Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, phone number, company name, and billing information when you create an account.
• Google Business Profile Access: OAuth authentication tokens to access your Google Business Profile reviews (we never store your Google password).
• Review Response Data: Review content, AI-generated responses, and your edited responses.
• Payment Information: Payment card details processed securely through Stripe (we do not store full card numbers).
• Communications: Messages you send us through support channels, feedback forms, or email.

1.2 Automatically Collected Information

• Usage Data: Features used, response generation frequency, login times, and activity logs.
• Device Information: Browser type, operating system, IP address, and device identifiers.
• Cookies and Tracking: Session cookies, authentication tokens, and analytics cookies (see Cookie Policy).

2. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Generate AI-powered review responses, sync Google Business Profile reviews, and post responses on your behalf.
• Account Management: Create and manage your account, process payments, and provide customer support.
• AI Model Improvement: Improve response quality and train our AI models (all data is anonymized and aggregated).
• Communication: Send transactional emails, product updates, billing notifications, and marketing communications (you can opt out).
• Security: Detect fraud, prevent abuse, and protect against security threats.
• Analytics: Understand usage patterns, optimize features, and improve user experience.
• Legal Compliance: Comply with legal obligations, enforce terms of service, and respond to legal requests.

3. How We Share Your Information

We do not sell your personal information. We may share data with:

3.1 Service Providers

• OpenAI: For AI-powered response generation (subject to OpenAI's data usage policies).
• Supabase: For database hosting and authentication services.
• Stripe: For payment processing (PCI-DSS compliant).
• Google Cloud: For Google Business Profile API integration.
• Email Service Providers: For transactional and marketing emails.

3.2 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information is transferred and becomes subject to a different privacy policy.

3.3 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, safety, or property.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3.
• OAuth Tokens: Google access tokens are encrypted with AES-256-GCM before storage.
• Database Security: Database access is restricted, encrypted at rest, and monitored for suspicious activity.
• Access Controls: Employee access to user data is limited on a need-to-know basis with multi-factor authentication required.
• Regular Audits: We conduct security audits and vulnerability assessments regularly.

However, no method of transmission over the internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

• Active Accounts: We retain your data for as long as your account is active or as needed to provide services.
• Inactive Accounts: If your account is inactive for 90 days after cancellation, we securely delete your data.
• Backup Retention: Backups are retained for 30 days before permanent deletion.
• Legal Obligations: Some data may be retained longer if required by law or for legitimate business purposes (e.g., tax records).
• Data Export: You can export all your data at any time before account deletion.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 General Rights

• Access: Request a copy of the personal information we hold about you.
• Correction: Update or correct inaccurate information in your account settings.
• Deletion: Request deletion of your account and associated data.
• Data Portability: Export your data in a machine-readable format.
• Opt-Out: Unsubscribe from marketing emails (transactional emails cannot be disabled).

6.2 California Residents (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, shared, or sold.
• Right to delete personal information (with certain exceptions).
• Right to opt-out of the sale of personal information (we do not sell personal information).
• Right to non-discrimination for exercising CCPA rights.

6.3 European Residents (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

• Right to access, rectification, erasure, and data portability.
• Right to restrict processing and object to processing.
• Right to withdraw consent at any time.
• Right to lodge a complaint with a supervisory authority.

To exercise your rights, contact us at: privacy@reputon.ai

7. Google API Services User Data Policy

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

• We only request access to Google Business Profile reviews and related data necessary for our service.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read your data unless necessary for security purposes, to comply with law, or with your explicit permission.
• We do not transfer Google user data to third parties except as necessary to provide the service or as required by law.
• You can revoke our access to your Google Business Profile at any time through your Google Account settings.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Required for authentication, session management, and security.
• Analytics Cookies: Track usage patterns, feature adoption, and performance (you can opt out).
• Preference Cookies: Remember your settings, language, and theme preferences.

You can control cookies through your browser settings, but disabling essential cookies may affect functionality. See our Cookie Policy for more details.

9. Children's Privacy

Our service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately and we will delete it.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure adequate safeguards are in place:

• Data processing agreements with service providers.
• Standard Contractual Clauses (SCCs) for transfers outside the EEA.
• Adherence to Privacy Shield principles (where applicable).

11. Third-Party Links

Our service may contain links to third-party websites or services not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Sending an email to the address associated with your account.
• Posting a notice on our website and in your dashboard.
• Updating the "Last Updated" date at the top of this policy.

Your continued use of our service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us: