Privacy Policy

1. Information We Collect

Information You Provide Directly

We collect information you voluntarily provide when you sign up, create your reputation profile, or interact with our Service:

• Account Information: Email address, name, phone number (optional), and password
• Profile Information: Professional title, bio, location, website links, and avatar image
• Testimonials & Reviews: Client testimonials, ratings, and feedback you add to your profile
• Payment Information: Billing address and payment details (processed securely through Stripe; we never store full card numbers)
• Communication Data: Messages, support requests, and feedback you send us

Information From Third-Party Platforms

When you authorize Reputation Vault to connect to external platforms (Upwork, Fiverr, Google, etc.), we import:

• Reviews and ratings from those platforms
• Your public profile information from those platforms
• Metadata about those reviews (dates, reviewer information where publicly available)

You can disconnect these integrations anytime from your account settings, which stops us from importing new data (existing data remains in your profile unless you manually delete it).

Payment Verification Data

To prevent fraud and process payments, we collect and verify:

• Billing address and postal code
• Last 4 digits of your card (stored securely by Stripe, not by us)
• Payment transaction history

We do not store, process, or have access to full credit card numbers. All payment data is handled securely by Stripe and subject to their security standards.

Usage & Analytics Data

We collect information about how you interact with our Service:

• Profile Views: Aggregated data about how many people viewed your profile (hashed IP addresses only, not stored in identifiable form)
• Feature Usage: Which features you use, how often, and for how long
• Device & Browser Information: Browser type, operating system, device type, and approximate location (country/region level)
• Pages Visited: Which pages and sections of our platform you access

This data helps us understand how our platform is used, identify bugs, improve features, and detect suspicious activity.

2. How We Use Your Information

Service Delivery

We use your information to:

• Create and maintain your account
• Build and display your reputation profile
• Aggregate and verify testimonials and reviews
• Compute trust scores based on your reputation data
• Generate embeddable profile widgets
• Provide analytics about your profile performance
• Process payments and subscriptions

Communication

We use your email address to:

• Account Management: Send password resets, account confirmations, and security alerts
• Testimonial Delivery: Send testimonial requests on your behalf to clients who provide you testimonials
• Billing: Send invoices, receipts, and payment confirmations
• Marketing (Opt-In Only): Send periodic updates about new features, tips, and newsletters—only if you've opted in
• Support: Respond to your inquiries and provide customer support

You can manage your email preferences and opt out of marketing communications anytime in your account settings.

Analytics & Improvement

We analyze anonymized usage data to:

• Understand how users interact with our platform
• Identify bugs and performance issues
• Design better features and user experiences
• Detect and prevent fraud or abuse

Legal & Safety

We may use your information to:

• Comply with legal obligations and court orders
• Enforce our Terms of Service
• Protect against fraud, security threats, or abuse
• Respond to legal claims or disputes

3. Information Sharing & Third-Party Services

We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes. Period.

Third-Party Service Providers

We partner with trusted service providers who process data on our behalf under strict confidentiality agreements:

Legal Disclosures

We may disclose your information if required by law, such as in response to a valid court order, subpoena, or regulatory request. We will attempt to notify you of such requests unless legally prohibited from doing so.

Business Transfers

If Reputation Vault is acquired by another company, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your information.

4. Data Storage & Security

Where Your Data Is Stored

Your personal information is stored on secure servers hosted by Supabase on Amazon Web Services (AWS) infrastructure. We use industry-standard encryption and security protocols to protect your data both in transit (HTTPS/TLS) and at rest.

Security Measures

We implement multiple layers of security to protect your information:

• Encryption: All data transmitted between your device and our servers is encrypted using HTTPS/TLS
• Password Security: Passwords are hashed and salted using industry-standard algorithms
• Access Control: Only authorized team members can access user data, and access is logged and monitored
• Firewalls & DDoS Protection: Our infrastructure includes firewalls and protection against common attacks
• Regular Audits: We conduct regular security audits and penetration testing
• Backups: We maintain secure backups of your data to prevent loss in case of emergencies

Limitations

While we take security seriously, no system is 100% secure. We cannot guarantee absolute security of your information. You are responsible for keeping your password confidential and for any activities that occur under your account.

Data Retention

We retain your personal information as long as your account is active or as needed to provide our services. After you delete your account, we retain certain data in secure backups for up to 90 days for legal and operational purposes, then permanently delete it. You can request earlier deletion of specific data.

5. Your Rights & Choices

Access Your Data

You can access, review, and download all of your personal information anytime by logging into your account. Your reputation profile, testimonials, analytics, and account details are always available to you.

Export Your Data

You can export all your data anytime in a standard, machine-readable format (JSON, CSV). This includes:

• Your profile information
• All testimonials and reviews
• Analytics data
• Account history

You can export your data with one click from your account settings. This ensures your reputation data is portable and not locked into our platform.

