Placeholder pending legal counsel review.

This document is illustrative, not contractual. Final language subject to change after review by qualified legal counsel.

Compliance & Trust

Public summary · 2026-04-19

Built for EU + US compliance from day one.

Fotiqo’s review and reputation features are designed to be 100% aligned with Google Business Profile Terms of Service, the EU Omnibus Directive (Directive (EU) 2019/2161), the FTC Review Rule (16 CFR Part 465, effective 21 October 2024), UCPD 2005/29/EC, the Italian Codice del Consumo, and GDPR (Regulation (EU) 2016/679). The full technical document is linked below.

Google Business Profile ToS

We use Service Interception — upstream issue resolution — never review gating. No pre-screening, no star-rating filters, no sentiment routing.

EU Omnibus Directive 2022

Neutral review solicitation to all customers. Four platform buttons — Google, TripAdvisor, Facebook, Private Feedback — with equal visual weight, enforced by a pixel-diff CI test.

FTC Review Rule 2024

No fake reviews, no review suppression, no incentives tied to review submission. Every send logged to a tamper-evident audit trail.

GDPR by design

Ephemeral face vectors (deleted within seconds), granular cookie consent, right to deletion, Standard Contractual Clauses for international transfers.

What we DO NOT build

The following patterns are explicitly ruled out in our engineering guardrails; no feature request, A/B test, or integration may introduce them. (See COMPLIANCE.md §1.2.)

Pre-screening surveys ("Are you happy?") before soliciting reviews
Sentiment-based routing (happy → Google, angry → private channel only)
Star-rating gates (Google link only shown to 4–5 star raters)
Incentives for positive reviews (gifts, discounts, contest entries)
Selective sending based on predicted sentiment
Any mechanism that could be called "review gating" or "review filtering"

What we DO build

Instead of gating, Fotiqo operates the following six patterns, documented in COMPLIANCE.md §1.3 and built to the spec in MASTER_BUILD.md Phase 16.

Service Interception
Catch issues during the experience and resolve them with AI + staff before a review is ever written. Better service first; legal protection is the byproduct.
Neutral solicitation
Every eligible customer, no matter the predicted sentiment, sees the same request with the same four equal buttons.
Multi-platform aggregation
Fetch and display reviews from Google, TripAdvisor, Trustpilot, Facebook, Booking.com, GetYourGuide, and Viator via official APIs.
AI Review Response Engine
Brand-voice replies generated by our AI engine, with auto-post, draft-for-approval, and suggest-only modes.
ToS Assassin
Scans incoming reviews for ToS violations (profanity, personal attack, non-customer, spam) and drafts takedown requests for the reviewer's platform.
Compliance audit trail
Every request, click, and takedown is logged with equal-to-all and sentiment-filtered flags, retained 6 years for regulator defence.

Code-level guardrails

Policy statements only matter if the code enforces them. The following guardrails run automatically in CI and in production.

Message templates are validated against a forbidden-word list before sending.
Every review request is recorded with a flag confirming it was sent equally to all eligible customers.
A pixel-difference test blocks any code change that would make one review-platform button larger, bolder, or more prominent than the others.
A CI check rejects pull requests that introduce forbidden review-gating language anywhere in customer-facing copy.

Full statement

The complete technical compliance document — including the regulatory citations, forbidden-pattern list, GDPR retention schedule, payment/tax matrix, and escalation procedure — is maintained in the source repository.

Read the technical compliance doc → (link pending public repo publication)