Last updated: 3rd February 2026

Medareview Pty Ltd (“Medareview”, “we”, “us”, “our”) is an Australian business based in Queensland. We provide review response and reputation support services to businesses across Australia.

This Privacy Policy explains how we collect, use, store and disclose personal information, including information accessed via Google Business Profile where you authorise us to connect to your Google account. We comply with the Privacy Act 1988 (Cth) and the Australian

Privacy Principles (APPs)

1) What information we collect
We may collect the following types of information:
A. Information you provide

• Name, email address, phone number

• Business name, trading details, and account preferences

• Billing and subscription details (processed via our payment providers)

• Enquiry content and communications with us

B. Website and technical data

• Device and browser information, IP address, and usage data (via cookies/analytics)

C. Google Business Profile data (only if you authorise access)
If you connect your Google Business Profile, we may access data necessary to provide our services, such as:

• Business Profile account and location identifiers

• Reviews and ratings for your locations

• Review reply content and reply status (e.g., whether a reply has been posted)
  
  This helps us list and respond to reviews on your behalf.
   

2) How we collect information
We collect information when you:

• Submit forms on our website (enquiries, sign-ups)

• Communicate with us by email/phone

• Use our services

• Connect your Google account via OAuth (see section 6)
   

3) How we use your information
We use information to:

• Provide and administer our services (including responding to reviews)

• Manage memberships, billing, and support requests

• Improve our website and service quality

• Send service-related messages (account notices, changes, security)

• Send marketing messages where permitted (you can opt out)
   

4) Disclosure of personal information
We may disclose information to:

• Service providers who help us operate (hosting, analytics, customer support tools, payment processors)

• Professional advisers (legal/accounting) where necessary

• Regulators or law enforcement where required by law

We do not disclose your information for unrelated purposes.

5) No selling of data
We do not sell personal information or Google Business Profile data.
We do not rent, trade, or broker your data to third parties for their own marketing or advertising purposes. (See also section 7 on Google data limitations.)

6) Google Business Profile data access (customer-authorised only)
If you choose to connect Google Business Profile, access occurs only with your authorisation.

• You will be shown a Google consent screen describing the permissions (scopes) being requested.

• We access only the minimum data required to deliver the features you enable (e.g., viewing reviews and posting replies).

• You can revoke access at any time in your Google Account settings, and we will stop accessing Google Business Profile data once access is revoked.
   

7) OAuth permissions and tokens
When you connect your Google account, we use OAuth 2.0 to obtain an access token from Google.

• Tokens are used to make authorised requests to Google Business Profile APIs on your behalf.

• We store tokens securely and restrict access to authorised personnel/systems only.

• If you disconnect/revoke permissions, tokens are invalidated and we cease Google API access.
   

8) Google API data use: limited to providing the service
Information received from Google APIs (including Google Business Profile) is used only to provide, maintain, and improve the Medareview features you request—such as:

• listing reviews and account locations (where applicable)

• drafting and posting review replies as instructed/approved

• troubleshooting and support relating to the integration

We do not use Google data for:

• advertising profiling

• selling or sharing with data brokers

• unrelated analytics beyond operating and improving the service you requested
   

We follow the Google API Services User Data Policy, including transparency and limited-use expectations.

9) Storage, security, and retention
We take reasonable steps to protect information from misuse, interference, loss, unauthorised access, modification, or disclosure (e.g., access controls, secure storage, supplier due diligence).

We retain information only as long as needed to:

• provide the service and meet operational needs

• comply with legal, accounting, and dispute-resolution obligations
   

10) Overseas disclosure
Some service providers (e.g., hosting/analytics/support tools) may store or process data outside Australia. Where this involves disclosure overseas, we take reasonable steps to ensure overseas recipients handle personal information consistently with the APPs, and we remain accountable where required.

11) Access and correction
You can request access to the personal information we hold about you and request corrections if it is inaccurate, out of date, incomplete, irrelevant, or misleading.

12) Complaints
If you have a privacy complaint, contact us using the details below. We will respond within a reasonable timeframe. If you are not satisfied, you may contact the Office of the Australian Information Commissioner (OAIC).

13) Contact us
Medareview Pty Ltd
Queensland, Australia
Email: info@medareview.com
Website: www.medareview.com