RatingsRise

Privacy Policy

Last updated: February 1, 2026

1. Introduction

RatingsRise (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy of our users and their customers. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use the RatingsRise platform, website, mobile application, and related services (collectively, the “Service”).

RatingsRise is a brand operated by Beyond The Flats LLC. References to “RatingsRise,” “Company,” “we,” “us,” and “our” in this Privacy Policy include Beyond The Flats LLC, doing business as RatingsRise.

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, password, business name, phone number, and billing address when you create an account or subscribe to a paid plan.
  • Business Information: Google Business Profile data, business category, locations, branding assets (logos, colors), and AI voice configuration.
  • Customer Data: Names, email addresses, phone numbers, tags, and communication history of your customers that you upload, import, or enter into the Service. You are the data controller for this information.
  • Message Content: SMS and email templates, review replies, and AI-generated content drafts that you create or approve through the Service.
  • Payment Information: Credit card details and billing information processed by our payment provider, Stripe. We do not store full card numbers on our servers.
  • Support Communications: Information you provide when contacting our support team, including email correspondence and feedback.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken, timestamps, referring URLs, and session duration.
  • Device Information: Browser type, operating system, device type, screen resolution, and language preferences.
  • IP Address: Used for security, fraud prevention, rate limiting, and approximate geolocation.
  • Cookies and Similar Technologies: We use cookies, local storage, and similar technologies for authentication, session management, preferences, and analytics. See Section 8 for details.
  • Push Subscription Data: If you enable push notifications, we store the endpoint URL and encryption keys necessary to deliver push messages to your device.

2.3 Information from Third Parties

  • Google:When you connect your Google Business Profile, we receive review data (reviewer names, ratings, review text, timestamps) and basic profile information through Google's APIs.
  • OAuth Providers: If you sign in with Google, we receive your name, email address, and profile picture from your Google account.
  • Twilio: SMS delivery status, opt-out events, and inbound SMS replies from your customers.

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process and deliver SMS and email review requests on your behalf
  • Monitor and display Google reviews from your connected profiles
  • Generate AI-powered review reply drafts based on review content and your configured voice settings
  • Send you transactional communications (account confirmations, password resets, billing receipts)
  • Send you product notifications (new reviews, campaign completions, weekly summaries) based on your notification preferences
  • Process payments and manage your subscription
  • Analyze usage patterns to improve the Service, fix bugs, and develop new features
  • Detect, prevent, and address security incidents, fraud, and abuse
  • Comply with legal obligations and respond to lawful requests from authorities

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 Service Providers

We share data with third-party service providers who assist us in operating the Service, subject to confidentiality obligations:

  • Twilio — SMS delivery (receives customer phone numbers and message content)
  • Resend — Transactional email delivery (receives email addresses and message content)
  • Stripe — Payment processing (receives billing and payment information)
  • Google — Review monitoring via Google Business Profile API
  • Anthropic — AI reply generation (receives review text and your voice configuration; does not receive personal identifiers of your customers)
  • Upstash — Rate limiting and caching infrastructure
  • Hosting Provider — Cloud infrastructure for data storage and application hosting

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid legal process, including subpoenas, court orders, or government requests.

4.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal information.

4.4 With Your Consent

We may share your information for other purposes with your explicit consent.

5. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account data: Retained while your account is active and for 30 days after account deletion
  • Customer data: Retained while your account is active; deleted within 30 days of account termination
  • Review data: Retained while your account is active; this data remains publicly available on Google regardless of your RatingsRise account status
  • Usage and analytics data: Retained in aggregated, anonymized form indefinitely for service improvement
  • Billing records: Retained for 7 years as required by tax and accounting regulations

6. Data Security

We implement industry-standard security measures to protect your information:

  • All data in transit is encrypted using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256 encryption
  • Passwords are hashed using bcrypt with a minimum cost factor of 12
  • API keys and secrets are stored in encrypted environment variables
  • Access to production systems is restricted to authorized personnel with multi-factor authentication
  • Regular security audits and vulnerability assessments are conducted
  • Rate limiting is applied to all API endpoints to prevent abuse

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

7.1 Access and Portability

You can access your account data at any time through the Service. You may request a machine-readable export of your data by contacting us.

7.2 Correction

You can update your account information directly in the Service settings. For corrections to other data, contact our support team.

7.3 Deletion

You may delete your account at any time through Settings → Billing or by contacting us. Upon deletion, we will remove your data within 30 days, except where retention is required by law.

7.4 Opt-Out of Marketing

You can unsubscribe from marketing emails by clicking the “Unsubscribe” link in any marketing email. Transactional emails (billing receipts, security alerts) cannot be opted out of while your account is active.

7.5 Push Notifications

You can disable push notifications at any time through the notification bell in the dashboard or by revoking permission in your browser settings.

7.6 California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA):

  • Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business purpose for collecting the information, and the categories of third parties with whom we share it.
  • Right to Delete: You may request that we delete personal information we have collected from you, subject to certain exceptions (such as legal obligations or completing a transaction).
  • Right to Correct: You may request that we correct inaccurate personal information we maintain about you.
  • Right to Opt-Out of Sale/Sharing: We do not sell your personal information and do not share it for cross-context behavioral advertising. Because we do not engage in these activities, there is no need to opt out.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Categories of personal information collected: We collect identifiers (name, email, phone), commercial information (subscription and billing records), internet activity (usage data, IP address, browser type), and professional information (business name and category). See Section 2 for full details.

How to submit a request: To exercise your rights, email us at privacy@ratingsrise.comwith the subject line “CCPA Request.” We will verify your identity before processing your request and respond within 45 days as required by law. You may also designate an authorized agent to submit a request on your behalf.

7.7 European Residents (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, and port your data. Our legal basis for processing your data includes contract performance, legitimate interests, and consent. To exercise your rights, contact our Data Protection Officer at privacy@ratingsrise.com.

8. Cookies and Tracking Technologies

We use the following types of cookies and similar technologies:

  • Essential Cookies: Required for authentication, session management, and security. Cannot be disabled.
  • Functional Cookies: Remember your preferences (such as theme, language, and notification settings).
  • Analytics Cookies: Help us understand how users interact with the Service so we can improve it. We use privacy-respecting analytics that do not track individuals across websites.

You can manage cookie preferences through your browser settings. Note that disabling essential cookies may prevent the Service from functioning correctly.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@ratingsrise.com.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission where applicable.

11. Your Customers' Privacy

When you use RatingsRise to send review requests or manage customer data, you act as the data controller for your customers' personal information. You are responsible for:

  • Having a lawful basis (such as legitimate interest or consent) for collecting and processing your customers' data
  • Providing your customers with appropriate privacy notices about how their data is used
  • Honoring your customers' privacy rights and opt-out requests
  • Ensuring the accuracy of customer data you upload to the Service

RatingsRise acts as a data processor for your customer data. We process this data only as instructed by you and in accordance with these Terms and this Privacy Policy.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the “Last updated” date, and sending you an email notification. Your continued use of the Service after a change constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact our Data Protection Officer at privacy@ratingsrise.com.