Review Firefly ("we," "our," or "us") is a marketing services company based in Ontario, Canada. We help home service businesses improve their online reputation through Google review generation and local search engine optimization (SEO) services. We serve clients in both Canada and the United States.
This Privacy Policy explains how we collect, use, disclose, and protect personal information in the course of providing our services, operating our website at reviewfirefly.com, and communicating with clients and prospects.
We are committed to complying with applicable privacy laws in both Canada and the United States, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's Anti-Spam Legislation (CASL), and applicable U.S. state privacy laws including the California Consumer Privacy Act (CCPA) where relevant.
2. Scope and Applicable Law
ReviewFirefly is incorporated and operated in Ontario, Canada. We provide services to businesses located in Canada and the United States. Depending on where you are located and where your customers reside, different privacy laws may apply to our handling of your personal information.
2.1 Canadian Clients and Users
For individuals and businesses located in Canada, our practices are governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation. Communications sent on behalf of Canadian clients are subject to Canada's Anti-Spam Legislation (CASL).
2.2 U.S. Clients and Users
For individuals and businesses located in the United States, we comply with applicable federal and state privacy laws. Residents of California have additional rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA), as described in Section 10 below. For U.S. clients, outbound communications sent on behalf of clients are subject to the federal CAN-SPAM Act and the Telephone Consumer Protection Act (TCPA) where applicable.
By engaging our services, U.S. clients acknowledge that ReviewFirefly is a Canadian company and that personal data may be processed and stored in Canada, which provides privacy protections comparable to U.S. standards.
3. Information We Collect
3.1 Information You Provide to Us
When you engage with ReviewFirefly, we may collect the following personal information:
Contact information: name, email address, phone number, and business address
Business information: company name, industry, website URL, and Google Business Profile details
Customer lists: names, email addresses, and phone numbers of your customers that you provide to us for the purpose of delivering our review generation services
Billing information: payment details processed securely through our payment processor
Communications: messages, emails, or other correspondence you send us
3.2 Information We Collect Automatically
When you visit our website, we may automatically collect:
Technical data: IP address, browser type, operating system, and device information
Usage data: pages visited, time spent on pages, referring URLs, and click behaviour
Cookies and similar tracking technologies (see Section 8 below)
3.3 Information from Third Parties
We may receive information about you from third-party platforms including Google Business Profile, GoHighLevel (our CRM and automation platform), and other marketing tools we use to deliver our services.
4. How We Use Your Information
We use the personal information we collect for the following purposes:
Delivering our review generation and reputation management services
Sending automated review request messages to your customers on your behalf, using contact information you have provided and authorized us to use
Managing your account and communicating with you about our services
Processing payments and maintaining billing records
Improving our website, services, and marketing efforts
Sending you updates, promotional content, or service-related communications (you may opt out at any time)
Complying with legal obligations and resolving disputes
We will not use your personal information or your customers' personal information for any purpose other than those described in this Privacy Policy or as otherwise authorized by you.
5. Customer Lists and Third-Party Personal Information
A core part of our service involves sending review requests to your existing customers on your behalf. When you provide us with a customer list containing personal information (names, email addresses, phone numbers), you represent and warrant that:
You have collected this information lawfully and in compliance with all applicable laws in your jurisdiction, including CASL (for Canadian contacts), CAN-SPAM and TCPA (for U.S. contacts), and any applicable state or provincial privacy laws
Your customers have a prior business relationship with you and can reasonably expect to receive communications from you or your authorized service providers
You have obtained any necessary consents required under applicable law for the sending of commercial electronic messages or SMS/text messages to the individuals on your list
You have the authority to share this information with us for the purposes described
We treat all customer data you provide as confidential. We will use it solely to send review request communications on your behalf and will not sell, rent, or share it with any third party except as necessary to operate our services or as required by law.
6. Disclosure of Personal Information
We do not sell your personal information. We do not sell the personal information of California residents within the meaning of the CCPA. We may share personal information only in the following circumstances:
Service providers: We share information with trusted third-party platforms and tools (such as GoHighLevel, Google, and email/SMS delivery services) strictly as needed to provide our services. These providers are contractually bound to handle data securely and only for the purposes we specify.
Legal requirements: We may disclose information if required by law, court order, or government authority in Canada or the United States, or to protect the rights, property, or safety of ReviewFirefly, our clients, or the public.
Business transfers: In the event of a merger, acquisition, or sale of our business, personal information may be transferred as part of that transaction, subject to equivalent privacy protections.
7. Data Retention
We retain personal information only as long as necessary for the purposes for which it was collected, or as required by law. Specifically:
Client account data is retained for the duration of our business relationship and up to seven (7) years afterward for tax and legal compliance purposes
Customer lists provided by clients are deleted or returned upon termination of the service agreement, unless retention is required by law
Website analytics data is retained in aggregated, anonymized form
8. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance your browsing experience, analyze site traffic, and support our marketing efforts. You may adjust your browser settings to refuse cookies; however, some features of our website may not function properly as a result.
We may use analytics tools such as Google Analytics. You can opt out of Google Analytics tracking at tools.google.com/dlpage/gaoptout.
9. Security
We take reasonable technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, or destruction. Our services are delivered through GoHighLevel, a platform that employs industry-standard security practices including data encryption in transit and at rest.
While we take privacy seriously, no method of transmission over the internet is completely secure. We cannot guarantee absolute security and encourage you to contact us immediately if you suspect any unauthorized use of your information.
10. Your Privacy Rights
10.1 Canadian Residents (PIPEDA)
Under PIPEDA and applicable Canadian law, you have the right to:
Access the personal information we hold about you
Request correction of inaccurate or incomplete information
Withdraw consent to our use of your personal information (subject to legal and contractual restrictions)
Request deletion of your personal information, where we are not legally required to retain it
File a complaint with the Office of the Privacy Commissioner of Canada (OPC) at priv.gc.ca
10.2 California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it
Right to Delete: You may request deletion of your personal information, subject to certain exceptions
Right to Correct: You may request correction of inaccurate personal information we hold about you
Right to Opt Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioural advertising
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights
To submit a California privacy request, contact us using the information in Section 12. We will respond within 45 days as required by law.
10.3 Other U.S. Residents
Residents of other U.S. states with applicable privacy laws (including Virginia, Colorado, Connecticut, and others) may have similar rights to access, correct, delete, or opt out of certain uses of their personal information. Please contact us to submit a request and we will respond in accordance with applicable law.
11. Anti-Spam and Commercial Message Compliance
11.1 Canadian Clients — CASL
ReviewFirefly operates in compliance with Canada's Anti-Spam Legislation (CASL). Review request messages sent on behalf of Canadian clients are sent to individuals with whom clients have an existing business relationship, which constitutes implied consent under CASL. All messages include clear identification of the sender and a mechanism to opt out of further communications.
11.2 U.S. Clients — CAN-SPAM and TCPA
For U.S. clients, email review requests sent on your behalf comply with the federal CAN-SPAM Act, including clear sender identification and an unsubscribe mechanism. Where SMS/text messages are used to send review requests, clients are responsible for ensuring that their customers have provided the prior express written consent required under the Telephone Consumer Protection Act (TCPA). By providing a customer list that includes mobile numbers for SMS outreach, you confirm that such consent has been obtained.
If you are a recipient of a review request message sent through our platform and wish to opt out, please use the unsubscribe or stop link included in the message, or contact the business that provided your information.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of your personal information, please contact us:
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. When we do, we will update the effective date at the top of this document. We encourage you to review this policy periodically. Continued use of our services after any changes constitutes your acceptance of the updated policy.
