Privacy Policy

Your privacy is critical to us. Learn how we protect your data.

Last updated: December 11, 2024

Quick Navigation

→ Information We Collect→ How We Use Your Data→ Data Security→ Data Retention→ Your Rights→ Contact Us

At Reput.io, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Whitelist Intelligence API service. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the service.

Information We Collect

We collect information that you provide directly to us and automatically through your use of our service.

Account Information

  • Email address: Required for account creation and authentication
  • Password: Stored using AWS Cognito with industry-standard encryption
  • Subscription plan: Free, Pro, Team, or Enterprise tier
  • MFA settings: If you enable two-factor authentication

API Usage Data

  • Indicators queried: IP addresses, domains, URLs, and hashes submitted for lookup (temporarily stored for rate limiting and analytics)
  • Request timestamps: Date and time of API calls
  • Usage metrics: Daily and monthly request counts for rate limiting
  • Response data: Lookup results, confidence scores, and risk context

Technical Information

  • IP addresses: Client IP for rate limiting and abuse prevention
  • User agent: Browser or API client information
  • Authentication credentials: API keys (stored as SHA-256 hashes) and session tokens managed by AWS Cognito
  • Log data: CloudWatch logs for debugging and security monitoring

How We Use Your Data

We use the information we collect for the following purposes:

Service Delivery

  • • Process API lookup requests
  • • Enforce rate limits per subscription tier
  • • Provide confidence scoring and risk context
  • • Deliver authentication and authorization

Service Improvement

  • • Analyze usage patterns and trends
  • • Improve confidence scoring algorithms
  • • Optimize API performance
  • • Develop new features and capabilities

Security & Compliance

  • • Detect and prevent abuse
  • • Monitor for security threats
  • • Comply with legal obligations
  • • Enforce Terms of Service

Communication

  • • Send service notifications
  • • Respond to support requests
  • • Provide billing information
  • • Share product updates (opt-in)

Data Security

We implement comprehensive security measures to protect your information.

Infrastructure Security

  • • AWS cloud infrastructure (SOC 2 certified)
  • • Data encrypted at rest (AES-256)
  • • Data encrypted in transit (TLS 1.3)
  • • Regular security audits and penetration testing

Access Controls

  • • AWS Cognito authentication
  • • API key authentication
  • • Optional MFA (TOTP)
  • • Least-privilege IAM policies

Monitoring & Response

  • • 24/7 CloudWatch monitoring
  • • Automated security alerts
  • • Incident response procedures
  • • Regular backup and disaster recovery

Data Isolation

  • • User data isolated per account
  • • No sharing between tenants
  • • Secure API key management
  • • Automatic session expiration

Data Retention

We retain your data only as long as necessary to provide our services.

Data TypeRetention PeriodPurpose
Account informationUntil account deletionAuthentication & service delivery
API usage metrics90 daysRate limiting & billing
Queried indicators1 hour (cached)Performance optimization
CloudWatch logs30 daysDebugging & security monitoring
Billing records7 yearsLegal compliance (tax law)

Your Privacy Rights

You have the following rights regarding your personal data under GDPR and other privacy laws.

Right to Access

Request a copy of all personal data we hold about you. Access your usage data through the dashboard.

Right to Rectification

Update incorrect or incomplete personal information through your account settings page.

Right to Deletion

Request deletion of your account and associated data. Use the "Delete Account" button in settings or contact us.

Right to Data Portability

Request your data in a machine-readable format (JSON) for transfer to another service.

Right to Object

Object to processing of your data for marketing purposes or based on legitimate interests.

Right to Restrict Processing

Request restriction of processing under certain circumstances while we verify or address concerns.

How to Exercise Your Rights

To exercise any of these rights, please:

  • • Visit your account Settings page for self-service options
  • • Email us at privacy@reput.io with your request
  • • Use the "Delete Account" endpoint via API: POST /delete-account

We will respond to your request within 30 days as required by GDPR.

Third-Party Services

We use the following third-party services to operate Reput.io:

Amazon Web Services (AWS)

Infrastructure provider for hosting, storage, and compute. AWS is SOC 2, ISO 27001, and GDPR compliant.

AWS Cognito

Authentication and user management service. Handles password hashing, MFA, and session management.

Vercel

Hosting platform for our web application. Compliant with GDPR and industry standards.

International Data Transfers

Our primary infrastructure is located in the US (us-east-1 - N. Virginia). If you access our service from outside the US, your data may be transferred and processed in the US.

We rely on AWS's Data Processing Addendum (DPA) and Standard Contractual Clauses (SCCs) for international data transfers, ensuring GDPR compliance.

Children's Privacy

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@reput.io.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy on this page with an updated "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on our dashboard

Your continued use of the service after changes constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions about this Privacy Policy, please contact us:

Privacy Inquiries

General Support:

hello@reput.io

Data Protection Officer

For GDPR-related inquiries or to exercise your privacy rights under EU law:

dpo@reput.io

Ready to reduce false positives?

Start using our Whitelist Intelligence API today and focus your security team on real threats.

Try for FreeRead Documentation