Who We Are
TradePros AI LLC ("TradePros AI," "we," "us," or "our") is a software company registered in the State of Arizona. We operate the TradePros AI platform at tradeprosai.com — an AI-powered Google review management service for small businesses.
This Privacy Policy applies to all users of the TradePros AI platform, including the website at tradeprosai.com and all related services, features, and applications.
Data controller: TradePros AI LLC is the controller of your personal data. Questions about this policy can be sent to privacy@tradeprosai.com.
TradePros AI LLC is an Arizona company. We're responsible for your data. This policy covers everything you do on tradeprosai.com.
What Data We Collect
We collect only what is necessary to provide the service. Here is a complete breakdown:
Account data (you provide this)
| Data | Why we collect it | Required? |
|---|---|---|
| Email address | Account login, email notifications, billing receipts | Yes |
| Full name | Personalize your dashboard and email briefings | Optional |
| Business name | Personalize review responses and review request emails | Optional |
| Business address | Required by CAN-SPAM Act for outbound customer emails | Required if sending review requests |
| Industry / response tone preferences | Customize AI response style to match your business | Optional |
| Google review link | Included in review request emails sent to your customers | Required for campaigns |
Usage data (automatically collected)
| Data | Why we collect it |
|---|---|
| Log data (IP address, browser type, pages visited, timestamps) | Security monitoring, debugging, fraud prevention |
| Session tokens | Keeping you logged in securely |
| Feature usage patterns | Understanding which features are most useful to improve the product |
Review data (from Google, via your OAuth authorization)
| Data | Why we collect it |
|---|---|
| Review text, rating, reviewer name, review date | Display in your dashboard, generate AI response drafts |
| AI-generated draft responses | Pre-fill your response draft in the app |
| Response status (replied / not replied) | Track which reviews you've responded to |
Campaign data
| Data | Why we collect it |
|---|---|
| Customer names and email addresses you provide | Send review request emails on your behalf |
| Send history (who was sent a request, when) | Enforce 30-day cooldown per customer, provide history view |
| Unsubscribe records | Honor unsubscribe requests (CAN-SPAM compliance) |
Billing data (handled by Stripe)
We use Stripe for payment processing. We do not store credit card numbers, bank account details, or full payment information on our servers. Stripe stores and processes all payment data. We retain only your Stripe customer ID and subscription status. See Stripe's Privacy Policy for details on how they handle payment data.
We collect your name, email, and business info to run the app. We pull your Google reviews (with your permission) to show them in the dashboard and generate reply drafts. If you send review requests to customers, we store those customer emails only to track sends and honor unsubscribes. Your credit card is Stripe's — we never see it.
Google Account Access
TradePros AI connects to your Google account via OAuth 2.0 — an industry-standard authorization protocol. This means you approve our access through Google's own authorization screen, and we never see your Google password.
What we request access to
| Google Permission | Scope | What we access | What we never access |
|---|---|---|---|
| Google Business Profile | business.manage |
Reviews on your Business Profile — reviewer name, star rating, review text, date. Owner responses you approve and post via TradePros AI. | Business Profile settings, photos, posts, messaging, payment info, or other businesses you do not own |
| Google Calendar | calendar.readonly |
Upcoming calendar events — title, time, and date only — used to generate your daily AI briefing so you can see what's on your schedule. Read-only access; we never create, modify, or delete events. | Event descriptions, attendee lists, private notes, video call links, or any past events beyond what's needed for the current briefing |
| Basic profile | userinfo.email, userinfo.profile |
Your email address and display name, used to set up your account and personalize notifications | Contacts, photos, Drive files, Gmail, or any other Google service not listed here |
Google API Services User Data Policy compliance: TradePros AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google data only to provide and improve the features described above. We do not use Google data for serving advertisements or for any purpose unrelated to the service you requested.
Minimal scope principle
We request only the permissions we actually need. We will never ask for broader Google access than what is listed above. If a future feature requires additional permissions, we will ask for your explicit authorization at that time and explain exactly why it is needed.
Token storage
Your Google OAuth tokens (access token and refresh token) are encrypted using AES-256-CBC encryption before being stored in our database. The encryption keys are stored separately from the tokens. This means that even if our database were compromised, your tokens would not be readable without the encryption key.
Revoking access
You can disconnect your Google account at any time from Settings → Google Connection. When you disconnect:
- Your OAuth tokens are immediately deleted from our systems
- We can no longer sync new reviews or post responses on your behalf
- Existing reviews already synced remain in your account (you can delete them by deleting your account)
- You can also revoke access directly from your Google Account permissions page
Google API Services User Data Policy: TradePros AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
We connect to Google only to read your reviews and post your responses. We use the minimum permissions possible. Your Google login tokens are encrypted before storage. Disconnect anytime from Settings — it takes effect immediately.
How We Use Your Data
We use your data only for the following purposes:
- Providing the service: Syncing your Google reviews, displaying them in your dashboard, tracking response status
- AI response drafts: Generating suggested responses to reviews based on the review content and your style preferences
- Review request campaigns: Sending review request emails to customers you specify, with your business name and review link
- Daily briefings: Generating and emailing your personalized morning briefings
- Alerts and notifications: Emailing you when new reviews come in, especially low-star reviews that need attention
- Weekly reports: Emailing your weekly review performance summary
- Account management: Managing your subscription, processing payments via Stripe, sending receipts
- Service improvement: Aggregate, anonymized usage patterns to understand which features are useful (never individual user data)
- Security and fraud prevention: Log analysis to detect and prevent unauthorized access
- Legal compliance: Retaining records required by law
We never use your data to: Train AI models · Serve advertisements · Build profiles for sale to third parties · Analyze your business competitively · Any purpose not listed above.
We use your data to run the app you signed up for — nothing more. Your reviews power your dashboard. Your preferences shape your AI drafts. Your email gets notifications. That's it. We're not building an ad profile on you.
AI Processing
TradePros AI uses Anthropic's Claude AI to generate review response drafts and daily briefings. Here is exactly how that works:
What data is sent to the AI
- The text of the review being responded to (reviewer name, rating, review text)
- Your response style preferences (tone, industry, any custom instructions you've set)
- Your business name, for personalizing the response
- For briefings: your review statistics (counts, ratings, response rate) — never full review text
What is NOT sent to the AI
- Your email address or personal contact information
- Your Google OAuth tokens or credentials
- Payment information
- Customer email addresses from your campaigns
How Anthropic handles data
Data sent to Anthropic's Claude API is processed ephemerally — Anthropic does not retain prompts or outputs beyond the immediate API call window (subject to their Privacy Policy and API terms). We have chosen Anthropic specifically because their API terms do not use customer data for training without explicit consent.
AI content is not stored permanently
AI-generated draft responses are stored temporarily in your account so you can review and edit them. They are deleted when you delete your account. Briefing summaries are stored so you can view briefing history, and are deleted with your account.
When the AI writes a response draft, it sees the review text and your style settings — nothing more. Anthropic doesn't keep your data after the call. We don't train AI on your content. The draft is saved in your account until you delete it or close your account.
Who We Share Data With
We do not sell your data. We share data only with the following service providers who help us run the platform, and only to the extent necessary for those services:
| Service Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, and data storage | All user account and review data (stored encrypted at rest) |
| Stripe | Payment processing and subscription management | Email address, payment details (Stripe processes directly — we never see card numbers) |
| Anthropic (Claude API) | AI response generation | Review text, business name, response style preferences — processed ephemerally |
| Resend | Transactional email delivery | Your email address and email content (briefings, alerts, receipts) |
| Google (OAuth) | Business Profile access | OAuth authorization tokens (we initiate requests; Google processes the data) |
| Railway / Vercel | Backend and frontend hosting infrastructure | Application data in transit (encrypted via TLS 1.3) |
All service providers are contractually required to use data only for the purpose we've engaged them for and to maintain appropriate security measures.
Legal disclosures
We may disclose your data if required to do so by law, court order, or government authority, or if we have a good-faith belief that disclosure is necessary to protect our legal rights, prevent fraud, or protect the safety of users or the public.
Business transfers
If TradePros AI LLC is acquired, merged, or its assets are transferred, user data may be transferred as part of that transaction. We will notify affected users by email at least 30 days before any such transfer and give them the option to delete their account before the transfer occurs.
Your data goes to our hosting providers (Supabase, Railway, Vercel), our email provider (Resend), Stripe for payments, and Anthropic to generate AI drafts. No one else. We never sell data. If a court orders us to share something, we'll tell you unless we're legally prohibited.
How Long We Keep Your Data
While your account is active
We retain all account data, review data, and usage data for as long as your account is active. This is necessary to provide the service — your review history and response tracking is part of what makes the app useful.
When you delete your account
When you delete your account through Settings → Danger Zone → Delete Account:
- Your account and all associated data is permanently deleted within 48 hours
- Your Google OAuth tokens are revoked and deleted immediately
- Your review data, response history, briefings, templates, and campaign history are all deleted
- Your data is removed from all backups within 30 days
- Stripe handles deletion of payment records per their data retention policy
Exceptions — data we may retain after deletion
- Basic transaction records (subscription dates, payment amounts) — retained for 7 years as required by US tax law
- Audit logs of significant security events — retained for 1 year for fraud prevention
- Unsubscribe records — retained indefinitely to ensure we don't re-contact people who have opted out
Delete your account and your data is gone within 48 hours — not "30 days" or "up to 90 days." We keep basic billing records because the IRS requires it. That's it. Unsubscribes are kept forever so we never accidentally re-contact someone who said no.
