System

Security

ReviewPilot is entrusted with access to your Google Business Profile. We take that responsibility seriously. Here is how we protect your data.

OAuth 2.0 Authentication

Access to your Google Business Profile is gated by Google's own OAuth 2.0 protocol. You authorise specific scopes — we never touch anything outside of review management.

TLS 1.3 Encryption in Transit

All communication between your browser, our servers, and Google's APIs is encrypted with TLS 1.3. Data is never transmitted in plain text.

AES-256 Encryption at Rest

Your Google OAuth tokens and all personal data are stored encrypted on disk using AES-256. Credentials are never written to application logs or analytics pipelines.

Password Security

User passwords are hashed with bcrypt (cost factor 12) before storage. Plain-text passwords are never stored or logged at any point.

Breach Notification

In the event of a security incident, affected users will be notified within 72 hours in accordance with applicable data protection regulations.

Minimal Data Collection

ReviewPilot collects only what is necessary to operate the service. Review data is used solely for response generation and is never sold to or shared with third parties.

Security Enquiries

To report a security vulnerability or request our security documentation, contact security@tryreviewpilot.com.