Skip to main content

Privacy Policy

Last updated: March 21, 2026

1. Information We Collect

Account Information: Name, email address, password, and role (business or customer) when you register.

Business Data: When you connect a Google Business Profile, we collect profile information and analytics data as described in the Google-specific sections below. We also collect publicly available profile information including business names, review counts, rating metrics, photos, and profile details for business discovery and analytics.

OAuth Tokens: When you authenticate via a third-party provider (Google, Meta/Facebook, or Google Business), we store your OAuth access token securely to make authorized API calls on your behalf. We do not store your business account passwords.

Usage Data: Pages visited, features used, IP address, browser type, and device information.

2. How We Use Your Information

  • Provide and improve the Platform's business discovery, analytics, and review tracking features
  • Display business analytics and rankings based on publicly available and authorized data
  • Retrieve and display your business profile statistics, audience demographics, and content performance when you connect your accounts
  • Facilitate communication and connection between businesses and customers
  • Process payments through our escrow system
  • Send service-related notifications and updates
  • Prevent fraud and ensure platform security

3. Google Business Profile API Data

RateXYZ uses the Google Business Profile API and Google Places API to access publicly available business data. When you claim and connect your business, we request the following permissions:

  • Business Profile Read-Only Access: To read your business information, including name, address, phone number, hours of operation, and categories.
  • Reviews Read Access: To read customer reviews and ratings for your business listing.
  • Insights Read Access: To read performance metrics such as search views, map views, and customer actions.

Google Limited Use Disclosure: RateXYZ's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google data to provide and improve the user-facing features described in this privacy policy.
  • We do not transfer Google user data to third parties unless necessary to provide or improve user-facing features, to comply with applicable laws, or as part of a merger/acquisition with equivalent privacy protections.
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data except with your affirmative consent, for security purposes, to comply with laws, or when aggregated and anonymized for internal operations.

You can revoke RateXYZ's access to your Google account at any time by visiting Google Account Permissions.

6. Information Sharing

We do not sell your personal information. We share data only with:

  • Payment processors: To process subscription payments.
  • Service providers: Hosting, email delivery, and analytics services that help us operate the Platform, under strict data processing agreements.
  • Legal requirements: When required by law, regulation, or legal process.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with equivalent privacy protections.

We never share your business API data (from Google, Meta, or Google Business) with third parties for advertising purposes.

7. Public Information

Business profiles displayed on RateXYZ contain publicly available business data. Claimed profiles may display additional analytics that you have chosen to share. Your profile information is visible to other Platform users, including customers searching for businesses.

8. Data Security

We implement industry-standard security measures including:

  • Encrypted data transmission (TLS/HTTPS)
  • Encrypted storage of OAuth tokens and sensitive credentials
  • Access controls and role-based permissions
  • Regular security reviews

No system is 100% secure; we cannot guarantee absolute security but we take reasonable measures to protect your data.

9. Your Rights & Data Deletion

You have the right to:

  • Access your personal data and connected business information.
  • Correct inaccurate account information from your profile settings.
  • Delete your account and all associated data by contacting us or through your profile settings. Upon account deletion, we remove your personal data, OAuth tokens, and connected business data within 30 days.
  • Disconnect any connected business account at any time from your profile settings, which immediately revokes our access and removes the stored tokens.
  • Opt out of marketing emails by clicking the unsubscribe link.
  • Export your data upon request.

To exercise your rights under GDPR, CCPA, or other applicable privacy laws, contact us at privacy@ratexyz.com.

10. Cookies

We use essential cookies for authentication and session management, and analytics cookies to understand how the Platform is used. You can control cookies through your browser settings.

11. Data Retention

We retain account data while your account is active. Historical business snapshots are retained for analytics trend reporting. OAuth tokens are stored only while the corresponding social account is connected. When you delete your account or disconnect a social account, the associated data is removed within 30 days.

12. Children

RateXYZ is not intended for users under 13 years of age (or 16 in the EU/EEA). We do not knowingly collect information from children. If we discover we have collected data from a child, we will delete it promptly.

13. International Users

RateXYZ operates globally. Your data may be processed in countries other than your own. By using the Platform, you consent to the transfer of your information to countries that may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.

14. Changes to This Policy

We may update this policy periodically. Material changes will be communicated via email or Platform notification. The "Last updated" date at the top indicates the latest revision.

15. Contact

Questions or requests about privacy? Contact us at privacy@ratexyz.com.

Compare