ReviewMax

Privacy policy

Last updated: May 3, 2026. This Privacy Policy explains how ReviewMax collects, uses, stores, and protects information when you use this website (“Site”). For general rules of using the Site, see our Terms of use.

Who we are

ReviewMax is a product-review website. The app and database are self-hosted (for example on a VPS via Coolify); optional analytics use PostHog after you consent; error monitoring may use Sentry when configured. Those vendors process data under their respective terms as subprocessors assisting us.

What we collect

  • Newsletter: If you subscribe, we store your email address in our PostgreSQL database to send updates you opted into. Unsubscribe flows are provided in outbound messages whenever the newsletter is active.
  • Analytics (optional): After you accept non-essential cookies via the banner, PostHog may record page views, UI interactions, and (only if explicitly enabled for your deployment) session replays— used in aggregate to understand how readers use the Site.
  • Administrators: If you sign into the dashboard, Auth.js handles credentials. We associate your account with a user record so server actions can authorize admin-only routes.
  • Server and security logs: Like most hosted sites, infrastructure providers may log IP addresses, timestamps, and request metadata for reliability and abuse prevention according to vendor retention schedules.
  • Review requests (admins): Operators may submit product names, categories, Amazon URLs, and notes; those submissions are stored to power the editorial queue.

Cookies and similar tech

Essential cookies/local storage may preserve session state for admins and remember your cookie consent choice. Analytics cookies initialize only after you opt in via the CookieBanner.

How we use information

We use the data described above to operate and secure the Site, deliver the newsletter service, prioritize review topics, troubleshoot technical issues, and obey applicable law or enforceable governmental requests.

Sharing

We do not sell subscriber email lists for unrelated marketing. We share data with service providers strictly as needed for the functions listed (hosting, database, analytics, monitoring). Affiliate retailers may assign their own cookies after you leave for Amazon; refer to Amazon’s notices and our Affiliate disclosure.

Retention

Newsletter addresses remain until deletion is requested or the list is retired by the operator; infrastructure logs expire per vendor defaults unless a longer retention is contractually justified (for example fraud investigation). Administrators should apply appropriate retention policies for historical tables in the database.

Security

We transmit data using HTTPS where the platform provides it and enforce admin-only access in application code and authenticated server actions for sensitive operations. Protect webhook secrets and database credentials—they grant full database access—and rotate them according to your security plan.

Your choices and rights

Depending on where you live, privacy laws such as GDPR, UK GDPR, CPRA/CCPA or similar statutes may grant you rights to access, correct, export, restrict, object to processing, or delete certain personal data, subject to exceptions. Affiliate programs and storefronts operate under their own policies once you navigate away.

Children

ReviewMax does not knowingly collect personal information from children under 13 where U.S. Children’s Online Privacy Protection Act rules apply, or under higher age thresholds where local law mandates. If you believe a child provided data, notify the Site operator so records can be removed.

International transfers

Servers for your hosting provider, PostHog, and Sentry may be located outside your country. Providers may rely on contractual safeguards acceptable under applicable regulations.

Changes

We may update this policy as the Site evolves. Continuing to read after we post an updated revision with a new effective date signifies your awareness of substantive changes consistent with jurisdictional norms.

Contact

For privacy questions or requests exercising legal rights, contact the legally designated operator administering this ReviewMax deployment. Operational contact surfaces (email, ticket system, postal address where required) belong to your organization and should be published where end users expect regulatory correspondence.