Terms of Service
Privacy Policy
Acceptable Use Policy
Data Processing Addendum
Sub-Processor Disclosure

Privacy Policy

Version
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Review Engine Privacy Policy

This Privacy Policy explains how Tiny Mammoth, Inc. (“Review Engine,” “we,” “us,” or “our”) collects, uses, shares, and protects personal information—i.e., information that identifies or can reasonably be linked to an individual—when you use Review-Engine.com and our related dashboards, applications, APIs, widgets, and services (collectively, the “Services”). Capitalized terms not defined here have the meanings in our Terms of Service.

Jump to:

  • Scope
  • Personal Information We Collect
  • How We Use Personal Information
  • How We Share Personal Information
  • Cookies & Similar Technologies
  • Retention
  • Your Rights & Choices
  • Security
  • Client Practices & Third-Party Links
  • Children
  • International Data Transfers
  • Location-Specific Disclosures (AU, CA, Canada)
  • Changes to This Policy
  • Contact Us

1) Scope

This Policy covers:

  • Clients – businesses that contract with Review Engine.
  • Authorized Users – employees/agents/contractors a Client authorizes to use the Services.
  • Customers – individuals who interact with a Client via the Services (e.g., webchat, review invites, payments, messaging).
  • Website visitors – anyone visiting Review-Engine.com and subdomains.

By using the Services or providing personal information, you acknowledge processing as described here. We may update this Policy; see Changes below.

2) Personal Information We Collect

What we collect depends on your role and which features you use.

2.1 Information You Provide

A) Clients & Authorized Users

  • Profile & business info (name, role, email, phone, address, company details)
  • Account content (messages, attachments, uploads, notes)
  • Billing details (handled by processors such as Stripe/QuickBooks)
  • Compliance/KYC data where required for payments or risk (e.g., IDs, business records)
    Note: Sensitive payment credentials are stored by our processors, not by us.

B) Customers (of our Clients)

  • Contact info (name, email, phone, general location)
  • Transaction info (goods/services, dates, amounts, method)
  • Reviews/ratings/feedback you choose to provide
  • Communications content and metadata (e.g., SMS/email/webchat; call recordings if enabled—Client is responsible for required consent)

C) Website Visitors & Prospects

  • Form data (name, business, email, phone, site, job title)
  • Preferences (subscriptions, demo requests, downloads)
  • Limited data collected automatically (see 2.2)

D) Partners/Integrators

  • Contact and business info for integration, partner, or marketplace participation

2.2 Information Collected Automatically

Usage & telemetry. Logs, pages viewed, timestamps, IP, identifiers, device/browser info, language, referring/exit pages, performance.

Widget events. When our widgets (e.g., webchat, review embed) load on a Client site, we receive info about the page and device.

Communication metadata. For messaging/voice features via providers (e.g., Twilio/TextGrid): time/date, sender/recipient, delivery/call status, duration. (Call recording content is only captured if the Client enables it and obtains any required consent.)

Linked accounts. If you connect Google or other third parties, we receive permitted profile/usage data. For Google integrations, our use/transfer of Google data adheres to the Google API Services User Data Policy (including Limited Use).

Cookies/pixels. See Cookies & Similar Technologies.

2.3 Information From Other Sources

We may receive information from: public sources, data enrichment and verification tools, payment processors, analytics/marketing partners, and integration partners (e.g., Google, GHL, Stripe/QuickBooks, Twilio).

2.4 De-identified/Aggregated Data

We may create de-identified or aggregated data and will not attempt to re-identify it except as permitted by law.

3) How We Use Personal Information

  • Provide & operate the Services (core functionality, onboarding, support)
  • Deliver communications (review requests, reminders, notifications you or your Client initiate)
  • Personalize & improve experiences; develop new features; run analytics
  • Process payments and manage subscriptions
  • Security & abuse prevention (detect spam/fraud, protect accounts, enforce policies)
  • Compliance & legal (meet regulatory obligations; exercise/defend legal claims)
  • Marketing (where permitted): inform you of features, offers, events (opt-out options below)

We may use aggregated/de-identified data to improve our products and generate insights.

4) How We Share Personal Information

We do not sell personal information.

We share only as needed to provide the Services or as required by law:

  • With Clients & their Authorized Users – to fulfill Services (e.g., when a Customer chats, reviews, or pays a Client)
  • With service providers/sub-processors – secure hosting (e.g., AWS), messaging/telecom (e.g., Twilio/TextGrid), CRM/automation (e.g., GoHighLevel), payments (e.g., Stripe/QuickBooks), analytics, support tools
  • With integration partners you or a Client enable – per configuration and permissions
  • Business transfers – merger, acquisition, or asset sale
  • Legal & safety – comply with lawful requests; protect rights, security, and integrity

A current list of sub-processors is referenced in our Sub-Processor Disclosure (linked from the legal center).

