RLC Reviews

Google Business Profile Reviews Integration

Effective date: 02/03/2026

Privacy Policy — RLC Reviews

This Privacy Policy explains how the RLC Reviews WordPress plugin (the “Plugin”) processes information when it retrieves and displays reviews and location information from a Google Business Profile on a WordPress website.

RLC Reviews is intended for website administrators and organizations that manage one or more Google Business Profiles.

Who we are

  • Provider/Developer: R+L Carriers (“we”, “us”)
  • Website: rlcarriers.com | rlc.com
  • Support email: click here
  • Privacy contact: click here
  • Mailing address: 600 Gillam Rd., Wilmington, OH 45177

What the Plugin does

The Plugin enables a site administrator to connect a Google account (via OAuth) that has access to a Google Business Profile. The Plugin then:

  • Lists available Business Profile locations so an administrator can select the correct location
  • Fetches reviews for the selected location
  • Displays those reviews on the website where the administrator places the reviews block

If OAuth access is not available, the Plugin can optionally use a Google Places API key and Place ID as a fallback to retrieve reviews.

Information we process

A. Google Business Profile location information

When configured and authorized, the Plugin may retrieve location information such as location name/title and address metadata (for example, storefrontAddress) so an administrator can select a location.

B. Reviews content (public user-generated content)

The Plugin retrieves reviews associated with the selected Business Profile location. Reviews may include fields such as:

  • Star rating / rating value
  • Review text
  • Review timestamps
  • Reviewer display name and profile photo URL (if provided by Google)

These fields are determined by Google’s APIs and by what reviewers have publicly posted.

C. Website configuration data

The Plugin stores configuration in the WordPress database, such as:

  • Selected Business Profile account and location identifiers
  • OAuth service URL (if used)
  • Optional Places fallback settings (Google Places API key and default Place ID)

D. OAuth tokens

OAuth access and refresh tokens are stored in the WordPress site’s database so the Plugin can fetch reviews and refresh access when needed.

E. Operational logs and notifications

The Plugin may write limited operational events to the WordPress/PHP error log (for example, token refresh failures, API errors) and may notify the site administrator (for example, by email) when authentication issues prevent fresh data from being retrieved.

The Plugin is designed to avoid storing customer payment data and does not require a site visitor’s email address, phone number, or account login.

How we use information

We use the processed information to:

  • Retrieve location and reviews data from Google so the site administrator can configure and display reviews
  • Cache responses to improve performance and reduce API calls
  • Maintain reliability (for example, token refresh handling, error reporting)

We do **not** use Google user data for marketing, profiling, unrelated analytics, or resale.

Data minimization

The Plugin follows data-minimization principles:

  • Uses only the Google OAuth scope required for Business Profile review/location retrieval
  • Retrieves only the fields required to display reviews and support configuration
  • Caches data to reduce repeated API calls, rather than collecting additional data

Retention

Retention depends on your site configuration and administrator actions:

  • OAuth tokens: Stored until an administrator clears tokens/disconnects or revokes access.
  • Cached reviews: Stored in WordPress transients for performance (typically hours) and can be cleared by an administrator.
  • Backup reviews: A last-known-good backup of reviews may be stored in the WordPress database to keep reviews displaying during temporary API outages. This remains until cleared by an administrator or removed during uninstall.
  • Operational logs: If WordPress/PHP logging is enabled, log retention is controlled by the site’s server/logging configuration.

Sharing, recipients, and subprocessors

To deliver functionality, the Plugin communicates with:

  • Google APIs (Google Business Profile APIs and/or Google Places API) to retrieve locations and reviews
  • Infrastructure providers that host your WordPress site (hosting, database, backups, logging) under your control and agreements

We do not sell Google user data. We do not share Google user data with third parties except as necessary to provide the Plugin’s functionality, comply with law, or with the user’s explicit consent.

International transfers

Google and hosting providers may process data on servers located in various countries. If data is processed outside your jurisdiction (including outside the EEA/UK), appropriate safeguards may apply depending on the parties and applicable law.

Security

We apply reasonable safeguards appropriate to the Plugin’s function:

  • Requests to Google APIs are made over HTTPS (TLS)
  • Administrative actions are intended to be limited to site administrators
  • Tokens are stored in the WordPress database; protect your database and admin access using strong credentials and least privilege

Legal bases (where applicable)

Depending on applicable law, processing may be based on:

  • Performance of contract / legitimate interests: displaying reviews and maintaining the Plugin’s reliability and performance for the website operator
  • Consent (where required): for any optional configuration that requires consent under local law

Data subject rights

Individuals may have rights under GDPR and similar laws (access, rectification, erasure, restriction, portability, objection). Because the Plugin primarily displays reviews as retrieved from Google, requests about review content may need to be addressed through Google’s services and policies.

Website operators can contact us here for questions about Plugin-stored configuration and cached/backup data.

Cookies and tracking

The Plugin does not add cookies for marketing or behavioral profiling. Any functional storage used is limited to providing the Plugin’s features.

Roles (controller/processor)

  • The website operator is typically the controller for their site configuration and how reviews are displayed.
  • Depending on the context, we may act as a processor for configuration data we help enable, while Google is an independent controller for data in its services.

Google requirements and disclosures

A. OAuth scope

When OAuth is used, the Plugin requests the following scope:

  • `https://www.googleapis.com/auth/business.manage`

This scope is used to list Business Profile locations and retrieve reviews for the location selected by the site administrator.

B. Google API Services User Data Policy — Limited Use

If the Plugin uses Google APIs and receives Google user data, we comply with the Google API Services User Data Policy, including the Limited Use requirements.

In particular:

  • Google user data is used only to provide user-facing features requested by the site administrator (displaying Business Profile reviews and configuration)
  • Google user data is not sold
  • Google user data is not used for advertising, profiling, or unrelated analytics
  • Google user data is not transferred to third parties except as necessary to provide the requested functionality, comply with law, or with the user’s explicit consent

C. Revoking access

Site administrators can revoke Google OAuth access at any time from their Google Account settings (Security → Third-party access).

D. Data deletion instructions

To delete Plugin-stored data:

  1. In WordPress admin, clear/disconnect OAuth tokens in the Plugin’s settings (or revoke access in Google Account settings).
  2. Clear cached data/backup reviews from the Plugin’s settings (if available), or remove the Plugin.
  3. If you need assistance, click here.

Children

The Plugin is intended for use by businesses and authorized administrators. It is not directed to children.

Changes to this Policy

We may update this Policy from time to time. We will update the effective date and publish the revised version.

Contact

For privacy-related questions, click here.

You may also write to our Privacy Team at our corporate mailing address. A dedicated Data Protection Officer or EU representative is appointed where required by law.