Privacy Policy

Effective Date: February 1, 2026

Table of Contents

  1. Introduction
  2. Information We Collect
  3. How We Use Your Information
  4. Data Sharing and Third Parties
  5. Data Retention
  6. Security Measures
  7. HIPAA and Healthcare Privacy
  8. SMS Communications
  9. Cookies and Analytics
  10. Your Privacy Rights
  11. Children's Privacy
  12. California Privacy Rights
  13. International Users
  14. Changes to This Policy
  15. Contact Us

1. Introduction

Welcome to ReviewRx, operated by TailwindX, LLC, a Wyoming limited liability company. We are committed to protecting your privacy and being transparent about how we collect, use, and protect your information. This Privacy Policy explains our data practices for reviewrx.ai and our review management platform (the "Service").

By using ReviewRx, you agree to the collection and use of information as described in this Privacy Policy. If you do not agree with our policies and practices, please do not use the Service.

Key Points:

  • We collect practice information and anonymous patient feedback — NOT protected health information (PHI)
  • We use industry-standard security measures including encryption and secure authentication
  • We do not sell your data to third parties
  • We use trusted service providers like Firebase, Stripe, and Anthropic to deliver our Service

2. Information We Collect

2.1 Practice Information (Account Data)

When you create an account, we collect:

  • Contact Information: Practice name, email address, phone number, business address
  • Practice Details: Medical specialty, business type, location information
  • Account Credentials: Email and password (hashed), or authentication tokens if you sign in with Google
  • Subscription Information: Plan type, billing cycle, subscription status

2.2 Anonymous Patient Feedback

Our Service collects anonymous feedback from your patients, which includes:

  • Star Rating: 1-5 star rating of their experience
  • Text Feedback: Optional written comments about their visit
  • Timestamp: Date and time the feedback was submitted

Important: We do NOT collect patient names, contact information, medical record numbers, diagnoses, treatment details, or any other protected health information (PHI). All feedback is anonymous by design.

2.3 Review Platform Data

When you connect your Google Business Profile, Yelp, or other review platforms, we collect:

  • Public reviews posted on those platforms
  • Review metadata (star rating, date, platform)
  • Your responses to reviews
  • Platform-specific identifiers needed for API integration

2.4 Usage and Analytics Data

We automatically collect certain technical information when you use the Service:

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent, click patterns
  • IP Address and Location: General geographic location based on IP address
  • Cookies and Tracking: See Section 8 for details

2.5 Payment Information

Payment information is processed by Stripe, our payment processor. We do not store your complete credit card numbers on our servers. Stripe may share limited transaction data with us, including:

  • Last 4 digits of your card
  • Card brand (Visa, Mastercard, etc.)
  • Expiration date
  • Payment status and transaction history

2.6 Communications

If you contact our support team, we collect the contents of your messages, including any attachments, screenshots, or information you provide to help us assist you.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 To Provide the Service

  • Process and manage your account and subscription
  • Collect and route anonymous patient feedback
  • Generate AI-powered review responses using Anthropic's Claude API
  • Connect to third-party review platforms on your behalf
  • Display your reputation dashboard and analytics
  • Send you weekly email reports about your review performance

3.2 To Improve the Service

  • Analyze usage patterns to improve features and user experience
  • Train and refine our AI response generation algorithms
  • Identify and fix bugs and technical issues
  • Conduct research and development for new features

3.3 To Communicate With You

  • Send account-related notifications (subscription confirmations, payment receipts, password resets)
  • Provide customer support and respond to your inquiries
  • Send weekly reputation reports and performance updates
  • Notify you of Service updates, new features, or changes to our Terms or Privacy Policy
  • Send marketing communications (you can opt out at any time)

3.4 For Security and Compliance

  • Detect and prevent fraud, abuse, and security threats
  • Enforce our Terms of Service and acceptable use policies
  • Comply with legal obligations, court orders, or regulatory requirements
  • Protect the rights and safety of ReviewRx, our users, and the public

4. Data Sharing and Third Parties

We do not sell your personal information to third parties. We share data only in the following circumstances:

4.1 Service Providers

We use trusted third-party service providers to help us operate the Service:

  • Firebase / Google Cloud: Authentication, database hosting (Firestore), and cloud infrastructure
  • Stripe: Payment processing and subscription management
  • Anthropic: AI-powered review response generation via Claude API (we send only anonymous feedback text)
  • Google Analytics: Website usage analytics and performance monitoring
  • Email Service Provider: Transactional emails and weekly reports

These providers are contractually obligated to protect your data and use it only to provide services to ReviewRx.

