Google Data Usage

ReplyKit accesses Google Business Profile (GBP) data through the official Google Business Profile API, only after you explicitly authorize the connection via Google OAuth. We request the single scope https://www.googleapis.com/auth/business.manage — the minimum required to read and reply to reviews on GBP locations you have verified ownership of.

With that scope, we read:

• The list of GBP accounts and business locations you manage.
• Reviews on those locations: reviewer display name, star rating, review text, date, and any existing owner reply.
• Basic location metadata: business name, address, phone, website (used for display and reply context).

We write:

• Reply text — and only to reviews on locations you selected, and only after you have explicitly clicked "Approve & Post" on a specific drafted reply.

The workflow is entirely user-initiated and approval-gated:

1. You sign in and explicitly click "Connect Google Business Profile."
2. You select the GBP location to manage from a list of locations Google tells us you own.
3. We periodically sync new reviews from that location into your dashboard.
4. For each review, you click "Generate reply" to produce a draft. You read the draft, edit it if you want, then click "Approve & Post" to publish it to Google.
5. At any point you can click "Disconnect" to revoke our access and have your stored data deleted.

We never auto-post a reply. Every single reply requires an explicit owner click on "Approve & Post."

To draft a reply, we send a small per-review payload to Anthropic (the provider of the Claude AI model). The payload contains:

• The review text, reviewer first name, star rating, and date
• Your business name, service area, and configured voice/tone
• Your configured reply rules (e.g. "never admit fault", "never offer refunds")

We do not send Anthropic:

• Google OAuth tokens (these never leave our servers)
• Your email, phone number, or billing information
• Other reviews or other users' data
• Any data that is not directly required to draft this one reply

Per Anthropic's commercial terms, customer inputs and outputs are not used to train their models. Generated text is returned to our servers, validated against our safety rules (no fault admissions, no refund promises, no defensive language), and only then shown to you for approval.

• No auto-posting. Every reply requires explicit owner approval.
• No access to other Google products. No photos, posts, messages, Q&A, insights, calendar, contacts, Drive, or Gmail. Only reviews + location metadata.
• No selling, sharing, or transferring Google data to data brokers, advertisers, or any third party. The only processor that sees review text is Anthropic, solely to generate the reply.
• No model training on your data — neither by us nor (per their terms) by Anthropic.
• No human review of your GBP data unless you explicitly send us a support ticket about a specific issue.

Google OAuth access and refresh tokens are encrypted with AES-256-GCM before being written to our database. The encryption key is held in a server-only environment variable and is never transmitted to any browser or third party. Decrypted tokens live only briefly in server memory during a Google API call and are never logged.

We retain GBP data only as long as your Google connection is active. When you click Disconnect, or delete your account, the encrypted tokens are deleted immediately; the associated review and location records are deleted within 30 days.

ReplyKit's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

You have three paths to revoke access:

1. In ReplyKit: Settings → Google connection → Disconnect. Tokens deleted immediately, data within 30 days.
2. In your Google account: myaccount.google.com/permissions → revoke ReplyKit. Our next API call will fail and we will flag your connection as "reconnect required."
3. Email support@usereplykit.com requesting full account deletion. We confirm within 2 business days and complete within 30.

Questions about Google data handling: support@usereplykit.com