Privacy Policy

Effective 15 May 2026

This policy explains what information Testimo (“we”, “us”) collects, how we use it, and the choices you have. Two distinct groups of people read this:

• Customers — businesses that sign up at testimo.app to collect testimonials from their own clients.
• Respondents — the people who fill in a testimonial form for one of our customers.

The two groups have different relationships with us, and we treat their data differently below.

1. What we collect

From customers

• Account info: email address, password (hashed, handled by Supabase Auth), and optionally a Google account if you sign in via Google.
• Company info: company name, URL slug, brand colour, logo URL, contact email, owner phone (optional).
• Form configuration: the questions, copy, and settings you author for your testimonial forms.
• Google connection tokens (only if you choose to connect Google Sheets): a refresh token issued by Google, stored encrypted at rest, scoped to read and write the spreadsheets you specifically attach to a form by URL. We do not list, browse, or otherwise access your Drive — you tell us which sheet to use by pasting its URL.
• Operational logs: request logs, error reports, and audit entries for sensitive actions (e.g. connecting or disconnecting Google).

From respondents

• Form answers: whatever they type into a testimonial form, including (depending on the form) their name, email, phone number, and free-text responses.
• AI-drafted testimonial: a short summary of their answers generated by Google Gemini and shown back to them for editing before submission.
• Funnel telemetry: when they started, which question they last reached, and whether they submitted. Used by our customer to understand drop-off.

2. How we use it

• To provide the testimonial-collection service.
• To deliver transactional email (account verification, password reset, submission notifications, trial lifecycle reminders).
• To draft a testimonial summary using Google Gemini. Prompts and answers are sent to Gemini at request time and are not used by us for any other purpose.
• To sync submitted responses into the Google Sheet our customer has connected, if they have done so.
• To debug, monitor uptime, and protect the service from abuse.

We do not sell personal data, do not run third-party advertising or tracking pixels, and do not use customer or respondent data to train AI models.

3. Subprocessors

We rely on a small number of third parties to run the service. Each only sees the data it needs:

• Supabase (Postgres + Auth + Storage) — primary database and authentication. Hosted in Sydney, Australia.
• Vercel — application hosting and serverless execution.
• Brevo — transactional email delivery for the emails listed above.
• Google Sheets API — only when a customer chooses to connect Google to sync responses to a sheet they own.
• Google Gemini — generates the AI testimonial draft and prospect briefs at request time.

4. Use of Google user data

Testimo’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We use spreadsheets only to verify access to the specific spreadsheet you attach to a form (by URL you paste yourself) and to append submitted response rows to that one spreadsheet and tab. We do not list, browse, or modify any other spreadsheet, and we do not read Drive metadata.
• We do not request drive.readonly, drive.file, or any other Drive scopes — customers attach a sheet by pasting its URL, never by us browsing their Drive.
• We do not transfer Google user data to third parties for advertising or any unrelated purpose, and we do not allow humans to read it except where necessary to debug a specific customer-reported issue with that customer’s consent.

5. Your GDPR rights (and how to use them)

We treat the rights set out in the EU/UK General Data Protection Regulation as the baseline for every Testimo user, regardless of where you’re based. The two rights you’ll most often want are available as self-service buttons inside your workspace at Settings → Account → Your data:

• Article 20 — Right to data portability. Click Download my data and you’ll get a JSON file containing every record we hold against your tenant: account, services, forms, every question, every form response, and every referral. Machine-readable, no support ticket needed.
• Article 17 — Right to erasure. Click Delete my account, type DELETE to confirm, and we permanently wipe your workspace and every record attached to it. Your auth user is also deleted so the email is free to re-register cleanly.

The other GDPR rights (access, rectification, restriction, objection, and the right not to be subject to automated decision-making) can be exercised by emailing info@testimo.app with the subject GDPR request. We respond within 30 days as required by the regulation, and usually faster.

Respondents (people who fill in a Testimo customer’s form) can ask the customer directly to delete their submission. If the customer escalates to us or doesn’t respond, we can also delete the row server-side on the respondent’s written request.

6. Retention

Customer data is retained while the customer’s account is active. Deleted accounts (Article 17 above) are wiped immediately from the live database. Encrypted backups age out within 30 days.

7. Security

Data is encrypted in transit (HTTPS everywhere) and at rest where our subprocessors support it. Google refresh tokens are stored encrypted with AES-256-GCM using a key held only on the server and never exposed to clients. Database access is gated by row-level security so each customer can only read their own tenant’s rows.

8. International transfers

Our infrastructure is hosted in Australia (Supabase) and the United States (Vercel). By using Testimo you consent to your data being processed in those locations.

9. Children

Testimo is not intended for use by children under 16, and we do not knowingly collect data from them.

10. Changes to this policy

We’ll update the effective date at the top of this page and email customers of record before any change that materially reduces the protections described above.

11. Contact

Questions, deletion requests, or concerns: info@testimo.app.