This Privacy Policy describes how ResponseRx, Inc. (“ResponseRx,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards personal information. This Policy is based on our operations in the United States and applies to information collected through surveys, website forms, offline interactions, and related services.

Information We Collect

We collect personal information that may include:
• First and last name
• Email address
• Phone number
• Information provided voluntarily in surveys, including feedback and contact details
• Publicly available reviewer display name, rating, and review text from Google Business Profile
• Contact information for prospective and existing clients

How We Collect Information

We collect information in the following ways:
• Through ResponseRx surveys voluntarily completed by individuals
• From Google reviews posted on our clients’ Google Business Profiles
• Through website forms, including demo and marketing forms
• Through offline interactions such as conferences or networking events

We may also use cookies, pixels, and analytics tools such as Google Analytics.

‍

How We Use Information

We use personal information for the following purposes:
• Providing services to our clients and users
• Customer support and communications
• Payment processing
• Marketing and lead generation
• Analytics and research

We do not sell personal data or use it to train general-purpose AI/ML models. As described in this policy, we use AI technologies solely for the specific purpose of providing our services, such as generating draft responses to customer reviews.

Legal Bases for Processing and Consent

ResponseRx, Inc. is based in the United States and does not intentionally target or market to individuals in the European Union or the United Kingdom. Therefore, we do not believe we are subject to the GDPR or UK GDPR at this time. If we do process personal data of EU/UK residents, our legal bases would be:
• Legitimate Interest: to provide and improve our services in the nature of provider reviews
• Consent: for marketing communications or activities requiring opt-in

How we obtain and record consent:
• Website Forms: Consent is obtained when a user checks a box or submits a form after reviewing a disclosure. This is recorded in our systems with a timestamp.
• Client Sign-Up: Consent to our Terms of Service and Privacy Policy is a required step in the account creation process.
• ResponseRx Surveys: By voluntarily filling out and submitting a survey, the individual consents to being contacted about their feedback.

Sharing and Disclosure

We do not sell personal data. We may share data only with our direct service providers that help us operate our services, and only as necessary for that purpose. We do not allow third parties to collect personal data directly from our site or app.

We will share personal data in response to a valid legal order.

We do not transfer personal data internationally. All of our technology stacks are based in the United States.

Data Retention

We retain personal information for as long as a client maintains an active account and for a reasonable period thereafter to meet operational and legal obligations, including financial record-keeping and dispute resolution. Marketing data is retained until an individual opts out or until the information is no longer relevant. Criteria for determining retention periods include legal requirements, contractual obligations, and the relevance of the data to our business purposes.

Data Security

We implement safeguards to protect personal data, including HIPAA-compliant encryption, access controls, monitoring, and vendor management. We are adopting a written information security policy.

Your Privacy Rights

Individuals have rights to access, correct, and delete their personal data, as well as to opt out of communications. Requests may be submitted by phone (855) 600-0585, email hello@ResponseRx.ai, mail 4530-15 St. Johns Ave. #337 Jacksonville, FL 32210, or form submission https://www.responserx.ai. We verify the identity of requesters through email or SMS verification. We do not currently respond to 'Do Not Track' signals but will honor cookie preferences when our banner is deployed.

Children’s Privacy

We do not knowingly collect personal information from children under the age of 13. If we discover that we have inadvertently collected such information, we will delete it promptly.

Cookies and Tracking

We may use essential, analytics, and advertising cookies or trackers. Users will be able to manage cookie preferences when our consent banner is deployed.

Sensitive Information

We do not collect sensitive personal information such as Social Security numbers, driver’s license details, precise geolocation, racial or ethnic origin, union membership, health or biometric data, or sexual orientation.

Third-Party Integrations and Services

Information from Google Business Profile To use our services, you must connect your Google Business Profile to your ResponseRx account. By authorizing this connection, you grant us permission to access specific information from your Google Account via Google's API. Our access and use of this information are strictly limited to providing and improving our services as described below.

‍

What Information We Access We access the following types of data from your connected Google Business Profile:

• Account and Profile Information: Your name and email address. We use this to authenticate your account, display your profile within our platform, and communicate with you.
• Business Profile Data: Information about the business locations you manage, including business names, addresses, phone numbers, hours, and categories. This allows you to select and manage your locations from within the ResponseRx platform.
• Customer Review Data: The content of reviews posted to your Google Business Profile, including the reviewer's public name, the rating provided, the text of the review, and associated timestamps. This data is essential for our core service of managing and responding to reviews.

‍

How We Use and Share This Information We are committed to using your data responsibly and transparently.

• Service Delivery: We use your Account, Business Profile, and Customer Review Data to operate the ResponseRx platform, enabling you to monitor your online reputation and manage review responses efficiently.
• AI-Powered Review Responses: Customer review data is processed by our AI systems to generate personalized, brand-aligned, and HIPAA-compliant response suggestions. This processing is for the sole purpose of generating a response to a specific review and is not used for training general AI/ML models.
• Authentication Token Management: To maintain a secure and persistent connection to your Google Business Profile, we securely store Google-provided authorization tokens (OAuth access and refresh tokens).
• Sharing with Third-Party Service Providers: To provide our AI-powered review response features, we may utilize trusted third-party service providers under contract. The information shared is strictly limited to the data necessary to perform their function, such as the text of a customer review and relevant, non-personally identifiable business information. These providers are contractually obligated to protect your data and are prohibited from using it for any other purpose.
• Important Note: We do not share your personal Google account credentials, personal profile information (name, email), or Google authorization tokens with any third-party AI service providers.

‍

Compliance with Google Policies ResponseRx's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. For more information, you can also review Google's Privacy Policy.

‍

Your Data Control and Deletion Rights You have full control over your data and the connection between your Google account and ResponseRx.

• Disconnecting within ResponseRx: You can disconnect your Google account from our platform at any time through your account settings. This action will immediately revoke our authorization tokens and cease all future data synchronization.
• Revoking Access via Google: In addition to managing the connection from our platform, you can revoke ResponseRx's access to your data at any time directly from your Google Account's security settings.
• Account Deletion: You may request the permanent deletion of your account and all associated data by contacting us via the methods listed in the "Your Privacy Rights" section. Upon deletion, all of your data—including your user profile, Google connections, synced business locations, and reviews—is permanently removed from our systems.

‍

Links to Other Websites Our services may link to third-party websites. We are not responsible for the privacy practices of third-party sites. Please review their privacy policies directly.

‍

HIPAA Compliance

Certain services may involve information subject to HIPAA. In such cases, ResponseRx, Inc. acts as a Business Associate and handles Protected Health Information (PHI) only in compliance with HIPAA and any applicable Business Associate Agreements (BAAs). If there is a conflict between this Privacy Policy and a BAA, the BAA will govern with respect to PHI.

Policy Administration

Our Privacy Officer, J. Carleton Wilkins, is responsible for overseeing privacy compliance. We do not have a Data Protection Officer or EU/UK representative at this time. This policy is reviewed and updated on a bi-monthly basis.

Notifications and Updates

We will notify users of changes to this Policy by posting updates on our website. If we begin collecting materially new categories of personal data or use data for new purposes, we will first update this Policy and provide appropriate notice.

Enforcement and Liability

We are committed to addressing privacy complaints and disputes. Individuals may contact us using the details below, and we will work to resolve any concerns in good faith. If applicable, additional remedies may be available under industry-specific laws such as HIPAA.

Contact Us

ResponseRx, Inc.
4530-15 St. Johns Ave. #337
Jacksonville, FL 32210
Email: hello@ResponseRx.ai