Privacy Policy

1. Introduction

Asteri ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service management platform, including our Google Business Profile integration.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

• Email address
• Name
• Organization/business name
• Password (securely hashed)

2.2 Google Business Profile Data

When you connect your Google Business Profile, with your explicit consent, we access and store:

• Business Locations: Name, address, phone number, website, business hours
• Reviews: Customer reviews, star ratings, reviewer display names, and your responses
• Posts: Business updates, offers, and events you create through our platform
• Performance Insights: Search views, map views, website clicks, direction requests, phone calls
• OAuth Tokens: Encrypted access and refresh tokens to maintain your connection

2.3 What We Do NOT Collect

• Personal information of reviewers beyond their public display name
• Your personal Google account data unrelated to your Business Profile
• Payment information from Google (we use separate payment processing)
• Customer contact lists from Google

3. How We Use Your Information

We use the collected information to:

• Display your business locations and performance metrics in our dashboard
• Enable you to view and respond to customer reviews
• Allow you to create and schedule posts to your Google Business Profile
• Send automated review requests to your customers (if enabled)
• Generate AI-powered review response suggestions (if enabled)
• Provide analytics and insights about your business performance

4. Data Storage and Security

4.1 Encryption

All OAuth tokens (access and refresh tokens) are encrypted using AES-256-GCM encryption before being stored in our database. Tokens are never stored in plaintext.

4.2 Access Control

Your data is isolated at the organization level using Row-Level Security (RLS) policies. Only authenticated users within your organization can access your data.

4.3 Infrastructure

Our data is hosted on secure cloud infrastructure with industry-standard security measures, including encryption at rest and in transit.

5. Data Sharing

We do NOT:

• Sell your data to third parties
• Share your Google Business Profile data with other users or organizations
• Use your data for advertising purposes
• Transfer your data to third parties for their marketing purposes

We may share data only:

• With your explicit consent
• To comply with legal obligations
• With service providers who assist in operating our platform (under strict data protection agreements)

6. Data Retention and Deletion

6.1 Active Accounts

While your Google Business Profile is connected, we retain your synced data to provide our services. Data is refreshed periodically to stay current with your Google Business Profile.

6.2 Disconnection

When you disconnect your Google Business Profile from Asteri, we immediately and permanently delete:

• All cached reviews and your responses
• All posts created through our platform
• All performance insights and analytics data
• All business location data
• All review request history
• OAuth tokens and connection credentials

Important: Disconnecting from Asteri does NOT affect your actual Google Business Profile. Your reviews, posts, and business information on Google remain unchanged.

6.3 Account Deletion

If you delete your Asteri account, all data associated with your account is permanently deleted, including all Google Business Profile data.

7. Your Rights

You have the right to:

• Access: View all data we have stored about your organization
• Disconnect: Remove the Google Business Profile connection at any time from Settings
• Delete: Request complete deletion of your account and all associated data
• Export: Request a copy of your data in a portable format
• Revoke: Revoke Asteri's access directly through your Google Account settings

8. Third-Party Services

Our platform integrates with:

• Google Business Profile API: To sync and manage your business profile data
• AI Services: To generate review response suggestions (no personal data is shared)
• Communication Services: To send review requests via SMS or email (with your authorization)

Each third-party service has its own privacy policy. We encourage you to review them.

9. Cookies and Tracking

We use essential cookies to maintain your session and preferences. We do not use third-party tracking or advertising cookies.

10. Children's Privacy

Asteri is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@asteri.app

13. Google API Services User Data Policy

Asteri's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.