Privacy Policy

1. Introduction

Cheers, Inc. ("Cheers," "we," "our," or "us") is a Delaware corporation headquartered in San Francisco, California. We operate a customer acquisition platform that helps multi-location service businesses generate and manage customer reviews, monitor their visibility across AI-powered search platforms, and improve their online reputation.

This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use our platform, website, mobile applications, NFC review badge products, and related services (collectively, the "Services"). It also describes your rights with respect to that information and how to exercise them.

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with its terms, please discontinue use of the Services.

2. Information We Collect

2.1 Information You Provide Directly

We collect information you provide when you create an account, use our Services, or communicate with us, including:

• Account information: Name, email address, password, and role within your organization.
• Business information: Company name, business address, phone number, number of locations, industry type, and Google Business Profile credentials provided via OAuth authorization.
• Payment information: Billing name, address, and payment card details. Payment card data is transmitted directly to and stored by our payment processor, Stripe, Inc. We do not store full card numbers on our systems.
• Communications: Records of your interactions with our support team, including emails, chat logs, and feedback submissions.
• AI Visibility Grader submissions: When you use our free AI Visibility Grader tool, we collect your business name (looked up via the Google Places API), email address, full name, job title or role, company name, number of business locations, and phone number.

2.2 Information Collected Automatically

When you access or use our Services, we automatically collect certain information, including:

• Usage data: Pages and features accessed, actions taken within the platform, search queries, timestamps of activity, and session duration.
• Device and browser information: Browser type and version, operating system, device type, screen resolution, and language preferences.
• Log data: IP address, referring URLs, access times, and error logs.
• Cookies and similar technologies: We use cookies, local storage, and similar tracking technologies to maintain sessions, remember preferences, and analyze usage. See Section 10 for details.
• Analytics data: We use PostHog to collect behavioral analytics, including page views, feature interactions, click patterns, and session recordings. PostHog data is processed in accordance with PostHog's privacy policy.

2.3 Information from Third Parties

We receive information from third-party sources in connection with the Services:

• Google Business Profile: When you authorize Cheers via OAuth, we access your Google Business Profile data, including your business profile information, photos, posts, and customer reviews. We use this access to display your review data, generate responses, and post approved content on your behalf.
• Review platform data: We collect and aggregate review data from Google, Yelp, Facebook, Foursquare, Apple Maps, and Bing to provide consolidated review monitoring and reporting.
• Google Places API: We use the Google Places API to look up and validate business names and locations, including when processing AI Visibility Grader submissions.

2.4 Information from NFC Badge Interactions

Cheers provides NFC-enabled badges that your employees may wear. When a customer taps an employee's badge, our system captures:

• Employee attribution data: The identity of the employee associated with the tapped badge.
• Interaction metadata: The timestamp of the tap event and the geographic location or business location associated with the badge.
• Review outcome data: Where available, information about whether a review was subsequently submitted as a result of the NFC interaction.

Businesses using NFC badges are responsible for ensuring appropriate notice is provided to their employees regarding the collection and use of this data.

3. How We Use AI and Third-Party AI Services

A core function of our platform involves assessing and improving how your business appears on AI-powered platforms. This requires transmitting certain business data to third-party AI providers. Specifically:

• AI visibility monitoring: We query the APIs of OpenAI (ChatGPT), Google (Gemini), Perplexity, and Google AI Overviews using your business name and location to determine whether your business is being recommended or cited in AI-generated responses. The data transmitted to these providers is limited to your business name and location information.
• AI-powered analysis: We use Anthropic's Claude to analyze your review data, generate suggested review response drafts, and produce AI visibility reports and action plans. Review content, business name, and relevant business context may be transmitted to Anthropic for this purpose.
• AI-generated content: Review responses, reports, and recommended action plans produced through our platform are generated using your business data as inputs to AI models.

Each of these third-party AI providers operates under its own privacy policy and data processing terms. We encourage you to review those policies. We do not use your data to train third-party AI models except as permitted under the applicable terms we maintain with those providers.

