Back to homeLegal
Privacy Policy

How we handle your data

Last updated: June 2026

Important notice
  1. DPDPA Compliant. ReputeFlows complies with India's Digital Personal Data Protection Act, 2023 (DPDPA). Business clients can request a Data Processing Agreement (DPA) for additional contractual protections.
  2. Review management only. ReputeFlows is a review and reputation management platform for hospitality businesses — hotels, restaurants, cafés, salons, and homestays. We do not provide legal, financial, or regulated advice. Customer reviews processed by our system are for the Business client's reputation management purposes only.

ReputeFlows (“we”, “us”) is a software product operated for Indian small businesses to manage customer reviews and reputation. This policy explains what personal information we collect when you use the service, why we collect it, who we share it with, and the choices you have. We aim to keep this readable and complete — if anything is unclear, please email privacy@reputeflows.com.

1. What we collect

We only collect information that helps us run the product. We don't sell, rent, or trade your data — ever.

Information you give us when you sign up

  • Your full name and email address
  • A password (stored only as a one-way bcrypt hash — we cannot read it)
  • Your business name, category, location, and description
  • Optional brand-voice preferences (tone, verbosity, freeform notes)

Information you upload

  • Customer reviews you import (CSV / JSON), including reviewer names and review text
  • Logo and cover images
  • Replies you draft, edit, and approve

Information you authorise from third parties

  • If you connect Google Business Profile, we receive a read-only OAuth access + refresh token and your business location reviews. We never request the write scope and cannot post replies on your behalf.
  • If you subscribe to a paid plan, Razorpay processes the payment. We receive a subscription ID, plan ID, and payment status from Razorpay — we never see your card or UPI details.

Information collected automatically

  • Standard server logs: IP address, user-agent, request timestamps and paths (kept short-term for abuse prevention)
  • Usage counters (e.g. AI replies generated this month) so we can show you your plan usage
  • Audit-trail entries for security-sensitive events (logins, password resets, payment-webhook receipts)

2. How we use it

  • To provide the service. Generate AI-suggested replies, organise your review inbox, send weekly digests, sync Google reviews.
  • To bill you correctly. Track plan, usage limits, and renewal dates.
  • To communicate with you. Email verification, password resets, payment receipts, security alerts, and (only with your consent) the weekly digest.
  • To improve the product. We look at aggregate, de-identified usage patterns. We do not train any AI model on your reviews.
  • To keep things secure. Detect abuse, rate-limit suspicious activity, and investigate incidents.
  • To comply with the law. If we receive a lawful request from an Indian authority, we will respond as required and notify you unless prohibited.

3. Third-party services

We use a small, deliberate set of vendors to run the product. Each is bound by their own privacy terms; the full list and what they receive:

MongoDB Atlas — hosts our database. Receives all data above.
Anthropic (Claude) — processes review text to generate AI replies. Sees the review text, your business name, and your tone settings for the duration of the request.
Per Anthropic's commercial terms and privacy policy, inputs and outputs from API requests are not used to train Anthropic's models. Data is retained for up to 30 days for trust & safety, then deleted. References: Commercial Terms, Data Use FAQ, Privacy Policy.
Google AI (Gemini) — classifies sentiment of incoming reviews and (optionally) drafts vernacular replies. Sees only the review text and the language tag — no personal identifiers like email, phone, or business owner name.
ReputeFlows uses the paid Gemini API tier. Per Google's Gemini API Additional Terms, prompts and responses on the paid tier are not used to train Google's models or for human review. Reference: Gemini API Additional Terms of Service.
Resend — sends transactional email. Receives your email address and the email body.
Razorpay — processes subscription payments. Receives the data you provide on their checkout (card / UPI / netbanking details) directly — we never see this. We only see the resulting subscription status.
Google OAuth + Business Profile API — if you connect Google, we receive read-only access tokens and the reviews on your location.
Cloudflare — sits in front of our domains for DDoS protection. Sees request metadata (IP, headers).
Emergent (hosting) — runs our application servers. Has technical access to all data we store.

We do not use Facebook, Google Analytics, advertising networks, or third-party tracking pixels. We do not train any AI model on your reviews.

3a. Data Processing Agreement (DPA) for hospitality businesses

ReputeFlows is built for hospitality businesses in India — hotels, restaurants, cafés, salons, and homestays. The reviews we process on behalf of our Business clients are ordinary customer-feedback content (rating, free-text feedback, reviewer name, and optional photos). We do not process payment-card data, identity documents, government IDs, or any regulated record categories beyond ordinary review content.

For Business clients whose internal procurement or IT-legal review process requires a formal Data Processing Agreement under India's Digital Personal Data Protection Act, 2023 (DPDPA), one is available on request. Email legal@reputeflows.com with your standard template — or we'll provide ours. Mention your vertical (hotel, restaurant, café, salon, homestay) so we can include any relevant clauses.

