Privacy Policy

Plain-English summary: Resparo connects to your Google and Facebook accounts to read reviews and post replies on your behalf. We use your business information to personalise your AI responses. We store only what we need, never sell your data, and you can delete everything at any time.

Who we are
Data we collect
How we use your data
Third-party services
Data storage and security
Your rights
Cookies
Children's privacy
International transfers
Changes to this policy
Contact us

1 Who we are

Resparo ("Resparo", "we", "us", or "our") is a software service operated by Shazaib, based in Riyadh, Saudi Arabia. Resparo provides an AI-powered review response management platform for local businesses.

This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website at resparo.io and our services.

By using Resparo, you agree to the collection and use of information in accordance with this policy.

2 Data we collect

Account and business information

Your name and email address (used to create your account and send notifications)
Business name, type, and location
Your business's voice profile (tone preferences, personality settings, context notes)
Industry category and any custom instructions you provide

Google Business Profile data

When you connect your Google Business Profile, we collect and store:

OAuth access tokens and refresh tokens (used to read reviews and post replies on your behalf)
Your Google account email address
Review content, reviewer names, star ratings, and review dates
Review reply history
Business location identifiers (Account ID and Location ID)

Facebook data

When you connect your Facebook Business Page, we collect and store:

OAuth access tokens (Page access tokens for posting replies)
Page name and Page ID
Facebook recommendations and review content
Reply history for your connected Page

Payment information

All payment processing is handled by Paddle, our Merchant of Record. Resparo does not collect, store, or process your payment card details. Paddle's privacy policy applies to all billing data. We receive only confirmation of your subscription status and plan tier.

Usage data

Number of AI replies generated and posted
Features used and settings configured
Email open and click events (for notification emails)
Browser type, operating system, and IP address
Pages visited on resparo.io and time spent

Communications

If you contact us by email, we store your messages and email address to respond to you and improve our support.

3 How we use your data

We use the data we collect for the following purposes:

To provide the service

Monitor your connected Google and Facebook accounts for new reviews
Generate AI-powered review responses personalised to your business voice
Post approved replies to Google and Facebook on your behalf
Send you email notifications when new reviews arrive
Enforce your free tier limits and Pro subscription entitlements

To improve the service

Analyse aggregated, anonymised usage patterns to improve response quality
Identify and fix bugs and performance issues
Develop new features based on how the product is used

To communicate with you

Send transactional emails (new review alerts, approval confirmations, billing notifications)
Send product updates and important announcements
Respond to support requests

Legal basis (GDPR)

For users in the European Economic Area and United Kingdom, our legal bases for processing are:

Contract performance: Processing necessary to deliver the service you signed up for
Legitimate interests: Improving the service, preventing fraud, and security monitoring
Consent: Connecting your Google and Facebook accounts via OAuth
Legal obligation: Complying with applicable laws

We never sell your personal data to third parties. We never use your review content or business information to train AI models without your explicit consent.

4 Third-party services

Resparo uses the following third-party services to operate. Each has its own privacy policy governing their use of data:

Google

We use the Google Business Profile API to read reviews and post replies. Your connection is authorised via Google OAuth 2.0. We access only the scopes you explicitly grant. Google Privacy Policy →

Facebook / Meta

We use the Facebook Graph API to read recommendations and post replies to your Facebook Business Page. Your connection is authorised via Facebook OAuth. Meta Privacy Policy →

Anthropic (Claude AI)

Review content is sent to Anthropic's Claude API to generate response suggestions. Anthropic processes this data according to their API usage policies. Review text and your business context notes are included in these requests. Anthropic does not use API data to train their models by default. Anthropic Privacy Policy →

Paddle

Paddle is our Merchant of Record and handles all payment processing, billing, tax collection, and subscription management. Paddle processes your payment card data under their own privacy policy. Paddle Privacy Policy →

Cloudflare

Our infrastructure runs on Cloudflare Workers and Cloudflare Pages. Cloudflare processes request data (IP addresses, headers) as part of delivering the service. Cloudflare Privacy Policy →

5 Data storage and security

Your data is stored on Cloudflare's global infrastructure, including Cloudflare D1 (database) and Cloudflare KV (key-value storage). Cloudflare operates data centres globally, with processing occurring in the region closest to the request origin.

Security measures

All data transmitted between your browser and Resparo is encrypted via HTTPS/TLS
OAuth tokens are encrypted at rest
Access to production systems is restricted to authorised personnel only
Paddle handles all payment card data — we never store card numbers

Data retention

Account data is retained while your account is active
Review response history is retained for 12 months after generation
OAuth tokens are deleted immediately when you disconnect a platform or delete your account
Upon account deletion, all personal data is removed within 30 days
Anonymised, aggregated usage statistics may be retained indefinitely

6 Your rights

Depending on your location, you may have the following rights regarding your personal data:

Rights for all users

Access: Request a copy of the personal data we hold about you
Deletion: Request deletion of your account and all associated data
Correction: Update inaccurate personal information in your account settings
Disconnect: Revoke Google or Facebook access at any time from your dashboard or directly through Google/Facebook account settings
Export: Request a portable copy of your data

Additional rights for EEA/UK users (GDPR)

Restriction: Request that we restrict processing of your data in certain circumstances
Object: Object to processing based on legitimate interests
Withdraw consent: Withdraw previously given consent at any time
Lodge a complaint: File a complaint with your local data protection authority

Rights for California users (CCPA)

California residents have the right to know what personal information we collect, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

Rights for Saudi Arabian users (PDPL)

Under Saudi Arabia's Personal Data Protection Law, you have the right to access, correct, and request deletion of your personal data. To exercise any of these rights, contact us at the address below.

To exercise any right, email us at [email protected]. We will respond within 30 days.

7 Cookies

Resparo uses minimal cookies necessary to operate the service:

Session cookies: Keep you logged in during your browser session
Authentication cookies: Store your login state securely
Preference cookies: Remember your settings

We do not use advertising cookies or tracking cookies from third-party ad networks. We do not use Google Analytics or Facebook Pixel on our platform.

8 Children's privacy

Resparo is a business tool intended for adults operating local businesses. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

9 International data transfers

Resparo operates globally. When you use our service, your data may be processed in countries outside your own, including the United States (Cloudflare, Anthropic) and the United Kingdom (Paddle). These transfers are made subject to appropriate safeguards, including Cloudflare's and Anthropic's standard data processing agreements.

By using Resparo, you consent to the transfer of your data to these countries for the purposes described in this policy.

10 Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and update the "Last updated" date at the top of this page. Your continued use of Resparo after changes are posted constitutes acceptance of the updated policy.

We encourage you to review this policy periodically.

11 Contact us

If you have any questions about this Privacy Policy, want to exercise your data rights, or need to report a privacy concern, please contact us:

Privacy enquiries

Email: [email protected]

Response time: We aim to respond to all privacy requests within 30 days.

Address: Resparo, Riyadh, Saudi Arabia

Contents