Privacy Policy
Last Updated: February 16, 2026
1. Introduction
Ultimax Media ("we," "our," or "us") operates ResponseIQ, a SaaS platform that helps businesses manage and respond to Google Business Profile reviews using AI-powered technology. This Privacy Policy explains how we collect, use, disclose, and protect your personal information.
By using ResponseIQ, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use our services.
2. Information We Collect
2.1 Information You Provide
- Account Information: Name, email address, company name, password (encrypted)
- Google Account: When you connect via Google OAuth, we access your email, name, and profile picture
- Business Information: Google Business Profile locations, business names, addresses, phone numbers, business hours, and categories
- Payment Information: Processed securely through Stripe (we do not store credit card numbers)
- Support Communications: Messages you send through support tickets
2.2 Information We Collect Automatically
- Reviews Data: Customer reviews from your Google Business Profile, including reviewer names, ratings, review text, and dates
- Usage Analytics: Pages visited, features used, time on site, browser type, device type, operating system, IP address
- Session Data: Login times, session duration, user activity
- Cookies: Essential cookies for authentication and session management (see Cookie Policy below)
3. How We Use Your Information
We use your information to:
- Provide Our Service: Sync reviews, generate AI responses, publish to Google Business Profile
- AI Response Generation: Analyze review content to create personalized, professional responses using AI models
- Account Management: Create and maintain your account, process payments, send service notifications
- Communication: Send transactional emails (new reviews, payment confirmations, support responses)
- Product Improvement: Analyze usage patterns to improve features and user experience
- Support: Respond to your questions and troubleshoot issues
- Security: Detect and prevent fraud, abuse, and security threats
- Legal Compliance: Comply with legal obligations and enforce our Terms of Service
4. Third-Party Services
We use the following third-party services to operate ResponseIQ:
Google (Google Cloud, Maps API, Business Profile API)
Purpose: Authentication (OAuth), fetching business locations and reviews
Data Shared: Email, name, business locations, reviews
Privacy Policy: https://policies.google.com/privacy
Stripe
Purpose: Payment processing and subscription management
Data Shared: Name, email, payment information
Privacy Policy: https://stripe.com/privacy
OpenAI / LiteLLM
Purpose: AI-powered review response generation
Data Shared: Review text, business information (anonymized where possible)
Privacy Policy: https://openai.com/policies/privacy-policy
SendGrid (Twilio)
Purpose: Transactional email delivery
Data Shared: Name, email address, email content
Privacy Policy: https://www.twilio.com/legal/privacy
DigitalOcean
Purpose: Cloud hosting and data storage
Data Shared: All application data is stored on DigitalOcean servers
Privacy Policy: https://www.digitalocean.com/legal/privacy-policy
Note: These third-party services are GDPR-compliant and use Standard Contractual Clauses (SCCs) for international data transfers.
5. International Data Transfers
Your information may be transferred to and processed in countries other than your own, including the United States, where our servers and service providers are located. These countries may have data protection laws different from your country.
When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data Processing Agreements with all third-party processors
- Compliance with GDPR and other applicable data protection regulations
6. Data Retention
We retain your information for as long as necessary to provide our services and comply with legal obligations:
- Active Accounts: Data is retained for the duration of your subscription
- Deleted Accounts: When you request account deletion, your data is scheduled for permanent deletion after a 30-day grace period
- Backups: Encrypted backups are retained for 90 days for disaster recovery purposes
- Legal Requirements: We may retain certain data longer if required by law or to resolve disputes
7. Your Rights (GDPR & CCPA)
You have the following rights regarding your personal information:
- Right to Access: Request a copy of all personal data we hold about you
- Right to Rectification: Correct inaccurate or incomplete information
- Right to Erasure ("Right to be Forgotten"): Request deletion of your account and data
- Right to Data Portability: Download your data in JSON format
- Right to Object: Object to processing of your data for certain purposes
- Right to Restrict Processing: Request we limit how we use your data
- Right to Withdraw Consent: Opt-out of marketing emails or data processing
How to Exercise Your Rights:
- Data Export: Go to Settings → Data & Privacy → Download My Data
- Account Deletion: Go to Settings → Data & Privacy → Delete Account
- Update Information: Go to Settings → Account Settings
- Email Preferences: Go to Settings → Notifications
- Other Requests: Contact us at privacy@responseiq.io
8. Security
We implement industry-standard security measures to protect your information:
- Encryption: All data is encrypted in transit (HTTPS/TLS) and at rest
- Password Security: Passwords are hashed using bcrypt (one-way encryption)
- Access Controls: Role-based access controls and authentication tokens (JWT)
- Secure Infrastructure: Hosted on secure DigitalOcean servers with firewall protection
- Regular Security Audits: Ongoing monitoring and security assessments
- Data Backups: Encrypted daily backups with 90-day retention
While we take reasonable precautions, no system is 100% secure. We cannot guarantee absolute security but will notify you promptly of any data breach as required by law.
9. Cookie Policy
We use cookies to provide and improve our service:
Essential Cookies (Required)
- Authentication: Keep you logged in to your account
- Session Management: Maintain your session state
- Security: Prevent fraud and protect your account
Analytics Cookies (Optional - Marketing Site Only)
- Google Analytics: Track page views and user behavior on our marketing website
- You can opt-out via cookie banner on our marketing site
Note: The customer application (app.responseiq.io) only uses essential cookies. No third-party tracking cookies are used in the authenticated app.
For more details, see our full Cookie Policy.
10. Data Breach Notification
In the event of a data breach that affects your personal information, we will:
- Notify you within 72 hours of discovering the breach
- Report to relevant data protection authorities as required by law
- Provide details about what data was affected and steps we're taking
- Offer guidance on protecting yourself from potential harm
11. Children's Privacy
ResponseIQ is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@responseiq.io.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make significant changes, we will:
- Update the "Last Updated" date at the top of this policy
- Notify you via email if the changes materially affect your rights
- Request your consent if required by law
Your continued use of ResponseIQ after changes indicates acceptance of the updated policy.
13. Contact Us
For questions about this Privacy Policy or to exercise your data rights, contact us:
Data Protection Officer: For GDPR-related inquiries, contact our DPO at privacy@responseiq.io