4.2 Review Platforms

When you connect your Google Business Profile, Yelp, or other platforms, we access those platforms on your behalf to:

  • Retrieve public reviews
  • Post your responses to reviews
  • Monitor review activity

Your use of third-party platforms is subject to their respective privacy policies and terms of service.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (subpoena, court order, search warrant)
  • Government or regulatory requests
  • Investigations of suspected fraud or illegal activity
  • Situations involving potential threats to safety or security

4.4 Business Transfers

If ReviewRx is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information with third parties when you explicitly consent or direct us to do so.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account Information: Retained until you delete your account, then deleted or anonymized within 30 days
  • Anonymous Feedback: Retained for up to 2 years for analytics and AI training purposes
  • Payment Records: Retained for 7 years for tax and accounting purposes
  • Usage Logs: Retained for up to 90 days for security and troubleshooting
  • Support Communications: Retained for 2 years

Even after deletion, some information may be retained in backup systems for up to 90 days or as required by law.

6. Security Measures

We take the security of your information seriously and implement industry-standard security measures:

6.1 Encryption

  • In Transit: All data transmitted between your browser and our servers is encrypted using SSL/TLS (HTTPS)
  • At Rest: All data stored in Google Cloud Firestore is encrypted at rest using Google's encryption infrastructure

6.2 Authentication and Access Control

  • Passwords are hashed using industry-standard bcrypt algorithms
  • Support for multi-factor authentication via Firebase Auth
  • Firebase Security Rules enforce strict access control to your data
  • Role-based access for team members (where applicable)

6.3 Infrastructure Security

  • Hosting on Google Cloud Platform with enterprise-grade security
  • Regular security updates and patches
  • Automated monitoring for suspicious activity
  • Secure API endpoints with authentication tokens

6.4 Limitations

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your data. You are responsible for maintaining the confidentiality of your account credentials and for any activity under your account.

7. HIPAA and Healthcare Privacy

ReviewRx is NOT a covered entity or business associate under HIPAA. We do not collect, store, or process protected health information (PHI).

7.1 No PHI Collection

Our Service is specifically designed to collect anonymous patient feedback only. We do not collect:

  • Patient names or contact information
  • Medical record numbers or health insurance information
  • Diagnoses, treatment plans, or medication information
  • Appointment dates or specific visit details
  • Any other individually identifiable health information

7.2 Your Responsibilities

As a healthcare provider using ReviewRx, you are responsible for:

  • Ensuring that you do NOT include PHI in review responses
  • Reviewing AI-generated responses for HIPAA compliance before posting
  • Training your staff on proper use of the Service
  • Complying with all applicable healthcare privacy regulations

7.3 Anonymous Feedback Design

Our patient feedback funnel is designed to collect anonymous ratings and comments. Patients are not asked to provide their names, contact information, or any health-related details. The feedback mechanism deliberately omits any fields that could capture PHI.

8. SMS Communications

8.1 Phone Number Collection

ReviewRx may collect and use patient phone numbers for the purpose of sending post-visit feedback requests via SMS text message. This collection occurs when your practice staff enters a patient's phone number into the ReviewRx system to send a feedback request.

8.2 How Phone Numbers Are Collected

  • Practice Staff Entry: Phone numbers are entered by your practice staff, not collected directly from patients through our platform
  • Voluntary Provision: Patients provide their phone number to your practice during appointment scheduling, check-in, or other interactions
  • Purpose: Phone numbers are collected solely to send a one-time SMS feedback request after a patient's visit

8.3 Phone Number Retention and Storage

Important: Phone numbers are NOT stored permanently by ReviewRx.

Our SMS service operates on a "fire-and-forget" model:

  • Phone numbers are used only to send the feedback request SMS
  • Phone numbers are not retained in our database after the message is sent
  • We do not build contact lists or patient databases
  • Phone numbers are not stored for future marketing or communications

This approach minimizes data retention risk and ensures that patient contact information is not permanently stored by ReviewRx.

8.4 SMS Message Content and Privacy

  • No PHI in Messages: SMS messages contain only a generic feedback request link and do not include any protected health information (PHI), patient names, diagnoses, treatment details, or other identifying health information
  • Anonymous Feedback: When patients click the feedback link, they are directed to an anonymous survey that does not collect their name or personal information
  • Single Purpose: SMS messages are used only for feedback requests, not for marketing, promotions, or unrelated communications

8.5 Patient Opt-Out

Patients can opt out of receiving SMS messages at any time by:

  • Replying STOP to any SMS message from ReviewRx
  • Contacting your practice directly to request removal from SMS communications

When a patient opts out, we immediately cease sending SMS messages to that phone number and flag it in our system to prevent future messages.

8.6 Third-Party SMS Service

SMS messages are sent through a third-party SMS service provider. The provider processes phone numbers solely to deliver the message and does not retain or use the information for any other purpose. Our agreements with SMS providers require them to maintain strict data security and privacy standards.

8.7 Sharing and Sale of Phone Numbers

  • Not Shared: Phone numbers are never shared with third parties for marketing or non-service purposes
  • Not Sold: We do not sell phone numbers to any third party
  • Limited Use: Phone numbers are used only to deliver the feedback request SMS and for no other purpose

8.8 Compliance

Our SMS practices are designed to comply with:

  • The Telephone Consumer Protection Act (TCPA)
  • CTIA Messaging Principles and Best Practices
  • Carrier guidelines for Application-to-Person (A2P) messaging
  • HIPAA requirements (no PHI in SMS messages)

9. Cookies and Analytics

8.1 What Are Cookies?

Cookies are small text files stored on your device by your web browser. We use cookies and similar tracking technologies to enhance your experience and analyze how the Service is used.

8.2 Types of Cookies We Use

  • Essential Cookies: Required for the Service to function (authentication, session management, security)
  • Analytics Cookies: Google Analytics tracks usage patterns, popular features, and performance metrics
  • Preference Cookies: Remember your settings and preferences

8.3 Google Analytics

We use Google Analytics to understand how users interact with our website and Service. Google Analytics collects information such as:

  • Pages visited and time spent on each page
  • Device type, browser, and operating system
  • Geographic location (city/country level)
  • Referral source (how you found ReviewRx)

Google Analytics uses cookies and may combine this data with other information they have collected. For more information, see Google's Privacy Policy.

8.4 Your Cookie Choices

Most browsers allow you to control cookies through their settings. You can:

  • Block all cookies
  • Accept only first-party cookies
  • Delete cookies after each session

Note that disabling essential cookies may prevent you from using certain features of the Service. To opt out of Google Analytics, you can install the Google Analytics Opt-out Browser Add-on.

10. Your Privacy Rights

You have certain rights regarding your personal information:

9.1 Access and Portability

You have the right to request a copy of the personal information we hold about you. You can export most of your data directly from your account dashboard. For additional data requests, contact us at support@reviewrx.ai.

9.2 Correction

You can update your practice information, email address, and other account details at any time from your account settings. If you need assistance, contact our support team.

9.3 Deletion

You have the right to request deletion of your account and associated data. To delete your account:

  • Log in to your account and navigate to Settings → Delete Account
  • Or contact us at support@reviewrx.ai with your request

Upon deletion, we will remove or anonymize your data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., payment records, fraud prevention).

9.4 Marketing Opt-Out

You can opt out of marketing emails at any time by:

  • Clicking the "Unsubscribe" link in any marketing email
  • Adjusting your email preferences in your account settings
  • Contacting us at support@reviewrx.ai

Note that you cannot opt out of essential service-related communications (e.g., payment receipts, security alerts).

9.5 Objection and Restriction

You have the right to object to certain types of data processing or request that we restrict how we use your information. Contact us to discuss your specific concerns.

11. Children's Privacy

ReviewRx is not intended for use by individuals under the age of 13, and we do not knowingly collect personal information from children under 13. Our Service is designed for healthcare professionals and practice administrators.

If we become aware that we have collected personal information from a child under 13 without parental consent, we will take steps to delete that information promptly. If you believe we have collected information from a child under 13, please contact us at support@reviewrx.ai.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional privacy rights under the California Consumer Privacy Act (CCPA):

11.1 Right to Know

You have the right to request:

  • The categories of personal information we collected about you
  • The categories of sources from which we collected your information
  • The business or commercial purpose for collecting your information
  • The categories of third parties with whom we share your information
  • The specific pieces of personal information we collected about you

11.2 Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions (e.g., legal compliance, fraud prevention).

11.3 Right to Opt-Out of Sale

We do not sell your personal information. We do not and will not sell your data to third parties for monetary or other valuable consideration.

11.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. You will not be denied service, charged different prices, or provided a different quality of service solely because you exercised your privacy rights.

11.5 How to Exercise Your Rights

To exercise your CCPA rights, contact us at:

We will verify your identity before processing your request and respond within 45 days.

11.6 Authorized Agents

You may designate an authorized agent to make a request on your behalf. The agent must provide proof of authorization, and we may require you to verify your identity directly with us.

13. International Users

ReviewRx is based in the United States. If you are accessing the Service from outside the U.S., please be aware that your information will be transferred to, stored, and processed in the United States.

The United States may not have the same data protection laws as your jurisdiction. By using the Service, you consent to the transfer of your information to the United States and the application of U.S. law and this Privacy Policy.

If you are located in the European Economic Area (EEA), United Kingdom, or other jurisdictions with specific data protection requirements, you may have additional rights. Please contact us to discuss how we can accommodate your jurisdiction's requirements.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by:

  • Posting a notice on our website homepage
  • Sending an email to the address associated with your account
  • Displaying a prominent notification within the Service

We will update the "Effective Date" at the top of this page whenever we make changes. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

TailwindX, LLC (ReviewRx Privacy Team)
Email: support@reviewrx.ai
Website: reviewrx.ai

We will respond to your inquiry within 30 days.

This Privacy Policy was last updated on February 1, 2026. By using ReviewRx, you acknowledge that you have read and understood this Privacy Policy.