Privacy Policy

Last updated: July 5, 2026

This Privacy Policy explains how Rewyer ("we", "us") collects, uses and protects your information when you use our website and our review management service (the "Service"). We are based in the European Union and process personal data in accordance with the General Data Protection Regulation (GDPR).

1. Who we are

The Service is operated by Nikola Zivkovic PR Agencija za programerske usluge Novi Sad, registered in Novi Sad, Serbia (company registration no. 66662730, tax ID (PIB) 113217774), trading as "Rewyer". Rewyer is the data controller for the personal data described in this policy. You can reach us at hello@rewyer.io with any privacy-related question or request.

2. Information we collect

3. How we use Google user data

Limited Use disclosure. Rewyer's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we access your Google Business Profile data only to provide the features you have asked for:

We do not sell Google user data, do not use it for advertising, and do not transfer it to third parties except as necessary to provide the Service (see section 5), to comply with law, or as part of a merger or acquisition with prior notice. Human access to this data is limited to cases where you give explicit permission (e.g. a support request), where it is necessary for security purposes, or where required by law.

Review content is shared with our AI model provider solely to generate the reply drafts you requested. It is not used to train generalized AI models.

4. Legal bases

We process your data on the following GDPR legal bases: performance of our contract with you (providing the Service), our legitimate interests (security, service improvement), your consent (connecting your Google account, which you can withdraw at any time), and compliance with legal obligations (accounting, tax).

5. Who we share data with

We use a small number of processors to run the Service, each bound by a data processing agreement. We never sell your personal data. Our current processors are:

Where a processor is located outside the European Economic Area, transfers are protected by an adequacy decision (such as the EU–US Data Privacy Framework) or by the European Commission's Standard Contractual Clauses.

6. Data retention and deletion

We keep your data for as long as your account is active. If you disconnect your Google account, we stop accessing your Google Business Profile data and delete the cached copies within 30 days. If you delete your Rewyer account, we delete your personal data within 30 days, except where we are legally required to retain certain records (e.g. invoices). You can request deletion at any time by emailing hello@rewyer.io. You can also revoke Rewyer's access to your Google data at any time via your Google account permissions.

7. Your rights

Under the GDPR you have the right to access, rectify, erase, restrict or object to the processing of your personal data, the right to data portability, and the right to withdraw consent at any time. To exercise any of these rights, contact us at hello@rewyer.io. You also have the right to lodge a complaint with your local supervisory authority.

8. Security

We protect your data with encryption in transit and at rest, OAuth 2.0 for all Google access (we never see or store your Google password), access controls, and audit logging. Google access tokens are stored encrypted and used only server-side.

9. Cookies

Our website currently sets no tracking cookies and runs no analytics or advertising trackers. If that changes, we will update this policy and, where required, ask for your consent first. The application uses only strictly necessary cookies (such as a session cookie after you sign in), which do not require consent under EU rules.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you by email or through the Service before the changes take effect.