Revify← Back to site

Privacy Policy

Last updated: 24 June 2026

This Privacy Policy explains how MPiFY (“we”, “us”, “our”) collects, uses, and protects personal data when you use Revify (the “Service”), a platform that helps hospitality businesses centralise their customer reviews and draft replies. We are the data controller for the account information described below, and act as a data processor on behalf of our business customers for the review data they manage through the Service.

If you have any questions, contact us at hello@mpify.com.

1. Information we collect

  • Account information: your email address, password (stored hashed by our authentication provider), and organisation name.
  • Organisation & settings: your brand voice preferences and other configuration you provide.
  • Connected platform data: when you connect a third-party review platform (such as Google), we access and store the reviews, ratings, reviewer names and related content for the locations you authorise, together with the access tokens needed to do so.
  • Payment information: subscription and billing details are processed by Stripe; we do not store your full card details.
  • Usage & technical data: log data, IP address, and basic analytics necessary to operate and secure the Service.

2. How we use your information

  • To provide, maintain, and improve the Service.
  • To aggregate your reviews into a single dashboard.
  • To draft suggested replies to reviews using AI, based on your settings.
  • To process subscriptions and payments.
  • To communicate with you about your account and the Service.
  • To comply with legal obligations and protect against misuse.

3. Google user data

Where you connect a Google Business Profile, Revify’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We request the business.manage scope only to read the reviews of the business locations you explicitly connect, and to post replies you have approved.
  • We use this data solely to provide and improve user-facing features of the Service. We do not transfer or sell it to third parties, do not use it for advertising, and do not allow humans to read it except where you give explicit consent, where required for security or to comply with applicable law, or where the data has been aggregated and anonymised.
  • We do not use Google user data to train generalised AI or machine learning models.

4. AI processing

To draft suggested replies, the text of the relevant review and your brand voice settings are sent to our AI provider, Anthropic. This content is processed only to generate the draft and is not used to train their models. You remain responsible for reviewing and approving any reply before it is published.

5. Legal bases for processing (GDPR)

Where the GDPR applies, we process personal data on the bases of: performance of a contract (to provide the Service), our legitimate interests (to operate, secure and improve the Service), your consent (where requested, such as connecting a third-party platform), and compliance with legal obligations.

6. Sharing & sub-processors

We share data only with service providers that help us run the Service:

  • Supabase — authentication and database hosting.
  • Stripe — subscription and payment processing.
  • Anthropic — AI reply drafting.
  • Hetzner — application hosting infrastructure.

We do not sell your personal data. We may disclose data where required by law or to protect our rights.

7. Data security

We use appropriate technical and organisational measures to protect your data, including encryption in transit (TLS) and encryption at rest for sensitive credentials such as third-party access tokens. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

8. Data retention

We retain personal data for as long as your account is active or as needed to provide the Service, and thereafter only as required to comply with legal obligations, resolve disputes, and enforce our agreements. You may request deletion of your account and associated data at any time.

9. Your rights

Subject to applicable law, you may have the right to access, correct, delete, or export your personal data, to restrict or object to certain processing, and to withdraw consent. To exercise these rights, contact hello@mpify.com. You also have the right to lodge a complaint with your local data protection authority.

10. International transfers

Some of our providers may process data outside your country. Where this occurs, we rely on appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

11. Children

The Service is intended for businesses and is not directed at children under 16. We do not knowingly collect personal data from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version here and revise the “Last updated” date above.

13. Contact

MPiFY — hello@mpify.com.