Privacy Policy

Last updated: March 1, 2026

1. Overview

ReviewGlide ("we", "our", "the Extension") is a Chrome browser extension that helps dental clinics draft HIPAA-aware replies to patient reviews. This Privacy Policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

2.1 Review Text (Temporary)

When you generate a reply, the review text is sent to our server for processing. We do not store the original review text. Only a one-way SHA-256 hash is stored for deduplication purposes. The hash cannot be reversed to recover the original text.

2.2 Generated Replies

Generated reply text is stored in our database for your history and compliance audit trail. Reply drafts are checked for Protected Health Information (PHI) signals before they are shown.

2.3 Account Information

When you create an account, we store your email address, clinic name, and role (owner or front desk staff). Payment information is processed by Stripe and is not stored on our servers.

2.4 Anonymous Usage

Before sign-up, we generate a random Install ID (UUID) stored locally in your browser. This allows up to 3 free replies without an account. The Install ID cannot identify you personally.

3. Supported Platforms

The Extension operates on the following review platforms:

  • Google Business Profile (GBP)
  • Google Maps
  • Yelp
  • Facebook
  • Healthgrades
  • Zocdoc
  • Vitals
  • RateMDs
  • WebMD
  • RealSelf

On these platforms, the Extension reads review text visible on the page to generate replies. It does not access any data beyond what is publicly displayed on the review page.

4. Browser Permissions

The Extension requests only three Chrome permissions:

  • storage — to save your authentication token and cached replies locally
  • sidePanel — to display the ReviewGlide panel alongside review pages
  • activeTab — to read review text from the current tab when you interact with the Extension

5. HIPAA Compliance

ReviewGlide is designed around HIPAA-aware public review reply rules. AI Shield helps detect risky PHI language before a reply goes public. PHI detection events are logged in an append-only compliance audit trail.

Important: ReviewGlide is a compliance aid, not a substitute for professional legal advice. Clinics are responsible for reviewing all replies before posting. ReviewGlide helps teams avoid public PHI disclosure; final review remains with your practice.

6. Data Security

All data in transit is encrypted via HTTPS/TLS. Authentication tokens are stored securely in Chrome's local storage. Our database is hosted on Supabase with row-level security (RLS) policies that ensure account-level data isolation.

7. Data Retention & Deletion

Generated replies and compliance logs are retained for audit purposes. You may request deletion of your account and associated data by contacting us. Upon account deletion, all personal data is removed within 30 days, except where retention is required by law.

8. Third-Party Services

  • Google Gemini AI — processes review text to generate replies (text is not retained by Google for training)
  • Supabase — database and authentication hosting
  • Stripe — payment processing (we do not store credit card numbers)

9. Contact

For privacy questions or data requests, contact us at: privacy@reviewglide.tech