8.Changes to this policy

If we make material changes we'll email everyone with an active account before the new terms take effect. Non-material changes are published here and take effect immediately.

§ 9.Contact

Privacy officer: [email protected]. Postal inquiries can be directed to the return address on your Stripe invoice.

© 2026 AutoMine ReviewsTerms of service →