ReputeDesk ("we", "us", "our") provides AI-powered review management software for local businesses. This Privacy Policy explains what information we collect, how we use it, and the rights you have over it. This policy applies to https://reputedesk.app and any related services we operate.
We are headquartered in Pakistan and operate globally. By using ReputeDesk, you agree to the practices described in this policy.
Information we collect
We collect the following information when you use ReputeDesk:
Account information: your name, email address, and password (which we store as a one-way bcrypt hash — we never see your actual password).
Business information: the business name, type, and tone preference you set during onboarding.
Review and reply data: the content of reviews you paste into ReputeDesk, the AI-generated reply drafts we produce, your edits to those drafts, and your tracking of which replies you've posted.
Usage data: logs of how you interact with the service (page views, feature usage, error messages), your IP address, and basic browser metadata. We use Google Analytics 4 with IP anonymisation enabled.
Payment information: if you subscribe to a paid plan, our payment processor (currently Lemon Squeezy) collects and stores your billing details. ReputeDesk never sees or stores your full card number.
Communications: the content of any email you send to us, including replies to our system emails.
How we use your information
We use the information we collect to:
Provide the ReputeDesk service — store your account, draft AI replies, deliver weekly reports, and track your usage.
Improve the product — analyse aggregated usage patterns to understand which features are most useful.
Detect and prevent fraud, abuse, or violations of our Terms of Service.
Comply with legal obligations.
We do not sell your personal data. We do not use your review or reply data to train AI models.
Sub-processors we use
ReputeDesk relies on the following third-party services to operate. Each receives only the information needed for their specific function:
Hetzner (Germany) — hosting infrastructure where your account data is stored.
Cloudflare (USA) — DNS, CDN, and bot mitigation.
OpenAI (USA) — receives your review text in order to generate reply drafts. OpenAI's API policy states that data sent via the API is not used to train their models and is deleted within 30 days. See OpenAI's API data policy.
Resend (USA) — sends transactional emails on our behalf.
Lemon Squeezy (USA) — processes payments and manages subscriptions.
Google Analytics (USA) — anonymised website analytics.
Google Business Profile (USA) — when you connect your Google account, we read your reviews and (if you enable it) post replies. We only access data necessary for the service and never share it with other parties.
International data transfers
Your data may be transferred to and processed in countries other than your own, including the European Union, the United States, and Pakistan. Where required, we rely on Standard Contractual Clauses or equivalent legal mechanisms for cross-border transfers.
How long we keep your data
Account data: kept while your account is active and for 90 days after deletion, then permanently removed.
Review and reply data: same as account data.
Anonymised analytics data: kept for up to 26 months in Google Analytics.
Billing records: kept for the duration required by tax law (typically 7 years).
Your rights
Depending on your jurisdiction, you may have the right to:
Access the personal data we hold about you.
Correct inaccurate data.
Delete your data ("right to be forgotten").
Export your data in a portable format.
Object to specific uses of your data.
Withdraw consent for any consent-based processing.
To exercise any of these rights, email us at hello@reputedesk.app. We respond to verified requests within 30 days.
Cookies and tracking
ReputeDesk uses cookies for essential functionality (your login session) and analytics (Google Analytics 4 with IP anonymisation). We do not use advertising or marketing cookies. You can disable cookies in your browser, though doing so will prevent you from logging into the dashboard.
Children's privacy
ReputeDesk is not intended for use by anyone under 18. We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, contact us and we will delete it.
Security
We take reasonable steps to protect your data: encrypted-in-transit (HTTPS everywhere), encrypted-at-rest where supported, bcrypt-hashed passwords, locked-down server access, and regular backups. No system is perfectly secure, however, and we cannot guarantee absolute security.
Changes to this policy
We may update this policy occasionally. Material changes will be communicated by email at least 30 days before they take effect. The current version is always available at https://reputedesk.app/privacy/.