Update Your Information

You can update your email address, profile information, avatar, and other details anytime from your account settings.

Delete Your Account

You can permanently delete your account and all associated data anytime from your account settings. Once you initiate deletion:

• Your account will be deactivated immediately
• Your public profile will be removed from our platform
• Your testimonials and reviews will be deleted
• You retain access to download your data for 30 days after deletion
• After 30 days, all data is permanently deleted from active systems
• Backup copies are retained for up to 90 days, then permanently deleted

Email Preferences

You can manage your email preferences in your account settings:

• Marketing Emails: Opt out of promotional emails and newsletters anytime
• Transactional Emails: You cannot opt out of account and billing notifications (password resets, invoices, etc.) as these are necessary for account management

You can also use the "unsubscribe" link in any marketing email to opt out immediately.

Third-Party Integrations

You can disconnect third-party platform integrations (Upwork, Fiverr, etc.) anytime from your account settings. This stops us from importing new data, but existing data remains in your profile unless you delete it manually.

Your Privacy Rights by Location

Depending on where you live, you may have additional privacy rights:

• GDPR (EU/EEA): Right to access, rectification, erasure, restriction of processing, data portability, and to object to processing
• CCPA (California): Right to know, delete, opt-out of sale, and non-discrimination for exercising your rights
• LGPD (Brazil): Right to access, correct, delete, and port your data

To exercise any of these rights, please contact us at privacy@reputationvault.org with a description of your request and proof of identity. We will respond within the timeframe required by applicable law (typically 30 days).

6. Public Profiles & Testimonials

What's Public

Your reputation profile is public by default. This includes:

• Your name and professional title
• Your bio and avatar
• Your trust score
• Testimonials and reviews you choose to display
• Aggregate statistics (number of clients, total projects, etc.)

Your public profile is accessible to anyone on the internet and can be found through search engines. Think of it like a public portfolio.

Control What's Displayed

You have full control over which testimonials appear on your public profile. You can:

• Choose which testimonials to display
• Hide or archive testimonials you don't want to showcase
• Reorder testimonials to highlight the most important ones
• Delete testimonials anytime

Testimonials from Clients

When clients submit testimonials through Reputation Vault:

• They provide their name, contact info, and written testimonial
• We verify their identity through email verification
• Only verified testimonials appear on your profile
• Clients can see basic information (name, company) on the published testimonial
• Client contact information is never made public unless they choose to share it

Your Privacy Within Public Profiles

Even though your profile is public:

• Your email address is never displayed publicly
• Your private account data remains private
• Your password is never shared
• Your billing information is never shared

7. Cookies & Tracking

What Cookies We Use

We use cookies only for essential purposes:

• Session Cookies: Keep you logged in while you use the platform. These expire when you close your browser or log out.
• Preference Cookies: Remember your settings and preferences

What We Don't Use

We do NOT use advertising cookies, tracking pixels, or third-party cookies for marketing or behavioral tracking.

Analytics

We use analytics tools (PostHog or Plausible) to understand how users interact with our platform. These tools collect anonymized data:

• Pages visited and time spent on each page
• Features used and button clicks
• Approximate location (country/region level only)
• Device type and browser (not specific device ID)

IP addresses are hashed and not stored in a way that could personally identify you. These analytics tools do not track you across other websites.

Browser Controls

You can control cookies through your browser settings. You can:

• Block all cookies (though this may break some features)
• Delete cookies after each session
• Enable "Do Not Track" in your browser

Note: Blocking essential session cookies may prevent you from logging in properly.

8. Children's Privacy

Reputation Vault is not intended for children under 16 years old. We do not knowingly collect personal information from anyone under 16. If we become aware that we have collected information from a child under 16, we will delete that information immediately and notify the parent or guardian.

If you believe we have collected information from a child under 16, please contact us immediately at privacy@reputationvault.org.

9. International Data Transfers

Reputation Vault is based in the United States. Your data is processed and stored on servers located in the United States. If you are located outside the United States (particularly in the EU, EEA, or other jurisdictions with strong data protection laws), your data will be transferred to and processed in the United States.

By using Reputation Vault, you consent to the transfer of your information to the United States. We implement appropriate safeguards to protect your data during these transfers, including:

• Standard contractual clauses approved by the European Commission
• Encryption of data in transit
• Compliance with applicable data protection laws

If you do not agree to international data transfers, please do not use Reputation Vault.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date above.

If a change significantly impacts how we handle your information, we will attempt to notify you by email or by displaying a prominent notice on our platform. Your continued use of Reputation Vault after changes become effective constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this policy periodically to stay informed of how we protect your information.

11. Contact Us

If you have questions about this Privacy Policy, our privacy practices, or how we handle your information, please reach out:

Your Privacy Rights Summary