5) Cookies & Similar Technologies

We use first- and third-party cookies, pixels, tags, and similar tech to:

  • enable login/session and core features
  • remember preferences
  • measure performance and diagnose issues
  • improve the Service and user experience
  • support limited marketing/retargeting on our marketing pages

Your choices: Manage cookies in your browser and via our Manage Preferences link (where offered). Essential cookies are required for core functionality. We honor applicable opt-out/“Do Not Sell or Share” settings for targeted advertising where legally required.

6) Retention

We retain personal information for as long as necessary to provide the Services and for legitimate business, legal, or compliance purposes (e.g., tax, anti-fraud, dispute resolution). When no longer needed, we delete or de-identify it using reasonable measures.

7) Your Rights & Choices

Your options vary by region and role (Client, Authorized User, Customer, visitor) and the specific laws that apply.

  • Access/Correct/Delete/Portability/Restrict/Object: Where applicable (e.g., GDPR/UK GDPR/CCPA), contact support@review-engine.com with the subject “Privacy Request.”
  • Marketing opt-out: Click “unsubscribe” in emails; reply STOP to SMS.
  • Cookies/Ads: Use our site’s Manage Preferences and browser settings.
  • Customer data we process for a Client: We typically act as processor/service provider. Please direct requests to the relevant Client (the controller). We will assist Clients with verified requests.

We may verify identity before acting and may deny requests as permitted by law (we’ll explain why when we can).

8) Security

We implement administrative, technical, and physical safeguards appropriate to the data and risks involved, including encryption in transit/at rest where applicable, role-based access, logging, and secure hosting on providers like AWS. No method is perfectly secure; please protect your credentials and enable MFA where available.

9) Client Practices & Third-Party Links

Clients are independent businesses with their own privacy and compliance obligations. We are not responsible for their practices outside our platform configuration. Our site and dashboards may link to third-party sites/services not controlled by us—review their policies before providing data.

10) Children

Our Services are not directed to children under 13, and we do not knowingly collect their personal information. If you believe a child has provided data, contact us to remove it.

11) International Data Transfers

We primarily process data in the United States and may transfer to other countries where we and our providers operate. We rely on appropriate safeguards for such transfers (e.g., Standard Contractual Clauses). By using the Services, you understand your data may be processed outside your home country.

12) Location-Specific Disclosures

12.1 Australia

We comply with the Privacy Act 1988 (Cth) and Australian Privacy Principles where applicable.

12.2 California (CCPA/CPRA)

California residents have the right to:

  • know/access categories and specific pieces of personal information
  • delete certain personal information (subject to exceptions)
  • correct inaccurate personal information
  • opt out of “selling”/“sharing” for cross-context behavioral advertising (we do not sell personal information; any “sharing” on marketing pages can be controlled via Manage Preferences/Do Not Sell or Share links)
  • limit use/disclosure of sensitive personal information (we only use sensitive info as permitted by law)

Categories we may collect (examples):
Identifiers (name, email, IP), customer records (contact details), commercial info (transactions with a Client), internet/network activity (pages viewed, interactions), geolocation (coarse), audio/electronic (voicemail/call recordings if enabled), professional info (title/company), inferences (preferences/propensity).
Sources: you/your device; Clients and Authorized Users; service providers; integration partners; public/marketing sources.
Purposes: provide/support Services; security/fraud; analytics/improvement; communications; payments; legal compliance; limited marketing on our marketing pages.
Disclosures: Clients/Authorized Users (to deliver Services), service providers/sub-processors, integration partners you/Client enable, legal authorities as required, business transferees.

Submit CCPA requests to support@review-engine.com with subject “CCPA Request.”

12.3 Canada

Subject to law, you may request access, correction, deletion, and information about our use/disclosure of your personal information. Contact support@review-engine.com (subject: “Canada Privacy Request”). You may also contact the Office of the Privacy Commissioner of Canada (1-800-282-1376).

13) HIPAA, GDPR & Role of Parties

  • HIPAA: The Services aren’t designed for PHI by default. If you’re a Covered Entity/Business Associate and intend to process PHI, you must execute our Business Associate Agreement (BAA) and configure the product accordingly. Absent a BAA, do not submit PHI.
  • GDPR/UK GDPR: For EU/UK Clients, you are typically the controller and we are your processor. Our Data Processing Addendum (DPA) (linked in our legal center) governs processing, sub-processors, and safeguards. Data-subject requests should go to the Client; we will assist.

14) Changes to This Policy

We may update this Policy from time to time. The latest version will be posted on our Website. If changes materially affect your rights, we’ll provide notice via the Services or email. Continued use signifies acceptance of the updated Policy.

15) Contact Us

Tiny Mammoth, Inc. — Review Engine
 Email: support@review-engine.com
 Pasadena, California, USA

For privacy or compliance questions, please include “Privacy Inquiry” in the subject line.

Effective: