Glintback
Join waitlist

Privacy Policy

Your privacy matters to us.

Last updated: April 2, 2026

Glintback ("we," "us," or "our") operates the Glintback platform at glintback.com. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service.

1. Information we collect

Account information

When you create an account, we collect your name, email address, and profile photo through Google OAuth. We do not store your Google password.

Google Business Profile data

When you connect your Google Business Profile, we access and store your business name, address, phone number, and category; your Google Place ID, account ID, and location ID; your current star rating and review count; individual reviews including reviewer name, photo URL, star rating, review text, and publication date; and the OAuth access and refresh tokens required to read reviews and post responses on your behalf.

We request the business.manage scope, which is the minimum permission required to read your reviews and post approved responses.

AI-generated response data

We store the AI-generated draft responses, any edits you make, your approval or dismissal decisions, the AI model used, and token counts for each generated response.

Billing information

Payments are processed by Polar.sh, our Merchant of Record. We do not directly collect or store your credit card number, bank account details, or other payment credentials. We store your Polar customer ID and subscription status (tier, billing cycle, and trial dates) to enforce plan limits.

Usage and analytics data

We collect anonymized usage analytics through PostHog, including pages visited, features used, scroll depth, and button interactions. This data helps us improve the product. We do not sell this data to third parties.

2. How we use your information

We use the information we collect to:

  • Authenticate you and manage your account
  • Sync reviews from your connected Google Business Profile locations
  • Generate personalized AI response drafts for your reviews
  • Post your approved responses to Google on your behalf
  • Classify reviews for safety (legal threats, employee mentions, discrimination allegations) and flag those requiring human attention
  • Perform sentiment analysis on your reviews
  • Send you email notifications about new reviews, especially critical 1–2 star reviews
  • Send weekly digest emails summarizing your review activity
  • Enforce subscription plan limits (response counts, location counts)
  • Display dashboard analytics including rating trends, review volume, response rates, and sentiment breakdowns
  • Improve our AI response quality and product features

3. AI processing

We use third-party AI models (including OpenAI's GPT-4o-mini, GPT-4o, and Anthropic's Claude) through the Vercel AI SDK to generate review response drafts. When generating a response, we send your business name, type, and city; your brand voice preferences and owner signature; the review text and star rating; and your most recent 3–5 responses for anti-repetition purposes.

We route reviews to different AI models based on star rating: positive reviews (4–5 stars) use cost-efficient models, while negative reviews (1–2 stars) use higher-quality models and always require your manual approval before posting. No response is ever posted to Google without your explicit approval.

4. Information sharing and disclosure

We share your information only in the following circumstances:

  • Google: We post your approved responses to Google's Business Profile API on your behalf, using the OAuth tokens you granted during onboarding.
  • AI providers (OpenAI, Anthropic): We send review content and business context to generate response drafts. These providers process data according to their respective privacy policies and data processing agreements.
  • Polar.sh: Our Merchant of Record processes your subscription payments and handles tax compliance.
  • Resend: Our email provider delivers notification and digest emails on our behalf.
  • PostHog: Receives anonymized product analytics data.
  • Hosting providers: Our infrastructure runs on Vercel and Railway. Your data is stored in a PostgreSQL database hosted on Neon. Background job state is stored in Redis hosted on Upstash or Railway.
  • Legal requirements: We may disclose your information if required by law, legal process, or government request.

We do not sell your personal information to third parties.

5. Data storage and security

Your data is stored in a PostgreSQL database hosted on Neon with encryption at rest. Google OAuth tokens are stored securely and refreshed automatically before expiry. We use HTTPS for all data transmission. Access to production systems is restricted to authorized personnel only.

6. Data retention

We retain your account data, review data, and response history for as long as your account is active. If you cancel your subscription, your data remains accessible for 90 days in case you choose to resubscribe. After 90 days, we delete your data from our active systems. Backups may retain data for up to an additional 30 days before being purged.

7. Your rights and choices

  • Access your data: View all stored reviews, responses, and account information through your dashboard.
  • Export your data: Request a full export of your data at any time by contacting us. We do not lock you in.
  • Disconnect Google: Revoke Glintback's access to your Google Business Profile at any time through your Google account settings or through our dashboard.
  • Delete your account: Request account deletion by contacting us. We will delete your data in accordance with our retention policy above.
  • Opt out of analytics: You can disable PostHog tracking using browser-based Do Not Track settings or ad blockers.
  • Manage email preferences: Unsubscribe from non-essential emails (digests, marketing) at any time. Transactional emails related to your account and critical review alerts cannot be disabled while your account is active.

8. Google API Services User Data Policy

Glintback's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only request the minimum scopes necessary to provide our service, and we do not use Google user data for advertising purposes.

9. Cookies

We use essential cookies for authentication and session management. PostHog may set analytics cookies to understand product usage. We do not use third-party advertising cookies.

10. Children's privacy

Glintback is designed for business owners and is not intended for use by anyone under the age of 18. We do not knowingly collect information from children.

11. International data transfers

Glintback is operated from Argentina and our infrastructure is hosted in the United States. If you are accessing the service from outside the United States, your data will be transferred to and processed in the United States. By using Glintback, you consent to this transfer.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our dashboard. Your continued use of Glintback after changes are posted constitutes acceptance of the updated policy.

13. Contact us

If you have questions about this Privacy Policy or our data practices, contact us at [email protected].