Our DPDPA-aligned commitments

  • Lawful basis: We process review data on behalf of the Business client (our principal), with the reviewer's consent obtained through the Business's review collection mechanisms (QR code, link, WhatsApp opt-in, etc.).
  • Purpose limitation: Review data is used solely for review management, reputation analytics, and direct communication initiated by the Business — not for advertising, data resale, or any unrelated purpose.
  • Data minimisation: We do not collect personal data beyond what reviewers voluntarily include in their reviews.
  • Storage limitation: Data is retained per the schedule in “How long we keep data” below, with deletion-on-request available.
  • Security safeguards: Encryption in transit, role-based access controls, audit logging for write operations, and tenant isolation between Business accounts.

Sensitive personal data

Reviews may inadvertently contain sensitive personal data as defined under DPDPA (for example, a guest mentioning a medical condition while describing their stay). Our automated review processing system attempts to detect and flag such content. When detected, the review is flagged in our internal systems and owner alerts sent via third-party channels are generalised — the verbatim sensitive content is not included in the external notification.

Sub-processors

See our public Sub-Processors list for the full inventory. Key processors involved in handling review content are: MongoDB (storage), Anthropic (Claude AI), Google (Gemini AI fallback), Meta (WhatsApp messaging), and Resend (transactional email). Razorpay processes Business payments only and does not handle customer review content.

4. Cookies and similar technologies

We use a small number of cookies, all strictly functional:

auth_token — signed JWT that keeps you logged in. HttpOnly, SameSite=Lax, Secure in production. Expires after 30 days.
impersonation_token — only set when a ReputeFlows superadmin is actively investigating a support issue with your explicit knowledge.
google_oauth_state — CSRF nonce that lasts ~10 minutes during a Google connection round-trip.
beta_access_granted — remembers that you've unlocked beta access (only used during invite-only periods).

No advertising cookies. No analytics cookies. You can clear these at any time from your browser settings; doing so will sign you out.

5. How long we keep data

  • While your account is active — we keep all data needed to operate the service.
  • After you delete your account — we remove your business data within 30 days. Limited audit-log entries (financial transactions, security events) may be retained for up to 7 years to comply with Indian tax and statutory record-keeping laws.
  • Email logs — subject and metadata are kept for 90 days for delivery troubleshooting; full HTML body is purged after 30 days.
  • Webhook receipts — payment-webhook payloads are retained for 12 months for reconciliation.

6. How we protect data

  • Passwords are stored only as bcrypt hashes (12 rounds) — we cannot recover them if forgotten, only reset.
  • All traffic between you and ReputeFlows is encrypted with TLS.
  • Database access is restricted to a small set of engineers via per-user credentials with audit logging.
  • Sensitive operations (password reset, billing changes) require a fresh authentication and are logged.
  • Webhook signatures are HMAC-verified; payment data never touches our servers.
  • If we ever experience a security breach involving your personal data, we will notify you within 72 hours of confirmation as required by DPDPA 2023.

7. Your rights

Under the Digital Personal Data Protection Act 2023, you have the right to:

  • Access — request a copy of the data we hold about you
  • Correction — ask us to fix anything that's wrong
  • Erasure — ask us to delete your data (subject to the retention rules above)
  • Withdraw consent — for anything you previously agreed to
  • Grievance redressal — raise a complaint with our Data Protection contact (below) and, if unsatisfied, with the Data Protection Board of India

To exercise any of these, email privacy@reputeflows.com. We aim to respond within 7 business days.

8. International transfers

Your data is stored in MongoDB clusters operated by our infrastructure provider Emergent. The geographic region of our production cluster is being confirmed as part of our DPDPA compliance documentation. We will update this section with the confirmed region once verified by our infrastructure provider. For current data location enquiries, contact privacy@reputeflows.com.

Some sub-processors (Anthropic, Google AI, Resend, Meta) may process data on servers outside India. We require all sub-processors to meet privacy and security standards equivalent to those required under DPDPA. Where a sub-processor publishes Standard Contractual Clauses (SCCs) or equivalent transfer mechanisms in their public terms, we rely on those. The full list of sub-processors and their published privacy commitments is available at our Sub-Processors page.

9. Children's privacy

ReputeFlows is a B2B product for business owners. We do not knowingly collect data from anyone under 18. If you believe a minor has signed up, please email us and we will delete the account.

10. Changes to this policy

If we materially change how we collect or use data, we will email registered users at least 14 days before the changes take effect. Minor edits (clarifications, typo fixes) will be reflected here with an updated “Last updated” date.

11. Contact us

For any privacy question, complaint, or rights request:

Grievance Officer: Haigreeva Kondury
Designation: Data Protection & Grievance Officer
Email: privacy@reputeflows.com
Location: Bengaluru, Karnataka, India
Operating entity: ReputeFlows (India)
Response window: 7 business days

Under the Digital Personal Data Protection Act 2023, if you are unsatisfied with the Grievance Officer's response, you may escalate to the Data Protection Board of India through the mechanism notified by the Government of India.

Read also: Terms of Service.