1. Google API Services — Limited Use Disclosure
GMB AI Review Manager's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
This plugin uses the following Google APIs:
- Google OAuth 2.0 — to authenticate the business owner's Google account
- Google Business Profile API — to read business locations and customer reviews
- Google Business Profile Reviews API — to post replies to customer reviews on behalf of the authenticated user
Access tokens and refresh tokens obtained from Google are stored encrypted in your WordPress database and are only used to make API calls on your explicit request.
2. Data We Collect
When you connect your Google account to this plugin, we collect and store the following data only on your own WordPress server:
| Data Type | Source | Purpose | Storage Location |
|---|---|---|---|
| Google OAuth Access Token | Google OAuth 2.0 | Make authenticated API calls to Google Business Profile | Your WordPress database (wp_options) |
| Google OAuth Refresh Token | Google OAuth 2.0 | Renew access tokens automatically without re-authentication | Your WordPress database (wp_options) |
| Token Expiry Time | Google OAuth 2.0 | Determine when to refresh the access token | Your WordPress database (wp_options) |
| Google Account Name | Business Profile API | Identify which Google account to fetch locations from | Your WordPress database (wp_options) |
| Business Location ID | Business Profile API | Fetch reviews for the selected business location | Your WordPress database (wp_options) |
| Customer Reviews (read-only) | Business Profile API | Display reviews in the WordPress dashboard for management | Not stored — fetched live on request |
We do not collect your name, email address, personal profile information, or any data beyond what is listed above.
3. How We Use Your Data
Data collected through Google APIs is used solely for the following purposes within this plugin:
- Authenticating your Google account to access your Google Business Profile
- Fetching the list of business accounts and locations associated with your Google account
- Displaying customer reviews from your selected business location in your WordPress admin dashboard
- Posting reply text (written or AI-generated by you) to customer reviews through the Google Business Profile Reviews API
- Automatically refreshing expired access tokens to maintain a working connection
We do not: sell your data, share it with third parties, use it for advertising, transfer it outside your WordPress server, or use it for any purpose beyond the direct functionality described above.
4. AI Reply Generation (Google Gemini)
This plugin includes an optional feature to generate AI-suggested reply text using the Google Gemini API.
What is sent to Gemini
When you click "Generate AI Reply" on a review, only the text content of the customer review is sent to the Gemini API. No personal identifiers, tokens, location data, or account information is included in the request.
What is not stored
AI-generated replies are returned in real time and displayed in your dashboard. They are not stored on your server or logged by this plugin unless you explicitly choose to post them as a reply.
Gemini API data handling
Your use of the Gemini API is governed by Google's Generative AI Terms of Service. The Gemini API key used is the developer's key embedded in the plugin — individual users do not need their own Gemini key.
5. Data Storage & Security
All data collected by this plugin is stored exclusively in your own WordPress database. No data is transmitted to or stored on any external server operated by the plugin developer.
- OAuth tokens are stored in the
wp_optionstable of your WordPress database - Access to this data is restricted to authenticated WordPress administrators
- The plugin uses WordPress nonces and capability checks (
manage_options) to protect all admin endpoints - You can disconnect your Google account at any time, which deletes all stored tokens from your database
The security of your WordPress database is the responsibility of your hosting provider and site administrator. We strongly recommend using SSL/HTTPS on your WordPress site.
6. Google OAuth Scopes Requested
This plugin requests the following OAuth scopes when you connect your Google account:
| Scope | Why It Is Needed |
|---|---|
https://www.googleapis.com/auth/business.manage |
Required to read business accounts, locations, customer reviews, and post replies via the Google Business Profile API |
No other Google scopes are requested. The plugin will only access data within the permissions you explicitly grant during the OAuth flow.
7. Data Sharing & Third Parties
We do not sell, rent, or share your Google API data with any third party. The only external service your data is sent to is Google itself (to fulfill API requests you initiate), and optionally Google Gemini (for AI reply generation, containing only review text).
No analytics, tracking scripts, or data brokers have access to any information collected by this plugin.
8. Your Rights & Data Deletion
You have full control over your data:
- Disconnect Google Account: Click "Disconnect Google Account" in the plugin settings. This immediately deletes all stored OAuth tokens and account data from your WordPress database.
- Revoke Access via Google: You can revoke this plugin's access to your Google account at any time by visiting Google Account Permissions and removing "GMB AI Review Manager".
- Uninstall Plugin: Uninstalling the plugin from WordPress removes all plugin-related data from your database.
9. Data Retention
OAuth tokens and settings are retained in your WordPress database for as long as you keep the plugin active and connected. They are automatically deleted when you:
- Click "Disconnect Google Account" in the plugin settings
- Uninstall the plugin
- Manually delete the plugin data from the database
10. Children's Privacy
This plugin is intended for use by business owners and WordPress site administrators. It is not directed at children under the age of 13. We do not knowingly collect data from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in the plugin's functionality or legal requirements. When we do, we will update the "Last Updated" date at the top of this page and release a new plugin version. We encourage you to review this policy periodically.
12. Contact
If you have questions about this Privacy Policy or how your data is handled, please contact:
- Developer: Rajesh Jatav
- GitHub: github.com/rajeshjatav1/gmb_reviews_manager_site