RevGon

Privacy Policy

Last updated: May 18, 2026

TL;DR

We collect the bare minimum to file a Google policy report: your email, your practice name, the review URL, and any notes you choose to write. We do not store the body of the review. We do not sell data. We do not handle PHI.

1. What we collect

When you use RevGon, we collect:

  • Your email address (for sign-in and case updates).
  • Your practice or business name.
  • The public URL of the Google review you want reviewed.
  • Optional notes you write about the case in our form.
  • Basic payment data via Stripe (we never see full card numbers).
  • Standard log data: IP, browser, and timestamps for security and abuse prevention.

2. What we do NOT collect

We intentionally do not store the full text of any Google review in our database. Reviews of dental practices can include patient information, treatment details, or symptoms. Storing that text creates risk for you and for us. Our submission form asks for the review URL, not the review body. We follow the link only to identify the review at Google.

We do not collect or process Protected Health Information. Please do not paste patient names, diagnoses, or treatment details into our forms or emails. See our No PHI Disclosure for the full statement.

3. How we use what we collect

We use your information to:

  • File the policy report with Google on your behalf.
  • Send you case-status emails and receipts.
  • Charge your card after a confirmed removal.
  • Improve the service in aggregate, anonymized ways.
  • Respond to support requests at hello@revgon.com.

We do not sell your data. We do not share your data with advertisers. We do not run third-party retargeting pixels on authenticated pages.

4. Processors we use

We use a small set of vetted vendors. Each processes data only for the purpose described:

  • Supabase hosts our database and authentication system. They are our data processor for account and case records.
  • Stripe processes payments. They handle card data directly. RevGon never sees your full card number.
  • Resend sends our transactional emails (magic links, case updates, receipts).
  • Vercel hosts the website and serves the app.

Each of these vendors has its own privacy policy. By using RevGon, you agree that we can route the necessary data through them to make the service work.

5. No PHI clause

RevGon is not a HIPAA covered entity and is not a business associate. We do not store, process, or transmit Protected Health Information. Our data model is built to make PHI collection impossible by design (URL-only, no review body storage). If you ever paste PHI into a notes field by accident, email us and we will purge it.

6. Cookies

We use first-party session cookies for sign-in. That is it. We do not run third-party analytics, advertising, or behavioral tracking cookies on authenticated pages. The marketing pages may include privacy-respecting analytics (no individual user tracking, no cross-site profiles).

7. Your rights

No matter where you live, you can ask us to:

  • Show you the data we have about you.
  • Correct anything inaccurate.
  • Delete your account and the data tied to it.
  • Export your data in a portable format.

Email hello@revgon.com from the address on your account and we will respond within 30 days.

8. GDPR (Europe)

If you are in the European Economic Area or the UK, you have the rights listed above plus the right to lodge a complaint with your local data protection authority. Our legal basis for processing your data is the contract you enter when you submit a case (Article 6(1)(b) GDPR). For account email and case updates, our basis is legitimate interest in operating the service.

9. CCPA (California)

California residents have the rights listed above plus the right to know what data we have collected, the right to request deletion, and the right to non-discrimination for exercising these rights. We do not sell personal information, so the right-to-opt-out-of-sale does not apply. Submit requests to hello@revgon.com.

10. Data retention

We keep case records for as long as your account is active and for 24 months after the last activity on an account, then we purge. You can ask for earlier deletion at any time.

Receipts and tax records are kept for the period required by applicable tax law (typically 7 years in the US), even if you close your account.

11. Security

We use industry-standard practices: encrypted transport (TLS), encrypted storage at rest with our processors, role-based access for the small staff who can see case data, and row-level security in the database so accounts cannot read each other's data. No system is bulletproof. If we discover a breach that affects you, we will tell you within 72 hours of confirming it.

12. Children

The service is for businesses. We do not knowingly collect data from anyone under 18. If you believe a minor created an account, email us and we will remove it.

13. Changes

When this policy changes in a material way, we will email account holders at least 14 days before it takes effect. The last-updated date at the top always reflects the current version.

14. Contact

Privacy questions: hello@revgon.com.