ReviewNudge ("we", "our", "us") is a service that helps home service businesses automatically request Google reviews from customers after completed jobs. This policy explains what data we collect, why we collect it, and how we protect it.
Account data: Your email address and business name when you create an account.
QuickBooks data (read-only): We connect to your QuickBooks Online account with read-only access to your invoices and customer records. We read:
We do not read or store your financial transactions, bank accounts, item lists, payroll, or any QuickBooks data beyond what is listed above.
Customer phone numbers: We temporarily store customer phone numbers to send the SMS review request. Phone numbers are associated with individual job records and are used only for that purpose.
SMS delivery data: We store message delivery status (sent, replied, opted out) to prevent duplicate messages and let you see which customers received a request.
We do not sell your data. We do not share it with third parties except as required to operate the service (Twilio for SMS delivery).
We request the com.intuit.quickbooks.accounting scope, which is the minimum scope QuickBooks requires for read-only invoice access. We use QuickBooks OAuth2 to authenticate — we never see or store your QuickBooks username or password. You can disconnect your QuickBooks account at any time from the Settings page, which immediately revokes our access.
We send commercial electronic messages on your behalf to your customers. As the business sending these messages, you are responsible for ensuring you have an existing business relationship with each customer that constitutes implied consent under Canada's Anti-Spam Legislation (CASL). All messages include a clear opt-out instruction ("Reply STOP"). We permanently honour STOP requests.
Job records and customer phone numbers are retained while your account is active. If you cancel your account, we delete all job records and associated customer data within 30 days. QuickBooks tokens are deleted immediately upon disconnection.
All data is stored on Railway infrastructure in the United States. Data in transit is encrypted via TLS 1.2+. OAuth tokens are stored in a server-side database and never exposed to the browser.
You can request a copy of your data, request deletion of your data, or cancel your account at any time by emailing hello@reviewnudge.com.
Questions about this policy? Email us at hello@reviewnudge.com.