← Back to Fivion

Privacy Policy

Last updated: May 21, 2025 · Effective immediately

1. Introduction & Scope

Fivion (“we,” “us,” or “our”) is committed to protecting the privacy of all individuals who interact with our platform. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information in connection with our services at www.fivion.space.

This Policy is designed to comply with all major global privacy frameworks, including:

  • Canada: Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s Anti-Spam Legislation (CASL)
  • United States: California Consumer Privacy Act (CCPA/CPRA), Telephone Consumer Protection Act (TCPA), CAN-SPAM Act
  • European Union / UK: General Data Protection Regulation (GDPR), UK GDPR, Privacy and Electronic Communications Regulations (PECR)
  • Australia: Privacy Act 1988, Australian Privacy Principles (APPs), Spam Act 2003
  • Japan: Act on the Protection of Personal Information (APPI)
  • South Korea: Personal Information Protection Act (PIPA)
  • Singapore: Personal Data Protection Act (PDPA)
  • Brazil: Lei Geral de Proteção de Dados (LGPD)

2. Information We Collect

2a. Information You Provide (Business Owners)

  • Name and email address (account registration)
  • Business name, address, and Google Business information
  • Third-party integration credentials (Square OAuth tokens — stored encrypted)
  • Payment information (processed by third-party providers; we do not store card details)

2b. Information About Your Customers

When you use Fivion to send review requests, we process the following on your behalf as a data processor:

  • Customer name
  • Customer phone number
  • Opt-out status (STOP replies)
  • SMS delivery records and timestamps

You, as the business owner, are the data controller for your customers’ information. You are responsible for ensuring you have the appropriate legal basis to share this information with us and to send SMS messages to your customers.

2c. Automatically Collected Information

  • IP address and approximate location
  • Browser type and device information
  • Pages visited and features used within the Service
  • Log data and error reports

3. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contract performance: To provide the Service you have signed up for
  • Legitimate interests: To improve our Service, prevent fraud, and ensure security
  • Legal obligation: To comply with applicable laws (e.g., retaining records for tax purposes)
  • Consent: Where required by law, we obtain explicit consent before processing (e.g., marketing communications to you)

For EU/UK users: If you wish to withdraw consent or object to processing based on legitimate interests, please contact us at privacy@fivion.space.

4. How We Use Your Information

  • To create and manage your account
  • To deliver the SMS review request service on your behalf
  • To process integrations with Square and other connected services
  • To redirect customers to your Google review page
  • To generate AI-assisted review response drafts
  • To detect and prevent fraud, abuse, or security incidents
  • To send you service-related communications (not marketing, unless consented)
  • To comply with legal obligations
  • To improve and develop the Service

We do not sell your personal information or your customers’ personal information to any third party. Ever.

5. Data Sharing & Third-Party Processors

We share data only with trusted service providers who process it strictly on our behalf:

Supabase (Database & Authentication)

Data stored in secure cloud infrastructure. GDPR-compliant. Privacy Policy

Twilio (SMS Delivery)

Customer phone numbers and message content transmitted for SMS delivery. GDPR-compliant, TCPA-compliant. Privacy Policy

Square (POS Integration)

OAuth-based access to customer transaction data with your authorization. Privacy Policy

Google (Review Links & Places API)

Business lookup and review link generation. Privacy Policy

OpenAI (AI Review Replies)

Review text processed to generate reply suggestions. We do not send customer personal information to OpenAI. Privacy Policy

Vercel (Hosting)

Web application hosting and deployment. GDPR-compliant. Privacy Policy

We may also disclose information: (a) to comply with legal obligations; (b) to protect the rights, property, or safety of Fivion, our users, or others; (c) in connection with a merger, acquisition, or sale of assets, with notice to affected users.

6. Data Retention

  • Account data is retained for the duration of your account plus 90 days after deletion request
  • Customer SMS records are retained for 2 years for compliance purposes
  • Opt-out (STOP) records are retained indefinitely to prevent future unwanted messages
  • Log data is retained for 90 days

You may request earlier deletion of your data subject to legal retention requirements.

7. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of the personal data we hold about you

Correction: Request correction of inaccurate or incomplete data

Deletion: Request deletion of your personal data (“right to be forgotten”)

Portability: Receive your data in a structured, machine-readable format

Objection: Object to processing based on legitimate interests

Restriction: Request restriction of processing in certain circumstances

Withdraw consent: Where processing is based on consent, withdraw it at any time

Non-discrimination: We will not discriminate against you for exercising your privacy rights (CCPA)

Opt-out of sale: We do not sell personal data. No opt-out needed.

To exercise any right, contact us at privacy@fivion.space. We will respond within 30 days (or as required by applicable law). We may need to verify your identity before processing your request.

EU/UK users: You have the right to lodge a complaint with your local supervisory authority.

Australian users: You may complain to the Office of the Australian Information Commissioner (OAIC).

Canadian users: You may contact the Office of the Privacy Commissioner of Canada (OPC).

8. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including Canada and the United States, where our service providers operate. These countries may have different data protection laws than your country.

For transfers from the EU/UK, we rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards as approved by relevant authorities. For transfers from Australia, we ensure our overseas recipients are bound by comparable privacy protections.

9. Security

We implement industry-standard technical and organizational security measures including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Access controls and authentication requirements
  • Regular security assessments
  • Minimization of data access to only what is necessary

No system is 100% secure. In the event of a data breach that creates a real risk of harm, we will notify affected users and relevant authorities as required by applicable law.

10. Children’s Privacy

Fivion is not directed to children under the age of 16 (or 13 in the United States). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such information, please contact us immediately at privacy@fivion.space and we will delete it promptly.

11. Cookies & Tracking

We use only essential cookies required for authentication and session management. We do not use third-party advertising cookies or cross-site tracking technologies. You may disable cookies in your browser settings, though this may affect Service functionality.

12. SMS Opt-Out for End Customers

If you are a customer of a business using Fivion and wish to stop receiving SMS messages, reply STOP to any message you receive. You will be immediately opted out and will not receive further messages from that business via Fivion. Reply HELP for support information. Message and data rates may apply.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date and, where required by law, by providing additional notice (such as by email or in-app notification). Your continued use of the Service after changes constitutes acceptance of the updated Policy.

14. Contact & Data Controller

Fivion
Privacy inquiries: privacy@fivion.space
Legal inquiries: legal@fivion.space
Website: www.fivion.space

We aim to respond to all privacy requests within 30 days.

Also see our Terms of Service