Privacy Policy

Quick Summary (what's most important)

1) Scope & Changes

This Policy covers personal information collected online via the Site, our forms, newsletters, ads we run, and any portals we provide to clients. It does not cover offline collection unless expressly stated.

We may update this Policy by posting a revised version with a new Effective Date. If you disagree, discontinue use.

2) Eligibility & Consent

The Site isn't intended for children under 13. If you believe we collected information from a child under 13, contact us and we will delete it. By using the Site, you consent to this Policy and our cookie/ads practices described here. COPPA information for businesses is available from the FTC.

3) What We Collect & Sources

Information you provide directly, such as:

• Identifiers & contact data (name, email, phone, postal address, company, role).
• Content you submit (messages, forms, uploaded files).
• Billing data processed by our payment provider (e.g., Stripe). We store limited payment metadata and rely on Stripe for card/ACH details.

Information collected automatically (via cookies, pixels, SDKs, logs, and similar):

• Device & network data (IP address, device identifiers, browser/OS, ISP, language, time zone).
• Usage data (pages viewed, referring/exit pages/URLs, actions/events, session duration, error/crash data).
• Approximate location (derived from IP).
• Advertising identifiers/cookie IDs for analytics and cross-context advertising where applicable.

Information from other sources:

• Public sources (press websites, social profiles, public records relevant to ORM projects).
• Service providers & partners (analytics, ad platforms, security, anti-fraud, customer support).
• If you are a client, we may receive Client Materials (logos, images, bios, copy) to perform services.
• We may de-identify or aggregate data and use it for any lawful purpose.

4) How We Use Information

• Operate and secure the Site and services; troubleshoot and improve performance.
• Provide services (e.g., content creation/optimization, monitoring, reporting, publishing on your behalf).
• Communicate about projects, service notices, security alerts, and (if permitted) marketing.
• Process transactions and prevent fraud/abuse.
• Measure & personalize experiences (analytics and, where applicable, cross-context advertising).
• Comply with law and enforce our terms.
• Generative AI: To meet content/volume goals—especially where you haven't supplied sufficient images or text—we may use generative AI tools to draft or expand content based on your approved materials and public sources. We don't knowingly use AI to fabricate claims or impersonate third parties. We avoid inputting non-public sensitive data into third-party models without written authorization (see our Terms).

5) Cookies, Analytics & Online Advertising

• Use your browser/device controls to block/clear cookies.
• Use our site's cookie controls (where available) to manage categories.
• Send recognized opt-out signals like Global Privacy Control (GPC); covered businesses in California must treat GPC as a valid opt-out of sale/share, and other states are adopting similar requirements (e.g., Colorado's Universal Opt-Out Mechanism list, Connecticut, New Jersey). We honor such signals where required.
• Do Not Track (DNT): We currently respond to GPC/universal opt-out signals as described above; we do not respond to older DNT signals where not required by law.

6) SMS/Texting Disclosure (required statement)

7) When We Share Information

We share personal information with:

• Service providers/Processors: hosting, CDN, security, analytics/measurement, email/SMS, customer support, billing (e.g., Stripe), domain/hosting registrars, and vendors assisting with our services.
• Ad/analytics partners: to measure campaigns and, where applicable, deliver cross-context advertising (you can opt-out per §9).
• Affiliates (entities under common control) for operational purposes.
• Business transfers: as part of a merger, acquisition, or asset sale.
• Legal & safety: to comply with laws, lawful requests, or to protect rights, safety, and security.
• With your direction: for example, with publishers when posting content you approve.
• We do not provide mobile/SMS originator data for third-party marketing (see §6).

8) Children

We do not knowingly collect personal information from children under 13. If you're a parent/guardian and believe your child provided information, contact us to delete it.

9) Your Privacy Choices & Rights

A. Marketing communications

You can opt out of marketing emails via the unsubscribe link. Service/transactional messages may still go to you.

B. Cookies & online ads

Use cookie controls, browser settings, and GPC (or other recognized universal opt-out signals) to opt out of "sale/share" and targeted advertising where applicable. We will honor GPC in California and other states that require recognized universal opt-out mechanisms (e.g., Colorado, Connecticut, New Jersey).

C. U.S. state privacy rights

Depending on where you live (e.g., CA, CO, CT, VA, UT, OR, TX, DE, NJ, IA, IN, MT, TN, and others as laws evolve), you may have some or all of the following rights, subject to scope and exceptions in each statute: access, correction, deletion, portability, appeal of a denied request, and opt-out of sale/share, targeted advertising, and certain profiling.

• California (CCPA/CPRA): additional rights include the right to limit use/disclosure of Sensitive Personal Information and opt-out of "sharing" for cross-context advertising. Businesses must honor GPC as a valid opt-out of sale/share.
• Colorado: controllers must recognize a state-maintained Universal Opt-Out Mechanism list (currently recognizing GPC) for sale and targeted advertising opt-outs.
• Connecticut & New Jersey: controllers must honor universal opt-out signals under their state privacy laws (NJ UOOM requirement effective July 15, 2025).
• Texas: Texas residents have new rights under the Texas Data Privacy and Security Act (effective July 1, 2024).

How to exercise rights:

Email contact@reputationpros.com with the subject "Privacy Request" and tell us what you seek (e.g., access, delete, correct, opt-out). We will verify your identity (and authority if you're an agent) before acting. We generally respond within 45 days (extensions permitted by law) and will explain any denials and your appeal options (where applicable).

Nevada residents:

You may opt out of the sale of covered information by emailing contact@reputationpros.com with "Nevada Do Not Sell" in the subject. (We do not sell for money, but this is provided for Nevada SB 220 compliance.)

10) International Users (EEA/UK/Swiss Residents)

Controller/Processor role. We are the controller when we decide how to process Site data. For client projects, we may act as processor/service provider under a separate agreement (DPA available on request).

Legal bases (GDPR/UK GDPR): contract performance, legitimate interests (e.g., security, analytics, business operations), consent (e.g., marketing cookies), and legal obligations.

Transfers: If we transfer personal data to the U.S. or other countries, we use appropriate safeguards (e.g., Standard Contractual Clauses). If we self-certify to the EU-U.S. Data Privacy Framework (and UK/Swiss extensions), our commitment will appear on the official DPF list and we will handle EEA/UK/Swiss personal data consistent with DPF Principles.

To exercise GDPR rights (access, deletion, correction, portability, restriction, objection, and withdrawal of consent), email contact@reputationpros.com with "GDPR Request."

11) Security

We employ reasonable technical and organizational measures designed to safeguard personal information (encryption in transit, access controls, backups, monitoring). No system is 100% secure; please use strong, unique passwords and notify us of any suspected unauthorized access.

12) Data Retention

We keep personal information only as long as necessary for the purposes described here (and as required by law, tax/audit/regulatory, dispute resolution, and security). We may retain de-identified/aggregated data longer.

13) Third-Party Sites & Services

Our Site may link to third-party sites/services. Their privacy practices govern when you interact with them.

14) Financial Incentives (if ever offered)

If we offer a program that provides benefits tied to personal information (e.g., referral credits), we will present the material terms and obtain your opt-in consent; you can opt out at any time. (Not currently offered.)

15) State "Shine the Light" (CA Civ. Code §1798.83)

California residents may request information about our disclosures of certain categories of personal information to third parties for their direct marketing in the prior year. We do not disclose for third-party direct marketing without your consent, but you can still email contact@reputationpros.com with "Shine the Light" in the subject.

16) Your Right to Appeal (where required)

If we deny your state privacy request, you may appeal by replying to our decision email with "Appeal." If still unresolved, you may contact your state Attorney General.

17) Contact Us

18) California "Notice at Collection"

We provide the following summary of categories of personal information collected in the last 12 months, the purposes, and categories of recipients (examples; subject to your choices and the context of your interaction):