Reputic.app
Start your 14-day free trial

Privacy Policy

Last updated: May 30, 2026

Introduction

Reputic ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our review management platform and related services.

Please read this privacy policy carefully. By using Reputic, you agree to the collection and use of information in accordance with this policy.

Information We Collect

Personal Information

When you register for an account, we collect:

  • Name and email address
  • Business name and contact information
  • Billing information and payment details
  • Profile information you choose to provide

Business Data

To provide our services, we collect and process:

  • Review data from connected platforms (Google, TripAdvisor, Booking.com, etc.)
  • Business listing URLs and identifiers
  • Response templates and AI-generated reply suggestions
  • Analytics and insights derived from your review data

Google API Data (Google Business Profile Integration)

When you connect your Google Business Profile via OAuth, Reputic accesses and stores:

  • Your Google account email (displayed in Settings so you know which account is connected)
  • OAuth access and refresh tokens, encrypted at rest using AES-256
  • Google Business Profile account identifier, location identifiers, location display name, address, primary category, and primary phone number
  • Reviews posted to your connected business location (review text, rating, reviewer display name, timestamps, your existing owner replies)
  • Pub/Sub notification metadata (Google's message IDs) used solely for idempotent processing of new-review events

Reputic's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

We use this data exclusively to:

  • Display your reviews in your Reputic dashboard
  • Generate AI-powered reply suggestions you can edit before posting
  • Post replies to Google reviews when you click "Post to Google" or have explicitly enabled automatic reply posting for a given rating tier
  • Notify you when new reviews arrive

We do not use Google API data for advertising, do not sell or transfer this data to third parties (except to OpenAI for AI reply generation, with no data retention by OpenAI per their enterprise API terms), and do not use it to train machine learning models. Human access to Google API data inside Reputic is limited to (a) you, (b) Reputic engineering staff under audit-logged debugging requests with your prior written consent, and (c) automated systems acting solely on your behalf.

You can disconnect your Google Business Profile at any time via Settings → Integrations → Disconnect, or via myaccount.google.com/permissions. On disconnect, your OAuth tokens are deleted within 30 days. Reviews previously imported into Reputic remain in your dashboard until you delete them or your account is terminated.

Automatically Collected Information

When you access our platform, we automatically collect:

  • Device and browser information
  • IP address and location data
  • Usage patterns and feature interactions
  • Cookies and similar tracking technologies

How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our review management services
  • Aggregate and analyze reviews from multiple platforms
  • Generate AI-powered insights and reply suggestions
  • Process transactions and send related information
  • Send service updates, security alerts, and support messages
  • Respond to your comments, questions, and customer service requests
  • Monitor and analyze trends, usage, and activities
  • Detect, investigate, and prevent fraudulent or unauthorized activities
  • Comply with legal obligations

Data Sharing and Disclosure

We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who assist in providing our services (payment processors, cloud hosting, analytics)
  • AI Processing: With OpenAI to generate review insights and reply suggestions. We use OpenAI's enterprise API, which contractually prohibits training on submitted data and retains content only for abuse monitoring per OpenAI's enterprise data processing addendum. Data sent: review text, rating, your configured brand voice description, and (if enabled) your Google Business Profile category + description. Data NOT sent: OAuth tokens, payment information, account credentials.
  • Legal Requirements: When required by law, subpoena, or other legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have given explicit permission

We do not sell your personal information to third parties.

Data Security

We implement appropriate technical and organizational measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Secure data centers with physical security measures

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements. Review data is retained according to your subscription plan settings and can be deleted upon request.

Google API data specifically: OAuth tokens are deleted within 30 days of disconnect or account termination. Pub/Sub notification metadata is purged after 7 days. Reviews and replies imported from Google are retained for the active life of your account and are deleted on account termination or upon request. On any data-subject-rights request (access, correction, deletion, portability) involving Google API data, we respond within 30 days; contact [email protected].

Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal information
  • Portability: Request transfer of your data to another service
  • Objection: Object to processing of your data for certain purposes
  • Withdrawal: Withdraw consent where processing is based on consent

To exercise these rights, please contact us at [email protected].

Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you logged in to your account
  • Remember your preferences and settings
  • Understand how you use our platform
  • Improve our services based on usage patterns

You can control cookies through your browser settings. Note that disabling cookies may affect the functionality of our services.

International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by relevant authorities.

Children's Privacy

Our services are not intended for individuals under 16 years of age. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have questions about this Privacy Policy or our privacy practices, please contact us: