Privacy Policy

Last updated: March 2026

Stellarep.ai ("we," "us," or "our") provides an AI-powered review response platform built for healthcare practices. This Privacy Policy explains what information we collect, how we use it, and how we protect it.

Information We Collect

  • Account information — your name, email address, and authentication credentials via Clerk.
  • Google Business Profile data — OAuth tokens, review content, reviewer names, and star ratings from your connected profile(s).
  • Google OAuth access and refresh tokens — stored encrypted, used to authenticate API calls on your behalf.
  • AI-generated content — draft responses created by our AI on your behalf.
  • Payment information — billing details processed securely by Stripe. We never store full card numbers.
  • Usage data — pages visited, features used, and interaction patterns to improve the product.

Google API Services — Data Use Disclosure

Stellarep.ai integrates with the Google Business Profile API to access your business reviews. This section specifically describes how we access, use, store, and protect data obtained through Google API Services.

What Google data we access:

  • Your Google Business Profile location(s) name, address, and identifier
  • Review content (review text, star ratings, reviewer display names)
  • OAuth 2.0 access tokens and refresh tokens used to authenticate on your behalf

How we use Google data:

  • To fetch new reviews from your Google Business Profile(s) on a scheduled basis
  • To display your reviews inside the StellaRep.ai dashboard
  • To generate AI-drafted response suggestions using one or more AI language models
  • To post responses to Google Business Profile reviews when you click "Post Response"

What we do NOT do with Google data:

  • We do not sell, rent, or transfer Google user data to any third party
  • We do not use Google data for advertising or marketing purposes
  • We do not use Google data to train AI models
  • We do not allow humans to read your Google data except when required to provide the service or when required by law
  • We do not use Google data for any purpose other than the features explicitly described above

Limited Use Disclosure

Stellarep.ai's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use Google user data to provide and improve the features described in this Privacy Policy. We do not use Google user data for serving advertisements, and we do not allow humans to read your data unless you have explicitly given us permission to do so, it is necessary for security purposes, it is required by law, or our use is limited to internal operations.

Data Sharing for Service Delivery

When generating AI responses, the text of a Google review (not your Google credentials or tokens) is transmitted to one or more AI providers (which may include Anthropic, OpenAI, Google, or similar services) solely for the purpose of generating a draft reply. Google OAuth tokens are never shared with any AI provider or any party other than Google's own API infrastructure.

Revoking Google Access

You may revoke Stellarep.ai's access to your Google Business Profile at any time by:

  1. Going to Settings → Connections inside StellaRep.ai, or
  2. Visiting your Google Account permissions page at myaccount.google.com/permissions

Upon revocation, we will delete your stored OAuth tokens within 30 days.

How We Use Your Information

  • Generate AI-drafted review responses for your practice.
  • Monitor your Google Business Profile for new reviews.
  • Send email notifications about new reviews and account activity.
  • Process subscription payments and manage your account.
  • Improve our product, fix bugs, and develop new features.

HIPAA Compliance

We understand that healthcare reviews may contain Protected Health Information (PHI). StellaRep.ai operates as a Business Associate under HIPAA when processing data on behalf of covered entities.

  • We are prepared to enter into a Business Associate Agreement (BAA) with any covered entity upon request.
  • Our AI is specifically trained to generate HIPAA-safe responses that never confirm or disclose patient details.
  • PHI is processed only as necessary to provide the service and is never used for marketing or sold to third parties.

Note on Google Reviews: Google reviews are not considered PHI under HIPAA — they are patient-generated public content. However, our AI response generation is designed to never confirm, deny, or disclose any clinical details, appointment history, or treatment information in any response.

Data Storage & Security

Your data is stored in Supabase, a US-based infrastructure provider. All data is encrypted at rest and in transit using industry-standard encryption (AES-256 and TLS 1.2+). We implement role-based access controls and regularly review our security practices.

Third-Party Services

We use the following trusted services to operate Stellarep.ai:

  • Clerk — authentication and user management.
  • Stripe — payment processing and subscription billing.
  • Google — Google Business Profile API for review data.
  • Anthropic, OpenAI, Google, and/or other AI providers — AI language models for generating review responses. The specific provider(s) used may change over time as we evaluate quality and reliability.
  • Resend — transactional email delivery.

Each provider is selected for their security standards. We do not sell your data to any third party.

Data Retention

We retain your data for as long as your account is active. If you delete your account, all associated data — including review history, AI-generated responses, and personal information — will be permanently deleted within 30 days.

Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate information.
  • Request deletion of your account and data.
  • Revoke Google Business Profile access at any time.

Google Account Permissions

  • We request the https://www.googleapis.com/auth/business.manage scope.
  • This scope allows us to read your reviews and post responses on your behalf.
  • We do not access any other Google services or data beyond what this scope provides.

Contact Us

If you have questions about this Privacy Policy, need a BAA, or want to exercise your data rights, reach out:

info@stellarep.ai