Data Security — ReviewMonk
ReviewMonk is designed to protect Google Business Profile data and business customer feedback data.
OAuth 2.0 Security
ReviewMonk uses Google OAuth 2.0 for secure authorization. Users grant permission directly through Google. ReviewMonk never asks for or stores Google passwords.
OAuth Token Handling
OAuth access and refresh tokens are stored securely and access is restricted to authorized systems only. Tokens are revoked and deleted when a user disconnects their Google account, disconnects a Google Business Profile, or deletes their ReviewMonk account.
How We Protect Data
ReviewMonk employs industry-standard security, including encryption for stored OAuth tokens and TLS/HTTPS for data in transit. We follow the principle of data minimization, requesting only the specific Google Business Profile API scope necessary to manage reviews.
AI Processing
Review text may be processed by secure AI providers to generate summaries, sentiment insights, and response drafts. ReviewMonk minimizes the information sent for AI processing and does not use Google API data to train public AI models.
User Control
Users can disconnect their Google account or Google Business Profile at any time. Disconnection revokes access and triggers immediate deletion of associated Google Business Profile data from ReviewMonk’s active production systems. If a user account is deleted, related Google Business Profile data, OAuth tokens, review data, and account data are deleted from active production systems immediately. Backup copies, if any, are cleared within 2 weeks and cannot be recovered after backup clearance.
Compliance
ReviewMonk is designed to comply with the Google API Services User Data Policy and Limited Use requirements.