ReputeLoop

ReputeLoop Privacy Policy

Effective Date: May 17, 2026 Last Updated: June 28, 2026

ReputeLoop, Inc. ("ReputeLoop," "we," "us," or "our") respects your privacy and is committed to protecting the personal information you share with us. This Privacy Policy explains what information we collect, how we use and share it, and the choices you have.

This Policy applies to:

  • Business users — the companies and individuals who create accounts and use the ReputeLoop platform
  • End-user contacts — individuals whose contact information is uploaded by business users for the purpose of sending review requests
  • Website visitors — people who visit reputeloop.com without creating an account

1. Information We Collect

1.1 Information You Provide Directly

Account registration: Name, business name, email address, and password when you create an account.

Business profile: Business name, location(s), city, state, Google Review URL, and other business information you add during onboarding or use of the Service.

Payment information: Credit card details and billing address processed through Stripe. We do not store full payment card numbers; Stripe retains this data under their PCI-DSS compliant systems.

Contact data: Names, email addresses, and phone numbers of your customers that you upload, import (CSV), or enter into the Service for the purpose of sending review requests. You are solely responsible for ensuring you have lawful basis to share this data with us.

Communications: Messages you send to our support team and responses you receive.

1.2 Information Collected Automatically

Usage data: Pages visited, features used, buttons clicked, and actions taken within the platform, including timestamps.

Device and log data: IP address, browser type, operating system, referring URL, and session duration.

Push notification tokens: If you enable push notifications in your browser or in the ReputeLoop mobile app, we store a push subscription token associated with your account. This token is a unique identifier generated by your browser (using the Web Push / VAPID standard) or by Google's Firebase Cloud Messaging (FCM) service for Android devices. It is used solely to deliver real-time alerts — such as new negative feedback notifications — to your device. You can revoke this permission at any time through your browser or device notification settings, or by disabling push notifications in your ReputeLoop account settings.

Cookies and similar technologies: See Section 7.

1.3 Information From Third Parties

If you connect a third-party integration (e.g., HubSpot, Zapier), we may receive data from those platforms as needed to provide the integration. We handle such data in accordance with this Policy and the applicable integration agreement.

Connected field-service, hospitality, and point-of-sale platforms. If you connect a job- or transaction-based platform — including ServiceM8, Jobber, Square, Cloudbeds, Workiz, and Tekmetric — you authorize ReputeLoop to access, from your account on that platform, only the data needed to trigger and send a review request when a job, appointment, or transaction is completed. Specifically:

  • What we access: the completion event (e.g., a job marked complete), and the associated customer's name, email address, phone number, and service/job address. We request the minimum permissions ("scopes") required for this purpose and do not access invoices, payments, financial data, or unrelated records.
  • How we use it: solely to create or update a contact in your ReputeLoop account and send that customer a review request on your behalf.
  • How it is stored: the customer contact details are stored in your ReputeLoop account as described in this Policy. Access and refresh tokens for the connected platform are stored encrypted.
  • How it is shared: only with the service providers that deliver the message (email and SMS providers) — never sold or used for our own marketing.
  • Retention: retained per Section 5 (Data Retention). You may disconnect a platform at any time from Settings → Integrations, which revokes our access and stops further data from being received.

2. How We Use Information

We use collected information to:

Provide and operate the Service:

  • Create and manage your account
  • Send review request emails and SMS messages to your uploaded contacts on your behalf
  • Display analytics, feedback, and reports within your dashboard
  • Process subscription payments and manage billing

Communicate with you:

  • Send transactional emails (receipts, password resets, important account notices)
  • Respond to support requests
  • Notify you of negative feedback alerts and low-rating submissions

Improve and develop the Service:

  • Analyze usage patterns to identify bugs and improve features
  • Conduct internal research using aggregated, anonymized data
  • Test new features and measure performance

Comply with legal obligations:

  • Respond to lawful requests from courts, regulators, or law enforcement
  • Enforce our Terms of Service
  • Prevent fraud, abuse, and illegal activity

Marketing (with your consent or as permitted by law):

  • Send product updates, feature announcements, and promotional offers to business users. You may opt out at any time (see Section 8).

3. How We Share Information

We do not sell your personal information or your contacts' personal information to third parties.

We share information only in the following circumstances:

Service providers: We share data with trusted third-party vendors who help us operate the Service, including:

