Privacy Policy

1. Overview

ReviewBoost (“we,” “our,” “us”) respects your privacy and is committed to protecting it. This Privacy Policy explains how we collect, use, share, and safeguard your personal information when you interact with our websites (including smartap.me), products, services, applications, and related features (collectively, the “Services”).

By accessing or using our Services, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our Services.

2. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. Updates will be posted on our Site with the “Last Updated” date clearly shown. If required by law, we will notify you directly of material changes.

3. Information We Collect

We may collect the following categories of personal information, depending on how you interact with us:

a. Information You Provide Directly

  • Contact details (name, address, phone number, email).

  • Account details (username, password).

  • Payment and order information (billing/shipping address, transaction details).

  • Customer communications (messages, reviews, chat history).

b. Information Collected Automatically

  • Usage data (IP address, browser type, device ID, operating system).

  • Browsing behavior (pages visited, products viewed, links clicked).

  • Cookies and similar technologies (see Section 7).

c. Information from Third Parties

  • Data from business partners (e.g., Shopify, CRM or payment providers).

  • Marketing/advertising platforms that provide analytics and targeting data.

We do not intentionally collect sensitive personal information unless explicitly required for legal or business purposes (for example, fraud prevention).

4. How We Use Your Information

We use personal information for:

  • Service delivery: processing orders, managing accounts, shipping, returns, and customer support.

  • Marketing and personalization: tailoring ads, promotions, and communications.

  • Security and fraud prevention: verifying accounts and detecting malicious activity.

  • Legal compliance: meeting regulatory, tax, and contractual obligations.

  • Service improvement: analyzing usage to refine features and customer experience.

5. Legal Bases for Processing (GDPR/UK GDPR)

If you are in the European Union or the UK, we process your personal data under the following lawful bases:

  • Contract: to provide Services you request.

  • Consent: where you have explicitly agreed (for example, for marketing emails or cookies).

  • Legal obligation: to comply with applicable laws.

  • Legitimate interests: for improving services, fraud prevention, and business operations, unless these interests override your rights.

6. Data Sharing

We may share your personal data in the following circumstances:

  • Vendors/Service providers: payment processors, IT providers, cloud storage, analytics, customer support, and shipping providers.

  • Business partners: such as Shopify or other platforms integrated with ReviewBoost.

  • Corporate transactions: in case of mergers, acquisitions, or asset sales.

  • Legal compliance: if required by law, subpoena, or government request.

  • With your consent: where you instruct us to do so.

We do not sell personal data for monetary value. However, under US state privacy laws, some of our data-sharing for advertising and analytics may be considered a “sale” or “sharing.” See Section 11 for opt-out rights.

7. Cookies and Tracking

We use cookies, pixels, and similar technologies for:

  • Essential site functionality.

  • Analytics and performance monitoring.

  • Advertising and personalization.

You can manage or disable cookies in your browser settings. For EU/UK users, we obtain consent via a cookie banner in compliance with ePrivacy and GDPR rules.

8. Data Retention

We retain personal data only as long as necessary for:

  • Providing Services.

  • Legal, tax, and accounting requirements.

  • Fraud prevention and security.

Typical retention periods:

  • Account data: as long as your account is active, plus up to 7 years.

  • Transaction records: 7 years (legal requirement).

  • Marketing data: until you unsubscribe or withdraw consent.

9. Data Security

We implement industry-standard technical and organizational measures (encryption, access controls, monitoring) to protect your data. However, no system is 100 percent secure, and transmission of data over the internet carries risks.

10. Children’s Privacy

Our Services are not directed at children under 16 years of age. We do not knowingly collect their personal information. If you are a parent or guardian and believe your child has provided data, please contact us so we can delete it.

11. Your Privacy Rights

Depending on where you live, you may have the following rights:

EU/UK (GDPR/UK GDPR):

  • Access your personal data.

  • Correct inaccuracies.

  • Delete data (“right to be forgotten”).

  • Restrict or object to processing.

  • Data portability.

  • Withdraw consent.

  • Lodge a complaint with your local data authority.

United States (California, Virginia, Colorado, and others):

  • Right to know categories of data collected, used, disclosed, and “sold/shared.”

  • Right to request deletion of your personal data.

  • Right to correct inaccurate data.

  • Right to opt out of “sale” or “sharing” of data for targeted advertising.

  • Right to limit use of sensitive personal information.

  • Right against discrimination for exercising these rights.

Australia (Privacy Act 1988):

  • Access and correct your personal information.

  • File complaints with the Office of the Australian Information Commissioner (OAIC) if unresolved.

You can exercise your rights by contacting us (see Section 14). We may request verification before fulfilling requests.

12. International Data Transfers

Your data may be processed outside your home country, including in the United States, Australia, and the EU. We ensure appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent mechanisms for EU/UK data.

13. Complaints

If you are dissatisfied with how we handle your data:

  • Contact us first (see Section 14).

  • EU/UK users: you can escalate to your local supervisory authority (for example, the ICO in the UK).

  • Australian users: you can lodge a complaint with the OAIC.

  • US users: you may contact your state Attorney General.

14. Contact Us

For questions, complaints, or to exercise rights, contact us:

ReviewBoost Data Protection Team
Email: info@reviewboostcard.com
Address: [Insert physical business address – required for compliance]

If applicable:

  • EU Representative: [Insert details if you regularly target EU customers].

  • UK Representative: [Insert details if you regularly target UK customers].

  • Data Protection Officer (if appointed): [Insert details].

15. Product-Specific Privacy (ReviewBoost Cards, Plaques, and Stands)

ReviewBoost Cards, Plaques, and Stands use NFC/QR technology to request customer reviews.

  • No personal data is stored on the device itself.

  • Data flows securely through encrypted channels into the ReviewBoost platform.

  • Customer privacy is safeguarded at all times.

This policy is designed to be compliant with:

  • General Data Protection Regulation (GDPR) and UK GDPR.

  • California Consumer Privacy Act (CCPA/CPRA) and other US state privacy laws.

  • Australia Privacy Act 1988.