Privacy Policy

The data controller is Reputacion SAS, a simplified joint-stock company (SAS) with a share capital of €1,000, registered with the Nancy Trade and Companies Register under number 789 404 993, headquartered at 31 rue du Chanoine Boulanger, 54220 Malzéville (Nancy), France.

Data Protection Officer (DPO): privacy@reputacion.io

In accordance with Article 6 of the GDPR, we process your personal data based on the following legal grounds:

• Contract performance: processing necessary to provide our services (account management, review collection, widgets)
• Consent: for sending marketing communications and using non-essential cookies
• Legitimate interest: for improving our services, platform security, and fraud prevention
• Legal obligation: for retaining billing data and complying with tax obligations

As part of providing our services, we collect the following categories of data:

• Identification data: name, email address, password (encrypted via bcrypt), optional profile photo
• Business data: establishment name, address, phone number, industry, Google Business Profile ID
• Usage data: pages viewed, features used, action timestamps, configuration preferences
• Technical data: IP address, browser type and version, operating system, screen resolution, session identifiers
• Billing data: processed directly by Stripe (we do not store any credit card numbers)

Your personal data is used exclusively for the following purposes:

• Provide, maintain, and improve our online reputation management services
• Personalize your user experience and adapt features to your needs
• Communicate with you about your account, service updates, and technical support
• Ensure platform security, detect and prevent fraudulent activities
• Compile anonymized statistics to improve our services
• Comply with our legal and regulatory obligations

We retain your personal data only for as long as necessary for the purposes for which it was collected:

• Account data: for the duration of your subscription, then 3 years after account deletion
• Billing data: 10 years in accordance with French accounting obligations
• Usage data and technical logs: 12 rolling months
• Cookies: maximum duration of 13 months in accordance with CNIL recommendations
• Customer support data: 3 years after ticket closure

We implement industry-standard technical and organizational security measures to protect your data: data encryption in transit (TLS 1.3) and at rest (AES-256), secure authentication with password hashing (bcrypt), regular encrypted backups, role-based access control (RBAC), continuous access monitoring and anomaly detection. Your data is hosted exclusively on secure servers within the European Union.

We use cookies to ensure the proper functioning of our platform and improve your experience:

To provide our services, we use the following sub-processors, all GDPR-compliant:

We never sell, rent, or share your personal data for commercial purposes. Data sharing is strictly limited to the sub-processors listed above, solely for the purpose of providing our services. Each sub-processor is bound by a Data Processing Agreement (DPA) in compliance with Article 28 of the GDPR.

Some of our sub-processors are based in the United States (Stripe, Twilio, Sentry, Google). These transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of protection in accordance with Articles 46 and 47 of the GDPR.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we commit to notifying the relevant supervisory authority within 72 hours in accordance with Article 33 of the GDPR, and to informing you without undue delay in accordance with Article 34 of the GDPR if the risk is high.

In accordance with the GDPR (Articles 15 to 22), you have the following rights over your personal data:

• Right of access (Art. 15): obtain a copy of all your personal data
• Right to rectification (Art. 16): correct inaccurate or incomplete data
• Right to erasure (Art. 17): request deletion of your data
• Right to restriction (Art. 18): restrict the processing of your data
• Right to data portability (Art. 20): receive your data in a structured, reusable format
• Right to object (Art. 21): object to the processing of your data on legitimate grounds

You also have the right to lodge a complaint with the CNIL (French National Commission on Informatics and Liberty): www.cnil.fr.

To exercise your rights or for any questions about the protection of your personal data, you can contact our Data Protection Officer: