Google Reviews Integration

Last updated: April 11, 2026

SocialRoar uses the official Google Business Profile API to help businesses, agencies, and multi-location brands manage reviews on the locations they own. This page documents exactly which OAuth scopes we request, why we request them, what we do with the data, and how users benefit — for use during Google OAuth verification and the CASA security assessment.

What SocialRoar does with Google

SocialRoar connects to a Google Account that owns or manages one or more Google Business Profile locations. Once connected, SocialRoar:

  • Lists the Business Profile accounts and locations the user has access to;
  • Loads reviews for each selected location into a unified inbox alongside the user’s social comments;
  • Classifies each review by sentiment and tags it (complaint, praise, question) using AI;
  • Generates AI-suggested responses grounded in the brand’s knowledge base and tuned for the location’s context;
  • Posts the user-approved response back to Google Business Profile;
  • Surfaces analytics: average star rating, review volume over time, response rate, and per-location reputation score.

Step-by-step user flow

  1. The user signs in to SocialRoar.
  2. From Settings → Connected Accountsthe user clicks Connect Google Business Profile.
  3. The user is redirected to Google’s OAuth consent screen, where they choose the Google Account to use and approve the requested scopes. Google clearly displays the scopes and the SocialRoar-branded app name.
  4. SocialRoar exchanges the authorization code for access and refresh tokens, stored encrypted at rest.
  5. SocialRoar fetches the list of Business Profile accounts and locations the user can manage. The user picks which locations to sync.
  6. New reviews are pulled on a regular schedule and appear in the inbox with sentiment, tags, and an AI-suggested response. The user reviews and approves, edits, or replaces the suggestion.
  7. On approval, SocialRoar posts the response via the Business Profile API.

OAuth scopes requested and why

  • https://www.googleapis.com/auth/business.manage — required by the Google Business Profile API to list accounts and locations the user manages, read reviews on those locations, and post replies. This is the only Google scope SocialRoar requests for the reviews integration. There is no narrower scope available for review management.
  • openid, email, profile — used only to identify which Google Account was connected and to display the email and avatar in SocialRoar so the user can confirm they connected the right account.

We do not request access to Gmail, Drive, Calendar, Contacts, or any other Google product. The only Google data we touch is what is required to manage your reviews.

How the data is used (Limited Use disclosure)

SocialRoar’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, data obtained from Google APIs is used only to provide and improve user-facing features that are clearly visible inside SocialRoar (the review inbox, AI reply suggestions, analytics, and posting approved replies). We do not use Google user data for advertising or for training generalized AI/ML models. We do not transfer Google user data to third parties except to the service providers strictly necessary to provide the Service (hosting, database, AI inference) under contractual confidentiality obligations, or as required by law. We do not allow humans to read Google user data unless we have the user’s explicit permission, it is necessary for security, it is necessary to comply with the law, or it is aggregated and used for internal operations in accordance with the Limited Use policy.

Storage, retention, and deletion

Access and refresh tokens are encrypted at rest. Reviews and responses are retained while the location remains connected. When the user disconnects a location, deletes their account, or revokes access at myaccount.google.com/permissions, we delete the associated Google data within 30 days. See our Data Deletion Instructions.

Compliance

SocialRoar complies with the Google API Services User Data Policy and the Google Business Profile API Terms of Service. We do not sell Google user data, do not use it for advertising, and do not share it with parties beyond the service providers described in our Privacy Policy.