Privacy Policy

RevDone is operated by RevDone Health, Inc. (“RevDone”, “we”, “us”). RevDone is a reputation-management platform that helps independent dental, medical, and small-group practices import patient reviews, draft replies with AI, and publish them after approval.

This Privacy Policy explains how we handle information across the RevDone marketing site and the RevDone application. It applies to practices and users in the United States, United Kingdom, Canada, and Australia.

We collect the information needed to operate the service:

• Account information — your name, email address, avatar, and authentication identifiers.
• Organization and clinic information — practice name, locations, connected platform identifiers, and team membership and roles.
• Review content — reviews, ratings, and reviewer-provided text imported from connected platforms such as Google, Yelp, Trustpilot, and Healthgrades.
• Billing information — processed by our payments provider; we store plan, subscription status, and limited billing metadata, not full card numbers.
• Usage and device data — log data, IP address, browser type, and product interactions used for security and to improve the service.

RevDone is designed to minimize exposure to protected health information. Patient-authored reviews may nonetheless incidentally contain health-related details. Where RevDone processes PHI on behalf of a HIPAA covered entity, it does so as a Business Associate under a Business Associate Agreement (BAA).

AI-generated replies are constrained by guardrails that exclude patient treatments, conditions, medications, and identifying details, and never confirm whether an individual is a patient. See our HIPAA Notice for details.

We use information to provide and operate the service, draft and improve AI replies, generate sentiment and reputation analytics, process billing, provide support, maintain security and prevent abuse, and comply with legal obligations. We do not sell personal information, and we do not use patient review content to train third-party foundation models.

To draft replies, review text and limited context are sent to our AI provider. Output passes through RevDone’s HIPAA-aware guardrails before it is shown to you. AI processing is governed by data-protection terms with the provider, and review content is not used by the provider to train its models.

We rely on a small set of vendors, each bound by contractual data-protection terms:

• Supabase — application database, authentication, and hosting.
• Anthropic — AI model used to draft replies.
• DataForSEO — review and listing data ingestion.
• Resend — transactional email delivery.
• Paddle — subscription billing and merchant-of-record services.
• Google — OAuth sign-in and Google Business Profile access.

We share information only with the sub-processors above, when required by law or valid legal process, to protect the rights and safety of RevDone and others, or in connection with a merger, acquisition, or sale of assets (subject to this policy). We never sell personal information or PHI.

We retain information for as long as your account is active and for a limited period afterward as needed to meet legal, accounting, and security obligations. You may request deletion of your data at any time, subject to obligations under an applicable BAA.

We protect data with encryption in transit (TLS) and at rest (AES-256), per-organization row-level isolation in the database, least-privilege access controls, audit logging, and ongoing monitoring. No system is perfectly secure, but security is a foundational priority for RevDone.

Depending on where you live, you may have the right to access, correct, delete, export, or restrict the processing of your personal information, and to object to certain processing. We honor rights under the EU and UK GDPR, the CCPA/CPRA, PIPEDA, and the Australian Privacy Act. To exercise any right, contact us at privacy@revdone.com; we will verify your request and respond within the timeframe required by law.

RevDone is operated from the United States, and information may be processed there and in other countries where our sub-processors operate. Where required, we use appropriate safeguards such as standard contractual clauses for cross-border transfers.

We use strictly necessary cookies to keep you signed in and secure the service, and limited analytics cookies to understand product usage. You can control non-essential cookies through your browser settings.

RevDone is a business tool and is not directed to children. We do not knowingly collect personal information directly from children. Patient reviews are imported from third-party platforms and are not solicited by RevDone.

We may update this Privacy Policy from time to time. We will post the revised version with an updated date and, for material changes, provide additional notice through the product or by email.

For privacy questions or requests, contact RevDone Health, Inc. at privacy@revdone.com.