Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account we collect your email address, an optional display name, and a password. Passwords are hashed with bcrypt before storage and are never stored in plain text.

1.2 Steam Data

When you connect your Steam account we access your public profile information (Steam ID, display name, avatar URL) and the publicly available review data for your games through Steam's public API. We do not access private Steam account data, purchase history, or friends lists.

1.3 Payment Information

Payments are processed entirely by Stripe. We never receive, handle, or store your credit card number. Stripe shares with us your subscription status, billing period dates, and payment event confirmations so we can manage your plan.

1.4 Usage and Analytics Data

We collect first-party analytics to understand how the Service is used. This includes pages visited, features used, button clicks, referral source, and AI response drafts generated or approved. Each browser session is assigned an anonymous session identifier stored in your browser's sessionStorage. We also capture UTM campaign parameters from inbound links to measure the effectiveness of our marketing.

1.5 Lead and Waitlist Information

If you sign up for our waitlist, download templates, or submit your email through the review audit tool or an on-site prompt, we collect your email address and, where applicable, your Steam App ID and the page you were on. This information is used to send you relevant follow-up emails, which you can unsubscribe from at any time.

1.6 Team and Organization Data

If you create or join an organization, we store the organization name, team member email addresses, and each member's role within the organization.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Generate AI response drafts for your Steam reviews
• Perform sentiment analysis, review clustering, and trend detection
• Detect and alert you to review score crises
• Send transactional emails such as onboarding, billing confirmations, digest reports, and crisis alerts
• Send marketing emails with your consent, which you can unsubscribe from at any time
• Measure how the Service is used so we can fix bugs and build better features
• Prevent fraud and abuse

3. AI and Data Processing

We use Anthropic's Claude API to generate response drafts and analyze review sentiment. When you request an AI draft, the relevant review text (which is already publicly available on Steam) is sent to Anthropic for processing. Generated drafts are stored in our database and associated with your account. Anthropic does not use your data to train their models, and we do not use your data to train any models. The Service never posts responses to Steam on your behalf; all AI drafts require your manual review and approval.

4. Cookies and Browser Storage

We use essential cookies for authentication (Supabase session tokens). These cookies are necessary for the Service to function and cannot be disabled while using the application.

We also use your browser's sessionStorage and localStorage for limited purposes: storing an anonymous analytics session identifier (cleared when the tab closes), remembering UTM campaign parameters for the duration of a session, and saving UI preferences such as whether you've dismissed a promotional prompt. None of this data is sent to third-party advertisers.

We do not use third-party tracking cookies, advertising cookies, or retargeting pixels. If we enable Google Tag Manager in the future, we will update this policy accordingly.

5. Data Sharing and Third-Party Processors

We do not sell, rent, or trade your personal information. We share data only with the following service providers, strictly to operate the Service:

• Stripe processes subscription payments. Stripe receives your payment details directly and shares billing status with us. See Stripe's Privacy Policy.
• Anthropic powers AI response generation and review analysis. Only review text (publicly available on Steam) is sent to Anthropic. See Anthropic's Privacy Policy.
• Resend delivers transactional and marketing emails on our behalf. Resend receives recipient email addresses and email content. See Resend's Privacy Policy.
• Supabase hosts our database and authentication infrastructure. All user data is stored on Supabase servers. See Supabase's Privacy Policy.
• Vercel hosts the Service and runs scheduled tasks. See Vercel's Privacy Policy.

We may also share information if required by law, subpoena, or other legal process, or to protect the rights and safety of ReviewRescue, our users, or the public.

6. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase with row-level security policies that ensure each user can only access their own organization's data. All data in transit is encrypted via TLS. Passwords are hashed with bcrypt before storage.

While we take reasonable measures to protect your information, no system is perfectly secure. If we become aware of a security breach that affects your personal data, we will notify you promptly in accordance with applicable law.

7. Data Retention

• Active accounts: Data is retained for as long as your subscription is active.
• After cancellation: Your data remains accessible for 30 days so you can export it, after which it is permanently deleted.
• Analytics events: Retained for 90 days, then automatically deleted.
• Review audit cache: Results from the free audit tool are cached for 7 days, then deleted.
• Lead and waitlist data: Retained until you unsubscribe or request deletion.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your data
• Export your data in a portable format
• Object to or restrict certain processing of your data
• Withdraw consent for marketing emails at any time

To exercise any of these rights, email us at quod@steamdevtools.com. We will respond within 30 days. Every marketing email we send includes a one-click unsubscribe link.

9. International Data Transfers

Our service providers may process data in the United States and other countries. By using the Service, you consent to the transfer of your information to these jurisdictions, which may have different data protection laws than your home country.

10. Children's Privacy

The Service is intended for business users and is not directed at anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by placing a prominent notice on the Service before the changes take effect. The “Last updated” date at the top reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions or concerns about this Privacy Policy or our data practices, contact us at quod@steamdevtools.com.