Privacy Policy | Try Review Bloom

01

Who We Are

Try Review Bloom ("we", "us", "our") is a UK-based review automation service operating at tryreviewbloom.com. We help local service businesses collect more Google reviews through automated SMS and email requests.

Try Review Bloom is a review automation service operated by Patient Acquisition Hub Ltd, a company registered in England and Wales (Company No. 15431935). Try Review Bloom operates exclusively at tryreviewbloom.com as a standalone review automation product.

We act as a data controller in respect of data collected directly from our business clients (the people who sign up to use our platform). We act as a data processor on behalf of our clients in respect of their customers' data (end consumers who receive review request messages).

🛡️

Try Review Bloom is registered with the Information Commissioner's Office (ICO) as required under UK GDPR. You can verify our registration on the ICO register.

02

What Data We Collect

A. Data from business clients (platform users)

When you sign up to Try Review Bloom, we collect:

Identity data: name, business name, job title
Contact data: email address, phone number
Account data: login credentials, subscription plan, billing information
Configuration data: Google Business Profile link, CRM integration settings, message templates
Usage data: dashboard activity, campaigns sent, review counts

B. Data about your customers (end consumers)

When you connect your CRM or upload a contact list, we process your customers' data on your behalf:

Name — used to personalise review request messages
Mobile phone number — for SMS review requests
Email address — for email review requests
Service date or job reference — to time requests correctly

⚠️

As a data processor for your customers' data, you (our client) remain the data controller. You are responsible for ensuring you have a lawful basis to share that data with us and to send marketing/review communications to your customers.

C. Website visitor data

IP address and browser information (via server logs)
Pages visited, time on site (via cookies — see Section 9)
Form submissions (contact or demo request forms)

03

How We Use Your Data

Purpose	Data Used	Lawful Basis
Providing the review automation platform	Account data, CRM contact data	Contract
Sending SMS & email review requests to your customers	Customer name, phone, email	Contract (processor); Legitimate interest / consent (controller)
Processing subscription payments	Billing data	Contract
Sending service communications (account updates, receipts)	Email address	Contract
Sending tips and best practice emails (opt-in list)	Email address	Consent
Improving the platform and fixing bugs	Usage data	Legitimate interest
Complying with legal obligations	As required	Legal obligation

We do not sell your data or your customers' data to any third party. We do not use personal data for automated profiling that produces legal or significant effects.

04

Legal Basis for Processing

We rely on the following lawful bases under UK GDPR Article 6:

📄

Contract (Art. 6(1)(b))

Processing necessary to deliver the service you signed up for.

⚖️

Legitimate Interests (Art. 6(1)(f))

Platform improvement, fraud prevention, and service security. A Legitimate Interests Assessment (LIA) confirms these do not override your rights.

✅

Consent (Art. 6(1)(a))

Optional marketing emails to subscribers. You may withdraw consent at any time by unsubscribing.

🏛️

Legal Obligation (Art. 6(1)(c))

Where we must process data to comply with UK law.

05

SMS & Email Review Requests

Our core service involves sending SMS messages and emails to your customers on your behalf requesting Google reviews. The following applies:

Your responsibilities as our client

You must have a lawful basis to contact your customers (typically a legitimate interest in requesting feedback, or prior consent collected during service).
You must not upload contacts who have previously opted out of marketing communications from your business.
You must ensure your customers are aware they may receive review requests from you following a service.

Our safeguards

All messages include an opt-out mechanism (reply STOP for SMS).
We enforce a 30-day cooldown — contacts who have been through a sequence will not receive further requests for 30 days.
Contacts who have already left a review are automatically suppressed.
We cap outreach volume and drip requests gradually to maintain authenticity.

✅

SMS messaging complies with the Privacy and Electronic Communications Regulations (PECR) and ICO guidance on direct marketing. We only operate within the United Kingdom at this time.

06

Third-Party Processors

We use the following third-party processors who may handle personal data on our behalf. All are subject to Data Processing Agreements (DPAs):

Processor	Purpose	Location
GoHighLevel (GHL)	CRM platform powering review request automations, contact storage, and campaign delivery	USA (SCCs in place)
Twilio / GHL SMS	SMS message delivery	USA (SCCs in place)
Mailgun / GHL Email	Email delivery	USA (SCCs in place)
Zapier	CRM integrations (data sync from client software)	USA (SCCs in place)
Stripe	Payment processing	USA / EU (SCCs in place)
Google Analytics	Website analytics (anonymised)	USA (SCCs in place)

Where data is transferred outside the UK, we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) approved under UK GDPR.

07

Data Retention

Data Type	Retention Period
Client account data	Duration of subscription + 2 years after cancellation
Customer contact data (your customers)	Duration of your subscription, then deleted within 30 days of account closure
Billing records	7 years (HMRC legal requirement)
Email marketing list	Until you unsubscribe or we cease activity
Website analytics	26 months (Google Analytics default)
Support communications	3 years

You may request deletion of your data at any time (see Your Rights below). We will comply within 30 days except where retention is required by law.

08

Your Rights Under UK GDPR

You have the following rights regarding your personal data. To exercise any right, contact us at [email protected]. We will respond within one calendar month.

👁️

Right of Access

Request a copy of all personal data we hold about you (Subject Access Request).

✏️

Right to Rectification

Ask us to correct inaccurate or incomplete data we hold.

🗑️

Right to Erasure

Request deletion of your data where there is no compelling reason for us to keep it.

⏸️

Right to Restriction

Ask us to restrict processing of your data in certain circumstances.

📦

Right to Portability

Receive your data in a structured, machine-readable format to transfer elsewhere.

🚫

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

ℹ️

If you are a consumer who received an SMS or email review request from a business using Try Review Bloom, your data is controlled by that business — not by us. Please contact the business directly to exercise your rights, or email us and we will direct your request appropriately.

09

Cookies

We use cookies on tryreviewbloom.com to make the site work and to understand how it is used. A cookie is a small text file placed on your device.

Cookie	Type	Purpose
Essential cookies	Strictly necessary	Keep the site functional (navigation, forms). Cannot be disabled.
Google Analytics (_ga, _gid)	Analytics	Understand site usage — pages visited, traffic sources. Anonymised. Can be opted out.

By continuing to use our website, you consent to essential cookies. You may refuse analytics cookies via your browser settings or by using the Google Analytics opt-out browser add-on.

10

Data Security

We take reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or destruction:

🔒

HTTPS encryption

All web traffic is encrypted in transit.

🔑

Access controls

Only authorised personnel can access client data.

🛡️

Password hashing

Account passwords are never stored in plain text.

📋

DPAs in place

Data Processing Agreements with all third-party processors.

In the event of a personal data breach that poses a risk to your rights, we will notify the ICO within 72 hours and affected individuals without undue delay.

11

Children's Data

Our service is intended for business owners and adults aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected] and we will delete it promptly.

12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will update the "Last updated" date at the top of this page and, where the changes are significant, notify clients by email.

Continued use of Try Review Bloom after a policy update constitutes acceptance of the revised policy.

13

Contact & Complaints

Try Review Bloom — Data Enquiries

We aim to respond to all requests within one calendar month.

📧 [email protected] · 🌐 tryreviewbloom.com

Right to complain to the ICO

If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) — the UK's data protection supervisory authority:

Website: ico.org.uk
Helpline: 0303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to resolve any concern directly before you contact the ICO.