  • Stripe — payment processing
  • Clerk — user authentication and session management
  • Resend / email providers — transactional and review request email delivery
  • Telnyx, Inc. — SMS messaging infrastructure and review request delivery. When you activate SMS for your business, we share your business registration information (legal business name, EIN or SSN, business address, website URL, and entity type) with Telnyx and with mobile network operators as required for toll-free number verification ("TFV"). This registration data is used solely for carrier compliance and is not used for any other purpose. When you send SMS messages through the Service, message content and recipient phone numbers are transmitted to Telnyx for routing to the applicable wireless carrier. Telnyx processes this data as a service provider under applicable federal and California law, including Cal. Civ. Code § 1798.140(ag)(2). Message content in transit is subject to Telnyx's privacy policy and applicable carrier data-handling practices. ReputeLoop does not sell or share end-recipient phone numbers for advertising purposes. Mobile opt-in and consent information will not be shared with any third party for marketing or promotional purposes.
  • Anthropic, PBC — AI language model services. When you interact with Loop, our AI assistant on the ReputeLoop marketing site, your chat messages are transmitted to Anthropic's Claude API for processing. When business users use the AI reply draft feature in the help desk, the content of the negative feedback ticket is transmitted to Anthropic to generate a suggested response. No personally identifiable information about your end-customers is intentionally included in these transmissions. Anthropic processes this data as a service provider under our data processing agreement. Anthropic does not use data submitted through the API to train its models.
  • Vercel / hosting providers — cloud infrastructure
  • PostHog — product analytics (feature usage, session events). Data is processed under PostHog's data processing agreement and is not sold or shared for advertising purposes.

All service providers are contractually required to handle data only as directed by us and in accordance with this Policy.

Business transfers: If ReputeLoop is acquired, merged, or sells substantially all of its assets, your information may be transferred to the acquiring entity. We will provide notice before such a transfer and the acquirer will be required to honor this Policy.

Legal requirements: We may disclose information if required by law, court order, or governmental authority, or when we believe disclosure is necessary to protect the rights, property, or safety of ReputeLoop, our users, or the public.

With your consent: We may share information with third parties when you have given explicit consent.

4. End-User Contacts — Special Provisions

4.1 Business User Responsibility. Your customers' contact information that you upload into ReputeLoop is processed by us on your behalf, as a data processor (in GDPR terminology) or service provider (under CCPA). You are the data controller/business and are responsible for ensuring:

  • You have obtained valid consent to contact these individuals
  • You have a lawful basis to share their information with ReputeLoop
  • You comply with applicable privacy laws (TCPA, CAN-SPAM, GDPR, CCPA, etc.)

4.2 Our Use of Contact Data. We use contact data solely to deliver review request communications on your behalf. We do not use your contacts' information to market our own products to them, sell it to third parties, or use it for any purpose other than providing the Service to you.

4.3 Opt-Out Processing. When an end-user unsubscribes or opts out of communications, we honor that request and flag the contact in our system to prevent future communications. We expect business users to respect and maintain these suppressions.

4.4 Data Deletion. If an end-user requests deletion of their personal information, they should contact the business user (your company) directly. Upon receiving a deletion request from a business user, we will delete or anonymize the relevant contact data within a reasonable time, subject to legal retention requirements.

5. Data Retention

We retain your account information and Customer Data for as long as your account is active or as needed to provide the Service.

Upon account cancellation or termination:

  • We retain your data for up to 30 days to facilitate export
  • After 30 days, we delete or anonymize your account and contact data, except as required by legal, tax, or regulatory obligations (typically up to 7 years for financial records)

Usage logs and aggregated analytics may be retained for longer periods in anonymized form.

Records we retain even after deletion (minimized, no readable contact details):

  • Opt-out / suppression records. When someone unsubscribes from email or texts STOP to SMS, we keep a one-way hashed record of that opt-out so we continue to honor it — including if the contact is later re-added or the account is re-created. This is required to comply with anti-spam and messaging laws (e.g., CAN-SPAM, TCPA). We store only a cryptographic hash of the email/phone, not the value itself.
  • Anti-abuse records. To prevent repeated free-trial abuse, we keep a hashed record indicating that an account identity has previously used a free trial. We store only a hash of the email, not the value itself.

6. Your Privacy Rights

Depending on where you are located, you may have the following rights:

California Residents (CCPA/CPRA)

As a California resident, you have the right to:

  • Know what personal information we collect, use, share, or sell
  • Delete personal information we hold about you (subject to exceptions)
  • Correct inaccurate personal information
  • Opt out of the sale or sharing of personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@reputeloop.com. We will respond within 45 days.

European / UK Residents (GDPR/UK GDPR)

If you are in the European Economic Area or United Kingdom, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate or incomplete data
  • Erase your data ("right to be forgotten") in certain circumstances
  • Restrict processing in certain circumstances
  • Data portability — receive your data in a structured, machine-readable format
  • Object to processing based on legitimate interests
  • Withdraw consent at any time where processing is based on consent
  • Lodge a complaint with your local supervisory authority

Our lawful basis for processing business user data is primarily contract performance. For marketing communications, our basis is legitimate interest or consent, as applicable.

To exercise your rights, contact privacy@reputeloop.com. We will respond within 30 days.

All Users

Regardless of location, you can:

  • Update or correct your account information by logging into your account settings
  • Opt out of marketing emails by clicking "Unsubscribe" in any marketing email
  • Request a copy of your data by contacting us

7. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and improve the Service:

TypePurpose
Strictly necessarySession management, authentication, security
FunctionalRemembering preferences, dashboard settings
AnalyticsUnderstanding how the Service is used (aggregated)

You can control cookies through your browser settings. Disabling certain cookies may limit functionality of the Service.

We do not currently use third-party advertising cookies or sell data to advertising networks.

