Privacy Policy

Effective 29 April 2026

This policy explains what information Testimo (“we”, “us”) collects, how we use it, and the choices you have. Two distinct groups of people read this:

• Customers — businesses that sign up at testimo.app to collect testimonials from their own clients.
• Respondents — the people who fill in a testimonial form for one of our customers.

The two groups have different relationships with us, and we treat their data differently below.

1. What we collect

From customers

• Account info: email address, password (hashed, handled by Supabase Auth), and optionally a Google account if you sign in via Google.
• Company info: company name, URL slug, brand colour, logo URL, contact email, owner phone (optional).
• Form configuration: the questions, copy, and settings you author for your testimonial forms.
• Google connection tokens (only if you choose to connect Google Sheets): a refresh token issued by Google, stored encrypted at rest, scoped to read your Drive file list and read/write the spreadsheets you select. We do not read any other data from your Drive.
• Operational logs: request logs, error reports, and audit entries for sensitive actions (e.g. connecting or disconnecting Google).

From respondents

• Form answers: whatever they type into a testimonial form, including (depending on the form) their name, email, phone number, and free-text responses.
• AI-drafted testimonial: a short summary of their answers generated by Google Gemini and shown back to them for editing before submission.
• Funnel telemetry: when they started, which question they last reached, and whether they submitted. Used by our customer to understand drop-off.

2. How we use it

• To provide the testimonial-collection service.
• To deliver transactional email (account verification, password reset, submission notifications, trial lifecycle reminders).
• To draft a testimonial summary using Google Gemini. Prompts and answers are sent to Gemini at request time and are not used by us for any other purpose.
• To sync submitted responses into the Google Sheet our customer has connected, if they have done so.
• To debug, monitor uptime, and protect the service from abuse.

We do not sell personal data, do not run third-party advertising or tracking pixels, and do not use customer or respondent data to train AI models.

3. Subprocessors

We rely on a small number of third parties to run the service. Each only sees the data it needs:

• Supabase (Postgres + Auth + Storage) — primary database and authentication. Hosted in Sydney, Australia.
• Vercel — application hosting and serverless execution.
• Brevo — transactional email delivery for the emails listed above.
• Google APIs (Sheets, Drive read-only, Calendar) — only when a customer chooses to connect Google.
• Google Gemini — generates the AI testimonial draft and prospect briefs at request time.

4. Use of Google user data

Testimo’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use drive.readonly only to list the spreadsheets you have access to, so you can pick one to attach to a form.
• We use spreadsheets only to append submitted response rows to the spreadsheet and tab you selected.
• We use calendar.events only to read the platform owner’s free/busy and create a calendar event when a prospect books a meeting via the Testimo marketing form.
• We do not transfer Google user data to third parties for advertising or any unrelated purpose, and we do not allow humans to read it except where necessary to debug a specific customer-reported issue with that customer’s consent.

5. Retention & deletion

Customer data is retained while the customer’s account is active. On request we delete a customer’s account, all their forms, all responses to those forms, and the encrypted Google refresh token. Email info@testimo.app with the subject Deletion request and we’ll action within 14 days.

Respondents may request deletion of their submitted answers by emailing us — we will work with the relevant customer to remove the row from their database and from any synced Sheet.

6. Security

Data is encrypted in transit (HTTPS everywhere) and at rest where our subprocessors support it. Google refresh tokens are stored encrypted with AES-256-GCM using a key held only on the server and never exposed to clients. Database access is gated by row-level security so each customer can only read their own tenant’s rows.

7. International transfers

Our infrastructure is hosted in Australia (Supabase) and the United States (Vercel). By using Testimo you consent to your data being processed in those locations.

8. Children

Testimo is not intended for use by children under 16, and we do not knowingly collect data from them.

9. Changes to this policy

We’ll update the effective date at the top of this page and email customers of record before any change that materially reduces the protections described above.

10. Contact

Questions, deletion requests, or concerns: info@testimo.app.