AI-generated content is provided as a starting point for your review and should not be published without your approval. Cheers does not guarantee the accuracy of AI-generated content.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To create and manage your account, provide access to platform features, process transactions, and deliver the Services you have requested.
• Review management: To aggregate, display, and analyze reviews from connected platforms; to generate and suggest responses to customer reviews; and to facilitate posting of approved content to your Google Business Profile.
• AI visibility monitoring: To assess how your business is represented across AI-powered search and assistant platforms, and to generate reports and recommendations to improve that visibility.
• Employee attribution and NFC analytics: To attribute review-generation activity to specific employees or locations, enabling performance tracking and operational insights for your business.
• Communication: To respond to support requests, send transactional notifications (receipts, alerts, service updates), and, with your consent, to send product updates and promotional communications.
• Product improvement: To analyze usage patterns, identify bugs, conduct research, and improve the functionality and user experience of our Services.
• Competitive and market analysis: To provide aggregated benchmarking and competitive insights as part of our reporting features. Individual business data is not shared with other customers.
• Legal and compliance: To comply with applicable laws and regulations, enforce our Terms of Service, and protect the rights and safety of Cheers and our users.

5. Information Sharing

We do not sell your personal information. We may share your information in the following circumstances:

• Cloud infrastructure: We use Supabase for database hosting and storage. Your data is stored on infrastructure operated by Supabase, Inc. and its underlying cloud providers.
• AI providers: As described in Section 3, business name, location, and review data may be transmitted to OpenAI, Google, Perplexity, and Anthropic in connection with AI-powered features.
• Analytics: We use PostHog for product analytics. Usage and behavioral data is shared with PostHog, Inc. for analytics processing.
• Payment processing: Payment transactions are processed by Stripe, Inc. Stripe receives billing information necessary to process payments on our behalf.
• Review platforms: When posting review responses on your behalf, we transmit the approved response content to the applicable platform (e.g., Google Business Profile via their API).
• Legal requirements: We may disclose your information if required to do so by law, court order, or governmental authority, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud.
• Business transfers: In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a materially different privacy policy.

Where we share data with sub-processors, we require them to implement appropriate data protection measures and to process data only for the purposes we specify.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include encryption of data in transit and at rest, role-based access controls, audit logging, and regular security assessments.

Access to personal information within Cheers is limited to personnel who require it to perform their job functions. We require our sub-processors to maintain equivalent security standards.

No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and applicable regulatory authorities as required by law.

7. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Our specific retention periods are as follows:

• Account and business data: Retained for the duration of your active account. Upon account termination, we will delete or anonymize your personal information within 90 days, except where retention is required for legal, tax, or regulatory purposes.
• AI Visibility Grader submissions: Data collected through the free Grader tool is retained for 24 months from the date of submission.
• NFC interaction data: Badge tap timestamps, employee attribution records, and associated interaction metadata are retained for 12 months.
• AI visibility monitoring data: Results and historical records of AI visibility queries and reports are retained for 36 months to enable longitudinal trend analysis and benchmarking.
• Payment records: Transaction records are retained for a minimum of 7 years to comply with financial recordkeeping requirements.
• Communications: Support and correspondence records are retained for 3 years following the close of a support interaction.

You may request deletion of your personal information at any time, subject to any retention obligations described above. See Sections 8 and 9 for how to submit a deletion request.

8. Your Rights Under California Law (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights regarding your personal information.

8.1 Rights Available to California Residents

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which it was collected, the business or commercial purposes for which it was collected, and the categories of third parties with whom we share it.
• Right to Delete: You have the right to request that we delete personal information we have collected from you, subject to certain exceptions (such as where retention is required to complete a transaction, comply with a legal obligation, or for other permitted purposes).
• Right to Correct: You have the right to request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale or Sharing: We do not sell your personal information, nor do we share it for cross-context behavioral advertising purposes. You therefore do not need to submit an opt-out request for these purposes.
• Right to Limit Use of Sensitive Personal Information: To the extent we collect sensitive personal information as defined by the CPRA, you have the right to limit its use to purposes permitted by law.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you goods or services, charge you different prices, or provide a different level of quality because you exercised a privacy right.