8. Marketing Communications

We may send you marketing emails about new features, plan upgrades, and product news. You can opt out at any time by:

We will continue to send transactional and account-related emails (receipts, security alerts) even if you opt out of marketing.

9. SMS Communications

9.1 SMS Program Description

ReputeLoop enables local businesses to send post-service feedback requests to their own existing customers via SMS. These messages are transactional and informational in nature — they invite a recipient to share their experience following a service interaction. ReputeLoop sends these messages as a technology platform acting on behalf of the business; the business is the sender and is responsible for obtaining appropriate consent from its customers before uploading their contact information to ReputeLoop.

9.2 How Opt-In Consent Is Obtained

Opt-in consent is obtained by the business at the point of service, prior to any message being sent through ReputeLoop. Examples of how businesses obtain consent include:

  • Collecting a phone number during appointment intake or reservation
  • Capturing a phone number during a service call, purchase, or loyalty program signup
  • Any other circumstance where the customer provides their number in the context of an existing business relationship

Before sending messages, the ReputeLoop platform requires the business owner to confirm that all contacts have an existing relationship with their business and have agreed to receive SMS communications. Business users are solely responsible for ensuring they have valid consent to contact each individual.

9.3 Types of SMS Messages Sent

SMS messages sent through ReputeLoop are transactional and include:

  • Post-service feedback and review request messages
  • Follow-up reminder messages for contacts who have not yet responded
  • Opt-in confirmation messages (when a contact texts START to re-subscribe)

ReputeLoop does not send unsolicited marketing or promotional SMS messages to end-user contacts.

9.4 SMS Data and Sharing

We will not share or sell your mobile information with third parties for promotional or marketing purposes. Mobile opt-in and consent information will not be shared with any third parties for marketing or promotional purposes.

SMS-related data (phone numbers, opt-in status, opt-out status, message delivery status) is used solely to deliver messages on behalf of the business, maintain suppression lists, and provide delivery reporting to the business user. This data is not sold, rented, or shared with any unaffiliated third party for their own marketing use.

9.5 Message Frequency and Costs

Message frequency varies by business and depends on how frequently a business's customers are contacted. Standard message and data rates may apply depending on your mobile carrier plan.

9.6 SMS Delivery; Carrier and Device Limitations

ReputeLoop transmits SMS messages through Telnyx, Inc., which routes them through mobile network operators. ReputeLoop does not control, and is not responsible for, message delivery once a message has been submitted to Telnyx. Delivery may be affected by: (i) wireless carrier spam filtering and blocking; (ii) on-device spam classification by mobile operating system vendors and messaging applications, including Google Messages, Apple iOS, Samsung Messages, and similar systems; (iii) recipient device settings and configuration; and (iv) network outages or congestion. Delivery status reports shown in the platform are carrier-supplied and may not accurately reflect actual receipt by the end-recipient. ReputeLoop does not guarantee SMS delivery and is not liable for messages that are filtered, blocked, or otherwise not received due to factors outside its control.

9.7 How to Opt Out of SMS

To stop receiving SMS messages sent through ReputeLoop, reply STOP to any message. You will receive one final confirmation message and no further messages will be sent to your number. Your opt-out is permanent and applied immediately across the platform.

To re-subscribe, reply START to the number from which you previously received messages.

For help, reply HELP or contact the business that sent you the message directly. You may also reach ReputeLoop support at support@reputeloop.com.

10. Security

We implement industry-standard security measures to protect your information, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Access controls limiting employee access to data on a need-to-know basis
  • Regular security monitoring and vulnerability management

Email and SMS messages are encrypted in transit between your browser, our infrastructure, and our messaging providers. However, the public email and SMS networks are not end-to-end encrypted, and we cannot guarantee the security of a message once it leaves our infrastructure for a recipient's mail server, carrier, or device. As described in our Terms of Service, you should not include sensitive personal, financial, health, or legal information in review request or survey messages.

No system is completely secure. If you suspect unauthorized access to your account, contact us immediately at support@reputeloop.com. In the event of a data breach that requires notification under applicable law, we will notify affected users as required.

11. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected information from a minor, contact us at privacy@reputeloop.com and we will delete it promptly.

12. International Data Transfers

ReputeLoop is headquartered in the United States. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S., where data protection laws may differ from those in your country.

For users in the European Economic Area, we rely on appropriate safeguards for international transfers, including Standard Contractual Clauses where required.

13. Third-Party Links and Services

The Service may contain links to third-party websites or services (e.g., Google review pages). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies before providing them with any information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or a prominent notice within the Service at least 30 days before the change takes effect. The "Last Updated" date at the top of this Policy reflects the most recent revision.

Your continued use of the Service after the effective date of any changes constitutes acceptance of the updated Policy.

15. Contact Us

For privacy-related questions, requests, or concerns:

ReputeLoop, Inc. Email: privacy@reputeloop.com General support: support@reputeloop.com Website: https://reputeloop.com

We aim to respond to all privacy inquiries within 5 business days.

This Privacy Policy was last updated on June 14, 2026.