Privacy Policy

Privacy Policy

Last updated: July 3, 2026

1. Scope

This Privacy Policy explains how TestimonialSoftware.co (we, our, us) collects, uses, stores, and shares personal information when you use our websites, products, dashboard, integrations, widgets, hosted proof pages, and related services (Service).

This policy applies to workspace owners, team members, website visitors, and end users whose information appears in testimonial workflows.

2. Information We Collect

We may collect the following categories of information:

  • Account and identity data: name, email address, profile image, authentication identifiers, workspace role, and login metadata.
  • Workspace and business data: campaign names, configuration settings, publication preferences, custom domains, and moderation rules.
  • Testimonial content: reviewer name, rating, quote text, media, source URL, import source details, and moderation history.
  • Integration data: tokens and metadata required to connect supported third-party providers (for example, Google APIs) and fetch authorized data.
  • Communications and support data: inquiry details, support responses, and issue diagnostics submitted by users.
  • Technical and usage data: IP address, browser and device information, request logs, timestamps, and security events.

3. How We Collect Information

We collect information directly from you, from users you invite to your workspace, and from integrated third-party services you authorize. We also collect certain data automatically through server logs and essential site technologies.

4. How We Use Information

We use information to:

  • Provide, maintain, and improve the Service and user experience.
  • Authenticate users, secure accounts, and prevent fraud or abuse.
  • Process imports, moderation, publishing workflows, and user-requested integrations.
  • Send transactional communications such as account notices, security alerts, and service updates.
  • Comply with legal obligations and enforce our terms, policies, and rights.

5. Legal Bases (Where Applicable)

Depending on your location, our legal bases may include performance of a contract, legitimate interests (such as security and service operations), compliance with legal obligations, and your consent where required.

6. Google API Data and OAuth Data

When you connect Google integrations, we access only the scopes you authorize and use that data solely to provide requested features (such as listing connected business locations and importing reviews). We do not sell Google user data.

OAuth tokens are stored securely and can be revoked by disconnecting the integration from your workspace or through your Google account permissions.

7. Sharing of Information

We do not sell personal information. We may share data with trusted processors who help us operate the Service, including hosting, databases, email delivery, authentication, and infrastructure security vendors.

We may also disclose information where required by law, to protect rights and safety, to investigate abuse, or in connection with a corporate transaction.

8. Data Retention

We retain data for as long as needed to provide the Service, maintain security, resolve disputes, and satisfy legal or regulatory obligations. Retention periods may vary by data category and workspace activity.

9. Security

We use reasonable technical and organizational safeguards designed to protect personal information, including access controls, encryption in transit, and operational monitoring. No method of transmission or storage is fully secure, so absolute security cannot be guaranteed.

10. Cookies and Similar Technologies

We use essential cookies and similar technologies for authentication, session continuity, performance, and abuse prevention. Additional analytics technologies may be used where permitted by applicable law.

11. International Data Transfers

Your information may be processed in countries other than your own. Where required, we use appropriate safeguards to protect personal information during cross-border transfers.

12. Your Rights and Choices

Depending on your location, you may have rights to access, correct, delete, or export your personal information, and to object to or restrict certain processing. You may also request integration disconnection and token revocation.

To exercise rights, contact [email protected].

13. Child Privacy

The Service is not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect service, legal, or operational changes. We will update the Last updated date when revisions are posted.

15. Contact Us

For privacy questions or requests, contact [email protected].