Privacy Policy

We're committed to protecting your privacy and being transparent about how we handle your data, especially regarding Google Business Profile API integration

Last updated: June 2025

Contents

1. Company Details

Company:Nuvem Catita Unipessoal Lda
NIPC:516958089
Head Office:Avenida Aida 411, Centro Comercial Estoril Garden, 2765-187 Estoril, Portugal

TrueStars.ai is a service provided by Nuvem Catita Unipessoal Lda, headquartered in Portugal. This Privacy Policy explains how we collect, use, and protect your personal data under the EU General Data Protection Regulation (GDPR), with special attention to our Google Business Profile API integration.

2. What Data We Collect

We may collect the following types of data:

  • Business identity and contact information
  • Google Business review data (with your permission)
  • NFC interaction logs (e.g., timestamp, browser info)
  • IP address, cookies, and usage data from website interactions
  • Consent timestamps for compliance purposes (without storing personal data)

3. Google Services Integration

Google Business Profile API Usage

  • βœ…We facilitate customer reviews through Google Business Profile APIs
  • βœ…We do NOT store, cache, or modify your review content
  • βœ…We do NOT access your existing Google reviews
  • βœ…We only redirect customers to Google's official review interface

User Consent for Automated Actions

  • πŸ”’Every automated action requires your explicit prior consent
  • πŸ“±NFC card interaction triggers a consent request before any redirect
  • ⏰You can withdraw consent at any time
  • πŸ“ŠWe log consent timestamps for compliance purposes (without storing personal data)

Third-Party Authentication

  • πŸ”‘Restaurant partners must authenticate with their own Google Business accounts
  • 🚫We do NOT share API credentials between different restaurant locations
  • πŸ”Each location maintains independent access to their Google Business Profile

4. How We Process Your Data

We process your data to:

  • Provide NFC review facilitation service
  • Redirect customers to Google Reviews with consent
  • Analytics and service improvement
  • Customer support and communication
  • Legal compliance and fraud prevention

Specifically for Review Services:

  • ❌We do NOT create, edit, or delete reviews on your behalf
  • ❌We do NOT automatically post content without user action
  • ❌We do NOT interfere with Google's review monitoring systems
  • βœ…We maintain transparent audit trails for all API interactions

5. Review Authenticity and Google Policy Compliance

Our Commitment to Authentic Reviews

  • βœ…We only facilitate reviews from genuine customers who visited your establishment
  • βœ…We prohibit and actively prevent fake review generation
  • βœ…Staff must verify customer authenticity before providing NFC cards
  • βœ…We do not incentivize specific rating levels (1-5 stars)

Prohibited Activities

We strictly prohibit:

  • ❌Creating fake or automated reviews
  • ❌Paying customers for specific ratings
  • ❌Reviewing businesses you haven't visited
  • ❌Using our service to manipulate Google rankings artificially

Google Policy Compliance

  • πŸ”’All activities comply with Google Business Profile API policies
  • πŸ‘€We do not interfere with Google's monitoring or auditing
  • πŸ“ŠWe maintain full transparency with Google regarding our API usage
  • 🚨We immediately report any suspicious activity to relevant authorities

7. Data Sharing & Third-Party Access

We share data with:

βœ… Google (via official APIs)

Customer redirect data for review facilitation

βœ… Essential service providers

Payment processing, hosting, analytics

βœ… Legal authorities

When required by law or to prevent fraud

Google-Specific Sharing:

  • β€’We share minimal necessary data with Google through official Business Profile APIs
  • β€’We do NOT provide Google with customer personal information
  • β€’Redirects to Google Reviews are direct and transparent
  • β€’Google processes review data according to their own privacy policies

We NEVER share data with:

  • ❌ Review farms or fake review services
  • ❌ Competitors or unauthorized third parties
  • ❌ Marketing agencies (without explicit consent)
  • ❌ Any party that violates Google's content policies

8. Your Rights

You may request at any time:

Access Rights

  • β€’ Access to your personal data
  • β€’ Data portability

Control Rights

  • β€’ Rectification or erasure
  • β€’ Restriction or objection to processing

Submit requests via:sa@truestars.ai

9. Your Rights Regarding Review Services

As a Customer:

  • βœ…Right to withdraw consent before completing a review
  • βœ…Right to edit or delete your review directly on Google
  • βœ…Right to report inappropriate use of our service
  • βœ…Right to opt-out of future review requests

As a Restaurant Partner:

  • βœ…Right to disconnect Google Business Profile integration
  • βœ…Right to audit all review facilitation activity
  • βœ…Right to receive transparency reports on service usage
  • βœ…Right to terminate service with immediate effect

Complaint Process:

  1. 1. Contact us at: sa@truestars.ai
  2. 2. Google Business Profile support (for review-related issues)
  3. 3. CNPD Portugal (for privacy-related complaints)
  4. 4. Google API compliance team (for policy violations)

10. Cookies & Tracking

Essential Cookies

  • πŸ”’Session management and security
  • βš™οΈService functionality and user preferences
  • πŸ“ŠConsent tracking for compliance

Analytics Cookies (Optional)

  • πŸ“ˆUsage patterns and service improvement
  • 🎯NFC interaction analytics
  • πŸ”Error tracking and performance monitoring

Your Cookie Control

You can control cookies through:

  • βš™οΈBrowser settings and preferences
  • πŸŽ›οΈOur cookie consent banner
  • πŸ“§Email us at sa@truestars.ai for specific requests

11. Data Retention

Business Data

  • πŸ“…Restaurant profiles: Duration of service agreement + 3 years
  • πŸ”‘API authentication data: Duration of service agreement
  • πŸ“ŠUsage analytics: 2 years for service improvement

Customer Data

  • ⏰NFC interaction logs: 30 days maximum
  • βœ…Consent records: 3 years for compliance
  • 🚫Review content: We do NOT retain any review content

Legal and Compliance Data

  • βš–οΈLegal compliance records: 7 years
  • πŸ›‘οΈSecurity incident logs: 3 years
  • πŸ“‹Audit trails: 5 years for Google API compliance

12. Contact & Complaints

General Privacy Inquiries

sa@truestars.ai

Google API Compliance Issues

sa@truestars.ai

Review Authenticity Reports

sa@truestars.ai

Data Controller

Nuvem Catita Unipessoal Lda

Avenida Aida 411

Centro Comercial Estoril Garden

2765-187 Estoril, Portugal

Data Protection Authority

CNPD (Comissão Nacional de Proteção de Dados), Portugal

If you are not satisfied with our response to your privacy concerns, you may lodge a complaint with the Portuguese Data Protection Authority.

13. Policy Updates & Compliance

Regular Reviews

  • πŸ“…This policy is reviewed quarterly for Google API compliance
  • πŸ”„Updates reflect changes in Google Business Profile policies
  • πŸ“§We notify partners of material changes via email (48 hours advance notice)

Google Policy Changes

  • πŸ‘€We monitor Google Business Profile API policy updates
  • ⚑Service modifications implement new Google requirements immediately
  • πŸ›‘Non-compliant features are disabled until compliance is achieved

Version History

  • πŸ“Last Updated: June 2025
  • πŸ”œNext Review: September 2025
  • ✨Major Changes: Added Google Business Profile API compliance sections

Important Notice

This policy must be read in conjunction with Google's Business Profile API policies and terms of service. In case of conflicts between our policy and Google's requirements, Google's policies take precedence for API-related activities.