Privacy Policy.

When you submit a review with a phone number or email address, we normalize the value (e.g. strip formatting, lowercase the email) and then compute a salted SHA-256 hash. Only the hash is stored.

Alongside the hash we store a short "display tail" — the last four digits of the phone, or the first letter of the local-part of the email plus the domain — so that you can visually confirm a match when you open a subject.

Optionally you may attach a first name + last initial (e.g. "Jane S."). Full last names are rejected by the API. We do not accept addresses, workplaces, social-media handles, or government identifiers.

We store:

• The email address you sign up with.
• Your business name, optional website, optional industry.
• Every review you submit (structured fields and the optional 500-character notes block).
• Timestamps of account creation, sign-in events, reviews, lookups, and appeals.

Your business identity is mapped internally to your reviews so that we can moderate, deduplicate, and respond to abuse reports — but this mapping is never exposed to other members.

Subject pages show: the display tail, the optional first name plus initial, aggregate scores (averages, percentages), and the per-review breakdown.

Per-review entries show: the structured ratings, optional notes you wrote, and a coarse date. They do not show: reviewer business name, reviewer email, reviewer location, or any other linking identifier.

Aggregate caution badges ("High caution", "Mixed signals", "Looks clean") are computed at display time from the underlying ratings; we do not author them by hand.

A lookup is an exact-match query: you enter a full phone number or full email address, we hash it the same way we hash on submission, and we check whether that hash exists. Near-matches and partials return nothing.

Lookups by "first name plus initial" return a list of subjects matching that label — you are expected to confirm with the display tail before acting on what you see.

We log lookup events for abuse detection (rate limiting, account compromise, bulk-querying). Logs are retained for ninety days and then aggregated.

You can delete your account from the dashboard. Deleting your account removes your user row and cascades to every review you posted. Aggregate scores recompute without your contributions.

Reviewed parties do not have a Vouchback account, but they may request review of their listing under the content rules. Reviews that violate the rules are removed; reviews that simply paint the reviewed party in an unflattering light remain.

Backups retain deleted data for up to thirty days, after which it is overwritten in normal rotation.

We use one first-party cookie: a signed JWT session token set after you sign in. It identifies you to the server on each request. It is HTTP-only, Secure, and SameSite=Lax.

We do not use third-party analytics cookies. We do not use advertising cookies. We do not sell or share your browsing activity with any third party for advertising purposes.

We use a small number of carefully-chosen subprocessors to operate the service:

• Hosting — application infrastructure (Vercel or equivalent).
• Database — managed PostgreSQL (Neon, Supabase, or equivalent).
• Email — transactional email for magic-link sign-in (Resend).

These providers handle data only as needed to deliver the service. They do not have authorization to read or use your data for any purpose other than running the platform on our behalf.

Subject identifiers are hashed with a server-side pepper before storage. The pepper is treated as a database-level secret and is never logged, exported, or rotated except with explicit migration of all existing hashes.

All connections are TLS-encrypted. Session cookies are signed and tamper-evident. We do not store passwords — there are no passwords to compromise.

Suspected security incidents should be reported to security@vouchback.dev.

Vouchback is not directed to anyone under 18 and we do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will remove it.

Residents of California, the EU/EEA, or the UK have additional rights under their local data-protection laws (access, correction, deletion, portability, and objection). We will honor verified requests to the greatest extent permitted by law. Reach us at privacy@vouchback.dev.