Register Now
Register Now

Privacy Policy for Repufiy

Last Updated: November 10, 2025

1. Introduction

This Privacy Policy explains how Repufiy, a product of DigitaliX, processes personal data.
Repufiy is an AI-powered software platform that automatically analyzes, structures, manages, and responds to Google reviews. For this purpose, Repufiy integrates with your Google account via the Google Business Profile API.

We process your data exclusively:

  • in accordance with the EU General Data Protection Regulation (GDPR),

  • in accordance with the Google API Services User Data Policy,

  • in accordance with the Limited Use requirements,

  • and in accordance with all other applicable data protection laws.

By using repufiy.com, you agree to this policy.

2. Responsible Provider

Repufiy – a product of DigitaliX
Wetzlarerstraße 122
Germany

Email: support@repufiy.com
Website: https://repufiy.com

3. What Data We Process (Comprehensive Overview)

Repufiy processes various categories of personal data depending on how the platform is used and the Google API integration.

3.1 Google OAuth & Account Data

The following data is collected when you connect your Google account:

  • Google email address (for identification and account management)

  • OAuth access token

  • OAuth refresh token

  • Google Business Profile company ID

  • Location IDs of all locations connected to Repufiy

  • Permissions (“scopes”) granted by the user

Important:
Repufiy does NOT have access to:

  • Gmail

  • Contacts

  • Calendar

  • Google Drive

  • Private Google account content

  • Internal company data outside the Google Business Profile API

3.2 Data from Google Business Profile (via API)

Repufiy accesses only reviews and location data required for functionality.

We process:

  • Review text

  • Star rating

  • Review date

  • Location reference

  • Internal Google review ID (not stored)

✔ Reviewer name, profile picture, and other personal data of reviewers are not permanently stored.
✔ Repufiy does not store review history.
✔ Reviews are only loaded temporarily for display and processing.

3.3 AI Processing Data (OpenAI)

If you use the AI response feature, the following data is processed:

  • Review text

  • Review language

  • Desired tone/style (e.g., polite, professional, casual)

  • Additional instructions stored in the system

  • Location context (business name, location reference)

✔ Only the cleaned review text is sent to OpenAI.
✔ No personally identifiable Google data is shared.
✔ No tokens or Google account data are transmitted.

3.4 Usage and Technical Data

Repufiy automatically collects:

  • IP address

  • Browser type, version & device information

  • Operating system and language settings

  • Dashboard usage behavior

  • Logins, failed login attempts, logout events

  • Timestamps of relevant actions

  • API interactions (automated & manual)

This data is required for:

  • Security

  • Abuse detection

  • Error diagnostics

  • System stability

3.5 Communication & Support Data

If you contact us:

  • Name (if provided)

  • Email address

  • Content of your inquiry

  • Attachments

  • Communication history

3.6 Payment and Contract Data (if paid plans are activated)

  • Billing address

  • Payment information (via Stripe / PayPal)

  • Plan details

  • Booking & renewal data

4. Purposes of Processing

Repufiy processes your data exclusively for the following purposes:

4.1 Providing the Platform

  • Displaying your Google reviews

  • Synchronization between Google API and dashboard

  • Location management

  • User management

4.2 AI-Based Review Responses

Repufiy uses AI:

  • To analyze review texts

  • To determine tone

  • To generate appropriate response suggestions

  • For multilingual responses

  • To create personalized business replies

4.3 Automation of Review Responses

Automated processes include:

  • Daily check for new reviews

  • Automatic response generation

  • Optional automatic publication

  • Storage of your brand guidelines (tone, phrasing)

4.4 System Improvement & Development

We use anonymized or pseudonymized data for:

  • Optimizing response quality

  • Internal model training (not external AI training)

  • Feature expansion

  • Error analysis

4.5 Security & Fraud Prevention

Repufiy uses:

  • IP analysis

  • Unusual access monitoring

  • Authentication logs

  • Technical error logs

  • API limit monitoring

5. Legal Bases for Processing

We process data on the following legal bases:

Art. 6(1)(b) GDPR – Contract performance
For:

  • Login

  • OAuth connection

  • Dashboard usage

  • Response generation

  • Automation

Art. 6(1)(a) GDPR – Consent
For:

  • OAuth access

  • AI response generation

Art. 6(1)(f) GDPR – Legitimate interest
For:

  • Security

  • Stable service provision

  • Abuse detection

  • Analytics

Art. 6(1)(c) GDPR – Legal obligation
For:

  • Tax retention obligations

  • Official requests

6. Use of Google APIs / Limited Use – Fully Compliant

Repufiy strictly adheres to the Limited Use Policy:

✔ Used only for visible, user-oriented functions
✔ No sale or data sharing
✔ No advertising use
✔ No profiling
✔ No access to Gmail/Drive/Contacts
✔ No human access without explicit consent

You can revoke access at any time:
https://myaccount.google.com/permissions

7. Use of OpenAI

OpenAI receives exclusively:

  • Review text

  • Desired response parameters

OpenAI does not receive:

  • Google data

  • Tokens

  • Location IDs

  • Email addresses

  • Any other personal data

Transmission is encrypted.

8. Hosting & Data Processing Agreements

Repufiy uses the following processors:

Cloud Hosting (Hostinger)

  • Server provisioning

  • Infrastructure

  • Security

Email Provider

  • Sending support emails

  • Password reset emails

Monitoring Service Providers

  • Performance analytics

  • Error diagnostics

Data processing agreements pursuant to Art. 28 GDPR exist with all service providers.

9. International Data Transfers

  • Use of EU Standard Contractual Clauses (SCCs)

  • Additional technical safeguards

  • Data minimization

10. Storage Duration & Deletion

Data is stored only as long as:

  • Your account remains active, or

  • We are legally obligated to retain it

After account deletion:

✔ Tokens → immediately deleted
✔ Google IDs → deleted
✔ Email → anonymized
✔ Logs → deleted after technical retention periods

You may request immediate deletion at any time:
support@repufiy.com

11. Security (Detailed Technical and Organizational Measures)

Repufiy implements the following measures:

Technical Measures:

  • TLS 1.3 / HTTPS

  • AES-256 database encryption

  • Password hashing (bcrypt/argon2)

  • Firewalls & DDoS protection

  • Penetration testing

  • IP rate limiting

  • Role-based access control

  • Fail2Ban / login protection

  • Automatic security updates

Organizational Measures:

  • Data protection training

  • Internal authorization concept

  • Logging of all admin access

  • Controlled deletion procedures

  • Documentation of processing activities

12. Cookies

Repufiy uses exclusively:

  • Session cookies

  • CSRF protection cookies

  • Technical functional cookies

With user consent:

  • Advertising cookies

  • Tracking cookies

  • Third-party marketing cookies

13. Your Rights

You have the right to:

  • Access

  • Rectification

  • Erasure

  • Restriction of processing

  • Data portability

  • Objection

  • Withdrawal of consent

14. Changes to This Policy

We reserve the right to amend this policy if:

  • Features are expanded

  • Laws change

  • Google API policies are modified

15. Contact

Repufiy – DigitaliX
Wetzlarerstraße 122
Germany

support@repufiy.com