Legal
Privacy Policy
Effective Date: May 11, 2025
Your privacy matters to us. RepuLocal is a business-to-business (B2B) software platform. We do not sell your data, we do not share your data with advertisers, and we do not use your customers' data for any purpose other than delivering our service to you.
1. Who We Are
RepuLocal (“Company,” “we,” “us,” or “our”) operates a customer support CRM and content management platform accessible at repulocal.com. This Privacy Policy describes how we collect, use, store, and protect information in connection with the Service.
2. Information We Collect
2.1 Account & Billing Information
When you register, we collect your name, business name, email address, and billing information. Payment processing is handled by Paddle.com, our Merchant of Record. We store only a tokenized reference to your payment method — never your full card number.
2.2 Platform Data Retrieved on Your Behalf
With your explicit authorization, we connect to the Meta Graph API (Facebook, Instagram) and Google My Business API to retrieve data associated with your business accounts. This data includes:
- → Reviews and ratings posted on your Google Business Profile and Facebook Page
- → Direct messages received by your Facebook Page and Instagram Business Account
- → Posts, comments, and engagement metrics from your connected social accounts
- → Business profile information (name, address, category) from connected accounts
Temporary Caching: Platform Data is temporarily cached using Upstash Redis solely to improve dashboard performance and reduce redundant API calls. Cache entries are automatically expired and are never used for advertising, profiling, or any purpose beyond displaying information within your authorized dashboard session.
2.3 Usage & Technical Data
We automatically collect certain technical information when you use the Service, including your IP address, browser type, device identifiers, pages visited, and feature usage patterns. This data is used solely for security monitoring, product improvement, and debugging.
3. How We Use Your Information
- ✓ Provide, maintain, and improve the Service
- ✓ Display Platform Data within your authorized dashboard
- ✓ Process subscription payments and send billing communications
- ✓ Respond to support requests and technical inquiries
- ✓ Send transactional emails (e.g., account confirmations, password resets)
- ✓ Monitor for security threats and platform abuse
- ✓ Comply with applicable legal obligations
4. What We Do NOT Do
- ✗We do not sell, rent, or trade your data or your customers' data to any third party.
- ✗We do not use your data or your customers' data for advertising or ad targeting purposes.
- ✗We do not store Platform Data (reviews, messages, posts) permanently in our systems — it is displayed transiently and cached only for performance.
- ✗We do not share review content or customer messages with any party other than the authorized account holder.
- ✗We do not use the AI writing assistant to fabricate or misrepresent content on your behalf.
5. Data Sharing & Third-Party Processors
We share data only with the following categories of third-party service providers, and only to the extent necessary to deliver the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Database & Authentication | Account data, session tokens |
| Paddle.com | Payment Processing (MoR) | Billing information |
| Upstash | Redis Cache | Temporary API response cache |
| Groq | AI Writing Assistance | Caption drafts provided by user |
| Vercel | Hosting & Edge Network | Request logs (anonymized) |
6. Data Retention
We retain your account information for as long as your subscription is active, plus 90 days. Platform Data retrieved via API is cached temporarily (typically minutes to hours) and is not stored in our long-term database. Billing records are retained for 7 years as required by applicable financial regulations.
7. Security
We implement industry-standard security measures including TLS/SSL encryption in transit, AES-256 encryption at rest for sensitive credentials, and role-based access controls. Social account access tokens (Meta, Google) are stored encrypted and are accessible only to the authorized account holder.
8. Your Rights
- → Right of Access: Request a copy of the personal data we hold about you.
- → Right of Rectification: Request correction of inaccurate or incomplete data.
- → Right of Erasure: Request deletion of your personal data.
- → Right to Portability: Receive your data in a structured, machine-readable format.
- → Right to Opt Out: Opt out of any marketing communications at any time.
To exercise any of these rights, contact us at privacy@repulocal.com.
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.
10. Changes to This Policy
We may update this Privacy Policy periodically. When we make material changes, we will notify you by email and update the “Effective Date” at the top of this page.
11. Contact Us
For privacy-related questions: privacy@repulocal.com.