How We Protect Your Data
Security is built into every layer of the platform:
- Encryption at rest: All data stored in Supabase (PostgreSQL) is encrypted at rest using AES-256
- Encryption in transit: All data transmitted between your browser, our servers, and third-party services uses TLS 1.3
- OAuth token encryption: Google OAuth tokens are additionally encrypted with AES-256-CBC before database storage, with keys stored separately
- Authentication: Passwords are hashed using bcrypt with 12 rounds. We use Supabase's PKCE auth flow. Sessions use httpOnly, Secure, SameSite=Strict cookies
- Access control: Row-Level Security (RLS) is enforced at the database level — users can only access their own data, even if the API layer were compromised
- Rate limiting: All API endpoints are rate-limited to prevent brute force and denial-of-service attacks
- Input validation: All user inputs are validated and sanitized server-side before processing
- Security headers: HTTPS enforced, strict Content Security Policy, XSS protection headers via Helmet.js
- Audit logging: Significant account events (creation, deletion, OAuth changes) are logged for security review
No system is perfectly secure. Despite these measures, no transmission over the internet or electronic storage is 100% secure. If you believe your account has been compromised, contact security@tradeprosai.com immediately.
Incident response
In the event of a security incident that affects your data, we will notify affected users by email within 24 hours of discovering and confirming the breach. We will describe what happened, what data was affected, what we have done to contain it, and what steps you should take.
We take security seriously — encryption at rest, TLS in transit, bcrypt passwords, row-level access control, rate limiting, security headers. If there's a breach, we'll email you within 24 hours with full details — not a vague non-apology a week later.
Your Rights and Choices
You have the following rights over your data at all times:
Access your data
You can view all your stored data directly in the app. To request a complete export of all data we hold about you (in JSON or CSV format), email privacy@tradeprosai.com with subject "Data Export Request." We will fulfill requests within 14 days.
Correct your data
You can update your name, business name, address, and preferences directly in Settings at any time without contacting us.
Delete your data
You can permanently delete your account and all associated data in Settings → Danger Zone → Delete Account. This is immediate and cannot be undone. Your data will be fully purged within 48 hours.
Disconnect Google
You can disconnect your Google Business Profile at any time in Settings → Google Connection. This immediately revokes our access and deletes your OAuth tokens.
Unsubscribe from emails
Each type of email has its own control:
- Notification emails (briefings, alerts, weekly reports): Toggle on/off in Settings → Notifications
- Review request emails you've sent to customers: Every email includes a one-click unsubscribe link. Customer unsubscribes are honored permanently
- Account and billing emails: These are required for service operation and cannot be disabled while your account is active
Object to processing
If you believe we are processing your data in a way that is not described in this policy or that you did not consent to, contact privacy@tradeprosai.com. We will respond within 7 business days.
You control your data. Edit it yourself in Settings. Export it by emailing us. Delete everything permanently in one click. Disconnect Google instantly. Turn off any notification email in Settings. We make it easy to leave — because we want you to stay by choice, not because leaving is hard.
Emails We Send You
We send the following types of emails. Here is exactly what each one is and how to control it:
| Email type | When sent | Can you turn it off? |
|---|---|---|
| Morning briefing | Daily at your configured time (default 7 AM) | Yes — Settings → Notifications |
| New review alert | When new Google reviews come in | Yes — Settings → Notifications |
| Bad review alert | When a 1 or 2-star review is detected | Yes — Settings → Notifications |
| Weekly report | Every Monday morning | Yes — Settings → Notifications |
| Auto-respond summary | When auto-respond posts replies on your behalf | No — this is a required safety notification for auto-posted content |
| Welcome email | Once, when you sign up | N/A (one-time) |
| Billing receipts and subscription notices | On payment, subscription changes, or upcoming charges | No — required for billing |
| Review request emails (to your customers) | Only when you manually send a campaign | Every email includes an unsubscribe link for customers |
We do not send promotional newsletters, third-party offers, or marketing emails unrelated to the service you signed up for.
Every notification email can be turned off in Settings except billing receipts (required) and auto-respond summaries (safety). We don't send promotional spam. The emails we send are the service — briefings, alerts, and reports you asked for.
Cookies and Tracking
Cookies we use
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| Auth session cookie | Keeps you logged in to your account | Session / configurable | Strictly necessary |
| CSRF protection token | Prevents cross-site request forgery attacks | Session | Strictly necessary |
What we don't use
- We do not use advertising cookies or tracking pixels
- We do not use Google Analytics, Meta Pixel, or similar third-party analytics services
- We do not track your behavior across other websites
- We do not build behavioral profiles for marketing purposes
The only cookies we set are the ones strictly necessary to keep you logged in and protect your account. You cannot opt out of these without logging out of the service entirely.
We use one cookie: your login session. No tracking pixels, no ad cookies, no analytics scripts following you around the web. If you're logged in, your session cookie exists. If you're not, it doesn't.
Contact Us
For any privacy-related questions, data requests, or concerns — contact us. We respond to every message.
Mailing address:
TradePros AI LLC
Registered in Arizona, United States
We aim to respond to all privacy-related requests within 7 business days. For data deletion and export requests, we will fulfill within 14 business days.
Email us for anything — data export, deletion requests, questions about what we hold on you, or concerns about how we handle data. Real people read these and respond.