ReviewPulse — Privacy Policy

                
                Your privacy matters. This policy explains what data we collect, why we collect it,
                how we use it, and your rights as a data subject under GDPR. Classroom Creatives acts as the
                data controller for account and usage data, and as a data processor
                for review content you upload.
            

Who we are (Controller identity)
What data we collect
How we use your data
Legal basis for processing
Third-party services and processors
Data retention
Security
International transfers
Your rights (GDPR)
Cookies
Children
Changes to this policy
Contact and complaints

1. Who we are (Controller identity)

ReviewPulse is a product of Classroom Creatives, a company registered in The Netherlands. We are the data controller for personal data collected through account registration, use of the platform, and communications with us.

Contact:
Classroom Creatives
Mennerdahof 19, 9033 XG Deinum, The Netherlands
KVK: 92388566
BTW: NL004953727B58
Email: contact@classroomcreatives.nl

2. What data we collect

2.1 Account data

When you register, we collect:

Name and email address;
Password (stored as a salted hash — we never store your plain-text password);
Organisation/company name;
Subscription and billing status.

2.2 Review and operational data

When you import reviews, we process the review content you provide, which may include:

Guest review text and ratings (public review content);
Review metadata (platform, date, language, reviewer alias);
AI-extracted issues and generated action plans derived from review content.

Guest reviews are public data published on third-party platforms. We do not independently collect personal data about your guests.

2.3 Usage data

We collect technical usage data to operate and improve the Service:

IP address and browser information (for security and session management);
Pages visited and actions taken within the platform;
AI token usage (for billing and abuse prevention).

2.4 Communications

If you contact us by email, we retain the correspondence to handle your request and provide support.

3. How we use your data

We use your data for the following purposes:

Service delivery: Operating your account, processing reviews, and generating AI outputs;
Billing: Managing subscriptions and invoicing;
Security: Authenticating users, detecting abuse, and protecting the platform;
Support: Responding to your questions and resolving issues;
Improvement: Analysing usage patterns (in aggregate, not individual-level) to improve the Service;
Legal compliance: Meeting our obligations under applicable law.

We do not sell your data. We do not use your review content to train AI models beyond what is required to provide the Service.

4. Legal basis for processing

Under GDPR, our legal bases for processing personal data are:

Contract performance (Art. 6(1)(b)): Processing necessary to deliver the Service under our Terms of Service (account management, review processing, billing);
Legitimate interests (Art. 6(1)(f)): Security monitoring, fraud prevention, and platform improvement;
Legal obligation (Art. 6(1)(c)): Where required by law (e.g., financial record keeping);
Consent (Art. 6(1)(a)): For optional communications such as product newsletters, where applicable.

5. Third-party services and sub-processors

We use carefully selected third-party service providers ("sub-processors") to operate the Service. All sub-processors are bound by a Data Processing Agreement and handle your data only as instructed by us.

Sub-processor	Purpose	Location	Safeguard
Microsoft Azure OpenAI	AI analysis of review text (issue extraction, action plans, response drafting)	EU (West Europe)	Microsoft DPA + SCCs
Mollie B.V.	Payment processing (subscriptions). Mollie processes payment data directly; we do not store card numbers or bank details.	Netherlands (EU)	EU-based, PCI-DSS compliant, Mollie DPA
Cloud hosting provider	Infrastructure and hosting for ReviewPulse services	EU	DPA + SCCs where applicable

We do not sell your data or share it with third parties for their own marketing purposes. A full list of sub-processors is available on request at contact@classroomcreatives.nl.

6. Data retention

We retain your data for as long as your account is active. The table below summarises our retention periods per data category:

Data category	Retention period
User account data (name, email, password hash)	Until account deletion, then permanently deleted within 30 days
Guest review data (imported from CSV)	Duration of subscription; deleted when organisation is deleted
AI-generated issues and action plans	Duration of subscription; deleted when organisation is deleted
Billing records (invoices, payment history)	7 years (Dutch tax law obligation), even after account deletion
Anonymised usage statistics	Indefinitely (no personal data)

You can delete your account at any time from My Account → Privacy & Data. Account managers can also delete the entire organisation and all associated data.

7. Security

We take the security of your data seriously and implement appropriate technical and organisational measures, including:

Passwords stored using industry-standard hashing (bcrypt);
HTTPS encryption for all data in transit;
Access controls limiting data access to authorised personnel only;
Regular security reviews of our platform and dependencies.

No method of transmission over the Internet is 100% secure. If you believe your account has been compromised, contact us immediately at contact@classroomcreatives.nl.

8. International transfers

ReviewPulse is operated from The Netherlands. Some of our sub-processors (including Microsoft Azure) may process data outside the EU/EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or that the recipient country has been deemed adequate by the EU.

9. Your rights (GDPR)

As a data subject under GDPR, you have the following rights:

Right of access

Request a copy of the personal data we hold about you.

Right to rectification

Ask us to correct inaccurate or incomplete personal data.

Right to erasure

Request deletion of your personal data ("right to be forgotten").

Right to restriction

Request that we restrict processing of your data in certain circumstances.

Right to portability

Receive your data in a structured, machine-readable format.

Right to object

Object to processing based on legitimate interests, including for direct marketing.

Many of these rights can be exercised directly in the app via My Account → Privacy & Data — you can download your data or delete your account without needing to contact us. For rights that require our involvement, contact us at contact@classroomcreatives.nl. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

10. Cookies

ReviewPulse uses a minimal set of cookies necessary to operate the Service:

Session cookie: Keeps you logged in during your browser session. This cookie is essential for the Service to function and does not require consent.
Remember-me cookie: Optional persistent login cookie, set only when you tick "Remember me" at sign-in. Expires after 30 days.

We do not use third-party tracking, advertising, or analytics cookies. We do not use Google Analytics or similar services.

11. Children

ReviewPulse is a business-to-business platform intended for adults. We do not knowingly collect personal data from individuals under 18 years of age. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by email or by a notice within the platform at least 14 days before they take effect. The date at the top of this page always shows when the policy was last updated.

13. Contact and complaints

For any privacy-related questions, requests to exercise your rights, or to report a data breach, please contact us:

Classroom Creatives
Email: contact@classroomcreatives.nl
Website: classroomcreatives.nl

If you are not satisfied with our response, you have the right to complain to the Dutch supervisory authority:

Autoriteit Persoonsgegevens
www.autoriteitpersoonsgegevens.nl

Privacy Policy

Table of contents