8.2 How to Submit a CCPA Request

To submit a request to know, delete, or correct your personal information, please contact us at info@cheers.tech or by mail at the address in Section 15. You may also designate an authorized agent to submit a request on your behalf.

8.3 Verification

Before responding to a CCPA request, we are required to verify your identity. We will ask you to provide information sufficient to confirm that you are the person about whom we have collected information. The specific verification requirements will depend on the sensitivity of the information requested and the nature of the request. We will not use information provided for verification for any other purpose.

We will respond to verified requests within 45 days of receipt. If we require more time, we will notify you and may extend the response period by an additional 45 days.

9. Your Rights (General)

Regardless of your location, you may have the following rights with respect to your personal information:

• Access: The right to request a copy of the personal information we hold about you.
• Rectification: The right to request correction of inaccurate or incomplete personal information.
• Erasure: The right to request deletion of your personal information, subject to applicable legal requirements and retention obligations.
• Restriction of processing: The right to request that we limit how we use your personal information in certain circumstances.
• Data portability: The right to receive your personal information in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
• Objection: The right to object to certain processing activities, including processing based on legitimate interests or for direct marketing purposes.
• Withdrawal of consent: Where we rely on your consent as the legal basis for processing, the right to withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at info@cheers.tech. We will respond within the timeframe required by applicable law. We may need to verify your identity before processing your request.

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

10. Cookies and Tracking Technologies

We use cookies, web beacons, pixel tags, and similar tracking technologies on our website and platform. These technologies allow us to recognize your browser, maintain session state, and collect usage information.

We use the following categories of cookies:

• Essential cookies: Required for the platform to function. These enable core features such as authentication, session management, and security. Essential cookies cannot be disabled without impairing the functionality of the Services.
• Analytics cookies: We use PostHog to collect information about how users interact with our platform, including which pages are visited, which features are used, and how users navigate through the product. This data is used to improve the Services. PostHog may use cookies, local storage, or similar technologies as part of its analytics collection.
• Preference cookies: Used to remember your settings and preferences, such as language selection and display options.

You can control cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, and configure settings to notify you when a cookie is set. Note that disabling cookies may affect the functionality of our Services.

We do not use cookies for targeted advertising or share cookie-derived data with advertising networks.

11. Children's Privacy

Our Services are intended for use by businesses and their authorized personnel. They are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have inadvertently collected personal information from a minor, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at info@cheers.tech.

12. International Data Transfers

Cheers is headquartered in the United States. If you access or use our Services from outside the United States, your personal information may be transferred to, stored, and processed in the United States or other countries where our sub-processors operate. Data protection laws in these countries may differ from those in your home country.

Where we transfer personal information from the European Economic Area, the United Kingdom, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on appropriate safeguards including Standard Contractual Clauses approved by the European Commission, or equivalent mechanisms recognized under applicable law.

By using our Services, you acknowledge that your information may be transferred to and processed in countries outside your jurisdiction.

13. Data Processing Agreement

Enterprise customers and other customers who require a Data Processing Agreement (DPA) for compliance with GDPR, CCPA, or other applicable data protection regulations may request one by contacting us at info@cheers.tech. We will work with you to execute a DPA that reflects the nature of data processing activities carried out in connection with your use of the Services.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law. When we make material changes, we will notify you by posting the updated policy on this page, updating the "Last updated" date, and, where required by law or where appropriate, providing notice via email or through the platform. We encourage you to review this policy periodically.

Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the updated terms.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

• Email: info@cheers.tech
• Legal inquiries: info@cheers.tech
• Mail: Cheers, Inc., 610 22nd Street, San Francisco, CA 94107

We will respond to all privacy inquiries within a reasonable timeframe and no later than required by applicable law.