Privacy Policy

Last updated: 24 May 2026

1. Introduction

Reputify ("we", "our", or "us") is a customer intelligence platform operated by Joyful Designs. This Privacy Policy describes how we collect, use, store, and protect personal information when you use our Software-as-a-Service (SaaS) platform. By using Reputify, you agree to the practices described in this policy.

We are committed to protecting privacy and handling data in accordance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (India) ("DPDP Act") where it applies.

2. Data Roles and the DPDP Act (India)

Reputify serves two related groups. Your role—and ours—depends on which group you belong to:

Reputify account holders (you and your team)

When you register for and use Reputify, Joyful Designs acts as the Data Fiduciary under the DPDP Act (and as a data controller under other applicable laws) for your account, billing, business workspace, and related personal data needed to operate the SaaS product.

Your customers (end recipients of review requests)

When you send review requests or related messages through Reputify (by email, WhatsApp, or other channels you enable), you are the Data Fiduciary / data controller for those individuals' contact details and messaging decisions. Reputify acts as a Data Processor on your instructions—we send, schedule, and track messages you initiate, maintain opt-out lists, and store compliance metadata (such as consent attestation records) only to provide the service you configure.

We do not use end-customer contact data for our own marketing. We process it solely to deliver features you enable, honour opt-outs, meet legal obligations, and support your lawful use of the platform. Your obligations as Data Fiduciary—including obtaining lawful consent before sends—are set out in our Terms of Service (Section 7).

Where the DPDP Act applies, you are responsible for providing appropriate notices to your customers and responding to their rights requests as Data Fiduciary. We will assist you as Data Processor where required by law and our agreement with you. See our Messaging Data Processing Addendum (DPA) for processor terms and a customer-facing retention summary.

3. Information We Collect

We collect information in the following ways:

Information you provide directly

  • Account information: Name, email address, password (hashed), and profile picture when you register or update your profile
  • Business information: Business name, locations, addresses, contact details, and business hours
  • Payment information: Billing details processed by our payment partner (e.g. Razorpay). We do not store full card numbers on our servers
  • Communications: Messages you send to us (e.g., support requests, feedback)

End-customer data you provide (review requests and messaging)

When you use Review Generation, Campaigns, or related features, you may provide data about your customers. We process this on your instructions as Data Processor:

  • Contact details: Customer phone numbers (E.164 format) and/or email addresses, and optional customer names used in message templates
  • Send metadata: Channel (email or WhatsApp), template selection, schedule, send/delivery/read status, and related failure or retry information
  • Consent attestation: Records that you confirmed lawful consent (or another valid legal basis) before a send, including the basis recorded and timestamp
  • Opt-out and do-not-contact data: Email addresses or phone numbers on your opt-out list, including entries added via unsubscribe links, manual exclusion, or customer STOP/unsubscribe requests where processed in the product
  • Provider message identifiers: WhatsApp or email provider message IDs and webhook delivery metadata needed to update send status

Information from integrations

  • Google Business Profile: When you connect your Google Business Profile, we receive review data, ratings, business information, and related content necessary to provide our review aggregation, analytics, and response management features
  • Messaging integrations: Where you enable WhatsApp Business or similar channels, we process configuration, tokens, template status, and operational metadata subject to the relevant provider's terms and your settings
  • Additional platforms may be integrated over time; we will update this policy accordingly

Information collected automatically

  • Usage data: Logs of your activity in the product, feature usage, session duration, and performance metrics
  • Device information: Browser type, IP address, and device identifiers for security, fraud prevention, and service improvement
  • Public website visits: When you browse our public marketing and legal pages, we may process technical data such as IP address, browser type, requested pages or endpoints, referrer, and related metadata for security and aggregated traffic understanding. Whether such events are written and retained can be controlled via server configuration (for example an environment-controlled setting managed by the operator)
  • Cookies and similar technologies: As described in Section 10

4. How We Use Your Information

We use the information we collect to:

  • Provide the service: Operate Reputify, sync reviews from Google Business Profile, display analytics, and enable features such as response management, review requests, and notifications
  • Process review requests on your behalf: Send and schedule messages, check opt-out lists, record consent attestations, and update delivery status when you use messaging features
  • Manage your account: Authenticate users, manage subscriptions, and provide customer support
  • Improve our service: Analyze usage patterns, fix bugs, and develop new features
  • Communicate with you: Send transactional emails (e.g., password reset, billing), product updates, and important notifications (e.g., new review alerts)
  • Security and compliance: Detect fraud, enforce our Terms of Service, and comply with legal obligations

5. Data Sharing and Third Parties

We do not sell your personal information or end-customer contact data. We may share data with:

  • Service providers: Hosting, payment processing (including card payments via Razorpay or successor processors), email delivery, and infrastructure providers who assist us under appropriate agreements
  • Google: When you connect Google Business Profile, we use Google APIs in accordance with the Google API Services User Data Policy
  • Meta / WhatsApp: If you use WhatsApp or related Meta Business features through Reputify, message and configuration data is processed in line with Meta's terms and your configuration
  • Legal requirements: When required by law, court order, or to protect our rights, safety, or property

If you add team members to your workspace, they may have access to business and review data according to their role (Owner, Manager, Member).

6. Data Retention

We retain data only as long as needed for the purposes described in this policy. Retention periods vary by category:

  • Account and workspace data: Retained while your account is active. After cancellation or termination, we may retain data for a limited period to comply with legal obligations, resolve disputes, enforce agreements, and complete backups
  • Google review and Business Profile data: Retained while your Google connection is enabled and your account is active, so we can sync, display, and help you respond to reviews
  • Review request and messaging data: Retained while your account is active to operate sends, retries, scheduled messages, delivery tracking, and compliance records (including consent attestation timestamps)
  • Opt-out and do-not-contact lists: Retained while your account is active—and for a limited period after closure where needed—so opted-out individuals are not contacted again through Reputify
  • Trial workspaces: If your trial expires without a paid subscription, we typically retain workspace data for approximately thirty (30) days (or as communicated in product emails) so you can subscribe and restore access; after that window, data may be permanently deleted
  • Security and operational logs: Retained for shorter periods appropriate to security monitoring, troubleshooting, and legal requirements

You may request deletion of your account data; we will process such requests subject to legal, contractual, and operational requirements (including retention needed to honour opt-outs or resolve disputes). End-customers who received review requests from your business should generally contact you first as Data Fiduciary; we will support lawful processor requests where applicable. For a detailed retention summary for end-customer messaging data, see the Messaging Data Processing Addendum (DPA).

7. Data Security

We implement appropriate technical and organizational measures to protect personal information, including:

  • Encryption of data in transit (TLS/SSL) and at rest where applicable
  • Secure password hashing and session management
  • Access controls and authentication
  • Regular security assessments and monitoring

No method of transmission over the internet is 100% secure. We encourage you to use strong passwords and keep your credentials confidential.

8. Your Rights

Depending on your location, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Object or restrict: Object to certain processing or request restriction of processing
  • Withdraw consent: Where processing is based on consent, withdraw it at any time
  • Grievance (India): Under the DPDP Act, lodge a grievance with us; if unresolved, you may have the right to approach the Data Protection Board of India as provided by law

Reputify account holders: To exercise these rights regarding your account, contact us using the details in Section 13.

End-customers of our business customers: If you received a review request or message sent through Reputify on behalf of a business, that business is usually your Data Fiduciary. Please contact that business first regarding access, correction, deletion, or opt-out. We will assist the business as Data Processor where required.

You may also have the right to lodge a complaint with a supervisory or data protection authority in your jurisdiction.

9. International Data Transfers

Reputify may store and process data in servers located in different countries. When we transfer data across borders, we take steps to ensure appropriate safeguards are in place, such as standard contractual clauses or other mechanisms recognized by applicable law.

11. Children's Privacy

Reputify is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date at the top of this page. Your continued use of the service after such changes constitutes acceptance of the revised policy where permitted by law. We encourage you to review this policy periodically.

13. Contact Us

For questions about this Privacy Policy, to exercise your privacy rights, or to lodge a grievance under the DPDP Act, please contact us:

Reputify (product by Joyful Designs)
Product website: Reputify — home
Email: support@reputify.app
Instagram: @reputify.app
Joyful Designs: thejoyfuldesigns.com