Privacy Policy

Last updated: May 2026

1. Introduction

DishReply is committed to protecting the personal data of restaurateurs. This policy details how we process your data in compliance with the GDPR (General Data Protection Regulation) and Google API Services User Data Policy.

2. Google User Data: Access & Usage

Our application interacts with your Google Business Profile data via official Google APIs. To comply with Google's requirements, here is exactly how we handle this data:

  • Data Accessed: We specifically access your Google Business Profile reviews (review content, author name, star rating, and date) and your establishment's name. We request this access using the https://www.googleapis.com/auth/business.manage scope.
  • Data Usage: This data is accessed and processed solely to detect new customer reviews and to generate contextually appropriate AI-powered response suggestions for you to review.
  • Data Storage: Review content is temporarily stored in our secured database (Turso) to allow you to review, edit, or publish responses via WhatsApp. We strictly do not store your Google account credentials.
  • Data Sharing: We do not share, sell, or use your Google user data for advertising. Only the raw text of the review is securely sent to OpenAI to generate a response (see Section 4).

DishReply's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

3. Purpose of Processing

Your data is used exclusively to:

  1. Detect new Google reviews for your establishment.
  2. Generate response suggestions via our AI.
  3. Send these suggestions to you on WhatsApp for validation and publishing.

4. Third-Party Services & Sub-processors

To provide the service, DishReply uses the following sub-processors:

  • Stripe: Payment management.
  • Meta (WhatsApp): Notification delivery.
  • Google API: Review synchronization and response publishing.
  • OpenAI: AI processing. Only the review text is sent to generate a response; your private account data is never shared or used to train OpenAI models.

5. Your Rights & Contact

In accordance with GDPR, you have the right to access, rectify, or delete your personal data. You can exercise these rights or ask any privacy-related questions by contacting our team at: contact@dishreply.com.