Privacy Policy
1. Who we are
Reputito SRL is a company registered in Romania. We operate the Reputito platform, an AI-powered social media comment management service accessible at reputito.com. In this Privacy Policy, “we”, “us” and “our” refer to Reputito SRL.
For any privacy-related questions, contact us at legal@reputito.com.
2. What data we collect
We collect the following categories of personal data:
- Account data: name, email address, company name and billing address provided when you register.
- Payment data: billing details processed by Stripe. We do not store full card numbers.
- Usage data: log files, IP address, browser type, pages visited, features used, timestamps and session duration.
- Social media data: comments, usernames and metadata from the social accounts you connect (Instagram, Facebook, TikTok, YouTube, Google Play, Google My Business). Fetched via official platform APIs under your authorisation.
- Communications: messages you send us by email or through the contact form.
- Cookies & tracking: see the Cookies section below.
3. How we use your data
We use your personal data for the following purposes:
- To provide, operate and improve the Reputito platform.
- To process payments and manage your subscription.
- To send transactional emails (account confirmation, invoices, usage reports).
- To respond to support or sales enquiries.
- To detect and prevent fraud, abuse or security incidents.
- To comply with legal obligations.
- To send product updates or marketing emails where you have given consent or we have a legitimate interest and you have not opted out.
4. Legal basis for processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data on the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the service you subscribed to.
- Legitimate interests (Art. 6(1)(f) GDPR): improving our service, security monitoring, fraud prevention and direct marketing to existing customers.
- Legal obligation (Art. 6(1)(c) GDPR): keeping financial records, responding to lawful requests from authorities.
- Consent (Art. 6(1)(a) GDPR): where we ask for explicit consent, e.g. for optional marketing communications. You may withdraw consent at any time.
5. Data retention
We retain your personal data only for as long as necessary for the purposes described in this policy:
- Account data: for the duration of your subscription and up to 2 years after account closure.
- Payment records: 10 years, as required by Romanian fiscal law.
- Usage logs: up to 12 months.
- Social media data: processed in real time; comment history retained up to 12 months.
- Support communications: up to 3 years.
After the applicable retention period, data is securely deleted or anonymised.
6. Your rights (GDPR)
As a data subject under GDPR, you have the following rights:
- Right of access: request a copy of the personal data we hold about you.
- Right to rectification: request correction of inaccurate or incomplete data.
- Right to erasure: request deletion of your data, subject to legal retention obligations.
- Right to restriction of processing: request that we limit how we use your data.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to object: object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent: withdraw consent at any time without affecting prior processing.
To exercise any of these rights, contact us at legal@reputito.com. We will respond within 30 days. You also have the right to lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) at www.dataprotection.ro.
7. Cookies
We use cookies and similar technologies to operate and improve the platform:
- Strictly necessary: session authentication and security. These cannot be disabled.
- Functional: remembering your preferences and settings.
- Analytics: understanding how users navigate the platform using privacy-respecting analytics that do not sell data.
- Marketing: only with your explicit consent.
You can manage cookie preferences through your browser settings.
8. Security
We implement industry-standard security measures including TLS encryption in transit, encryption at rest, and role-based access controls. We conduct regular security reviews. Access to personal data is restricted to authorised personnel only.
9. Data breaches
In the event of a personal data breach, we will notify the Romanian Data Protection Authority (ANSPDCP) within 72 hours of becoming aware of it. If the breach poses a high risk to your rights and freedoms, we will also notify you directly without undue delay.
10. Children’s data
Reputito is not intended for use by persons under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at legal@reputito.com and we will delete it promptly.
11. Third-party sub-processors
We use the following third-party sub-processors to deliver our service:
- Stripe: payment processing. stripe.com/privacy
- Meta (Instagram, Facebook): official API access for connected social accounts. Data collected via Meta APIs (including comments, usernames and post metadata) is used solely to provide the Reputito service to the account owner. This data is not shared with third parties, not used for advertising purposes, and not stored beyond the retention periods described in this policy.
- TikTok: official API access for TikTok comment management. Data collected via TikTok APIs is used solely to provide the Reputito service and is not shared with third parties or used for advertising purposes.
- Google (YouTube, Google Play, Google My Business): official API access. Use of data obtained through Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Data is not used for advertising, profiling or any purpose beyond providing the Reputito service.
- Google Gemini: AI processing for comment analysis and reply generation. Prompts include social media comments only, never your personal billing data.
- Vercel: cloud hosting infrastructure based in the European Economic Area.
- Supabase: database hosting within the EEA.
We do not sell your personal data to any third party.
12. Data transfers
We store and process data primarily within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g. to AI API providers), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
13. Account deletion
When you delete your account, we delete your personal data within 30 days, subject to legal retention obligations (e.g. payment records retained for 10 years as required by law). Social media data and comment history are deleted immediately upon account closure.
14. Third-party platform API compliance
Reputito accesses third-party social media platforms (Meta, TikTok, Google) exclusively through their official APIs and in accordance with each platform’s developer policies and terms of service. Specifically:
Meta (Instagram and Facebook): We access only the permissions necessary to display and reply to comments and direct messages on pages and accounts that you own and have authorised. We do not access, store or process data from accounts you do not own. Data accessed via Meta APIs is used exclusively to provide the features you have enabled and is never used for advertising, profiling or sold to third parties.
TikTok: We access TikTok comment data only for accounts you have explicitly connected and authorised. Data is used solely to provide comment management features within Reputito.
Google (YouTube, Google Play, Google My Business): We access Google API data only for accounts you have connected. Use of data obtained through Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements.
15. Contact us
For any questions about this Privacy Policy or to exercise your rights, contact us at:
Reputito SRL
Email: legal@reputito.com
Romania
We aim to respond to all privacy enquiries within 30 calendar days.
Ready to stop missing comments?
Join hundreds of brands managing their community with Reputito.
Get Started