Starmaxxer
Sign inStart free

Privacy Policy

Effective May 4, 2026

This Privacy Policy describes how Starmaxxer ("Starmaxxer," "we," "us," or "our") collects, uses, and shares information when you use our website at starmaxxer.com and our service (collectively, the "Service"). By using the Service, you agree to the practices described in this Policy.

1. Information we collect

1.1 Information you give us

  • Account information. When you sign in with Google, we receive your name, email address, profile picture, and Google account ID.
  • Business information. Your business name, voice preferences, and any settings you configure.
  • Billing information. When you subscribe, our payment processor (LemonSqueezy) collects your payment details. We never see or store your full card number; we receive only a subscription record (plan, status, period).

1.2 Google Business Profile data

With your explicit permission (granted via Google's consent screen), Starmaxxer accesses the following data from your Google Business Profile through the Google Business Profile APIs under the scope https://www.googleapis.com/auth/business.manage:

  • Account and location metadata (business name, address, place ID)
  • Reviews left on your business listing, including reviewer display name, star rating, review text, and timestamps
  • Replies you have already posted to your reviews
  • Questions and answers on your listing (if enabled)
  • Posts and media metadata (if enabled)

What we do not access: we do not read your inbox, we do not access other Google services (Drive, Calendar, Gmail), we do not modify your business profile fields (name, hours, address), and we never act outside the limited scope you granted.

1.3 Usage data

  • Standard server logs (IP address, user agent, timestamps) for security and debugging
  • Session cookies set by NextAuth to keep you logged in

2. How we use information

We use the information we collect to:

  • Provide and operate the Service
  • Generate AI-powered draft replies to your reviews using Anthropic Claude (see Section 4)
  • Post replies that you have explicitly approved back to your Google Business Profile
  • Process subscription payments
  • Send you transactional email (welcome message, daily digests of unanswered reviews, trial-ending warnings, billing notices)
  • Detect and prevent abuse, fraud, and security incidents
  • Comply with legal obligations

3. Compliance with Google API Services User Data Policy

Starmaxxer's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide or improve user-facing features of Starmaxxer that are prominent in our user interface
  • We do not transfer Google user data to third parties except as necessary to provide the Service (see Section 5), to comply with applicable law, or as part of a merger, acquisition, or asset sale
  • We do not use Google user data for serving ads, including retargeting, personalized, or interest-based advertising
  • We do not allow humans to read Google user data unless we have obtained your affirmative consent for specific data, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or our use is limited to internal operations and the data has been aggregated and de-identified

4. AI processing

To generate suggested response drafts, Starmaxxer sends review text, your business name, and your previously approved replies to Anthropic (the maker of Claude). Anthropic processes this content to produce a draft and does not retain it for model training when accessed via their API. We never share your full account information, billing data, or contact details with Anthropic — only the content needed to draft a single reply.

You retain full control: a draft is never posted to Google until you click "Post." You can edit, skip, or delete any draft.

5. Sharing and subprocessors

We share your information only with the following service providers (subprocessors), each contractually bound to handle data securely:

  • Vercel — application hosting (USA)
  • Crunchy Data (Crunchy Bridge) — managed Postgres database (USA)
  • Anthropic — AI text generation, for draft production only (USA)
  • Google — authentication and Business Profile API (USA)
  • LemonSqueezy — payment processing and billing (USA)
  • Resend — transactional email delivery (USA)

We do not sell, rent, or share your information with advertisers, data brokers, or marketing networks.

6. Data retention and deletion

We retain your information for as long as your account is active, or as needed to provide the Service. You can delete your account and all associated data at any time by emailing privacy@starmaxxer.com. On deletion, we remove your account, your business records, your stored review data, your Google access tokens, and your subscription records within 30 days, except for limited records we are legally required to keep (such as billing history for tax purposes).

You can also disconnect your Google Business Profile at any time from Settings, which immediately revokes our access tokens and stops all syncing.

7. Security

We use industry-standard security measures including TLS encryption in transit, encrypted database storage at rest, scoped API access tokens, and role-based access controls. No system is perfectly secure; if we ever discover a breach affecting your data, we will notify you promptly as required by applicable law.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the information we hold about you
  • Correct inaccurate information
  • Delete your information
  • Export your information in a machine-readable format
  • Withdraw consent for processing
  • Lodge a complaint with a data protection authority

To exercise any of these rights, email privacy@starmaxxer.com. We respond within 30 days.

9. California residents

Under the California Consumer Privacy Act (CCPA), California residents have the right to know what personal information we collect, request deletion, and opt out of the "sale" of personal information. Starmaxxer does not sell personal information.

10. Cookies

We use a single first-party session cookie set by NextAuth to keep you logged in. We do not use third-party tracking cookies, ad cookies, or analytics that profile you across sites.

11. Children's privacy

Starmaxxer is not intended for users under 18. We do not knowingly collect information from children. If you believe a child has used our Service, contact us and we will delete the data.

12. International data transfers

Starmaxxer is operated from the United States. By using the Service, you consent to your information being processed in the United States, which may have different data protection laws than your country.

13. Changes to this policy

We may update this Privacy Policy from time to time. The "Effective" date at the top reflects the latest revision. For material changes, we will notify you by email before the changes take effect.

14. Contact us

Questions about this policy? Email privacy@starmaxxer.com.