Privacy Policy
Last Updated: May 13, 2025
Introduction Havens Marketing Corporation (“Havens Marketing,” “we,” “our,” or “us”) provides a software-as-a-service platform that helps local businesses request, collect and manage Google Reviews (the “Service”). Protecting your privacy is important to us. This Privacy Policy explains how we collect, use, share and safeguard information when you use the Service, visit our website or otherwise interact with us. By using the Service, you agree to the practices described here.
Information We Collect We collect four main categories of information. First, identity and contact details—your name, business name, postal address, email address and phone number—come from account-signup forms or approved third-party integrations and let us create and manage your account, provide user support and communicate with you. Second, billing and payment information, such as the last four digits of your payment card, billing address, subscription tier and payment history, is supplied by Stripe and QuickBooks so we can process payments, prevent fraud and meet accounting requirements. Third, we gather client lists and review data, meaning the names, contact details, locations and Google review content of your customers that you import via CSV, Google APIs or integrations like Zapier; this data powers our core functions of sending review requests, monitoring reviews and producing analytics. Finally, we capture usage and device information—for example, IP address, browser type, pages visited, referring URL and cookie identifiers—automatically through cookies, log files and analytics software to secure, operate and improve the Service and for marketing analytics. We do not intentionally collect sensitive personal information such as health data, government identification numbers or data about children, and we ask that you do not provide such information through the Service.
Legal Bases & Consent We process personal data only when we have a lawful basis to do so. Depending on the context, the relevant grounds are your explicit consent (for instance, when you tick a box agreeing to our data practices); the necessity of performing our contract with you; our legitimate interests—such as improving and securing the Service or marketing to existing customers—provided those interests are not overridden by your rights; and our need to comply with legal obligations, including tax and accounting laws.
How We Use Information The information described above is used to provide, operate and maintain the Service; process payments and manage subscriptions; send administrative messages, updates and security alerts; analyse and improve the Service; send marketing communications that you can opt out of at any time; and detect, prevent and respond to fraud, abuse or security incidents.
SMS Messaging We will never share your mobile opt-in status or phone number with third parties for their marketing purposes. You may receive review request notifications, account and subscription updates, security alerts (e.g., two-factor authentication codes) and occasional marketing messages about new features or promotions. Message frequency may vary depending on your activity and settings. Message and data rates may apply. To opt out of all SMS communications, reply STOP; you will receive a confirmation message and no further marketing texts. For support, reply HELP or email [email protected].
Sharing & Service Providers We disclose personal data only to service providers that help us run the business. These providers include Stripe for payment processing, QuickBooks for accounting, Amazon Web Services (U.S. regions) for cloud hosting and storage, Google Analytics and Meta Ads for analytics and marketing, and SendGrid for email and in-app communications. Each vendor may process data only on our instructions and under contractual obligations to safeguard it.
Cookies & Tracking Technologies We use first-party and third-party cookies and similar technologies for analytics and advertising. A cookie banner allows U.S. visitors to accept or reject non-essential cookies, and visitors from the EEA or the U.K. receive a granular consent tool that complies with the GDPR.
International Data Transfers All data is currently hosted in the United States. If we later transfer personal data outside a user’s jurisdiction, we will rely on an approved legal mechanism such as the European Commission’s Standard Contractual Clauses or an equivalent framework.
Retention & Deletion We keep account and identity data while your account is active and for thirty (30) days after cancellation, after which it is deleted or anonymised. Billing and payment records are retained for seven (7) years to satisfy U.S. tax and accounting requirements. Client lists and review data remain in the platform while the account is active and for thirty (30) days thereafter, although you can delete specific records at any time from within the Service. Encrypted system backups are stored for up to ninety (90) days before being automatically overwritten. Upon a verified request, we will delete or anonymise personal data within thirty (30) days unless a longer retention period is required by law.
Security Measures We protect personal data with TLS 1.2 or higher encryption in transit and AES-256 encryption at rest, host infrastructure in AWS data centres that hold SOC 2 Type II and ISO 27001 certifications, enforce multi-factor authentication for all administrative accounts and conduct annual penetration tests and quarterly access reviews.
Your Privacy Rights Depending on your location, you may have the right to access or receive a copy of your personal data, correct inaccuracies, delete your data (the “right to be forgotten”), opt out of targeted advertising or the “sale” of data as defined by California law, port your data to another provider and object to or restrict certain processing. To exercise any of these rights, please email [email protected]. We will verify your request and respond within the timelines required by law, typically thirty to forty-five (30–45) days.
Children Our Service is not directed to children under eighteen (18) years of age, and we do not knowingly collect data from minors. If you believe a minor has provided us with data, please contact us so that we can delete it.
Changes to This Policy We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or a banner on our site and will post the new version with an updated “Last Updated” date.
