Privacy Policy

RepDash ("we", "us", "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Information You Provide

When you create an account or use our Service, we collect:

• Account Information: Email address, password (encrypted)
• Payment Information: Processed through Stripe (we do NOT store complete credit card numbers)
• Profile Data: Subscription tier, account preferences
• Communications: Support messages, feedback, inquiries

1.2 Information Collected Automatically

When you use RepDash, we automatically collect:

• Usage Data: Features accessed, items favorited, sellers followed, searches performed
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Tracking: Session cookies, authentication tokens, analytics data
• Log Data: Access times, pages viewed, errors encountered

1.3 Third-Party Data

We aggregate publicly available data from eBay. This data does NOT contain personal information about eBay users - only product listings, prices, and seller usernames (which are public).

2. How We Use Your Information

We use collected information to:

• Provide the Service: Enable account access, deliver features, store your preferences
• Process Payments: Handle billing, subscriptions, and refund requests
• Improve the Service: Analyze usage patterns, fix bugs, develop new features
• Prevent Fraud: Detect trial abuse, prevent multiple accounts, ensure security
• Communicate: Send transactional emails (receipts, password resets, important updates)
• Enforce Terms: Investigate violations, protect our rights
• Legal Compliance: Comply with applicable laws and regulations

3. How We Share Your Information

We do NOT sell your personal information. We only share data with:

3.1 Service Providers

• Stripe: Payment processing and subscription management
• Resend: Transactional email delivery
• Railway: Backend hosting and database services
• Vercel: Frontend hosting and CDN

All providers are contractually obligated to protect your data and use it only for specified purposes.

3.2 Legal Requirements

We may disclose information if required by law, subpoena, court order, or to:

• Comply with legal obligations
• Protect our rights and property
• Prevent fraud or illegal activity
• Ensure user safety

3.3 Business Transfers

If RepDash is acquired or merged, your information may be transferred to the new owner.

4. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: All data transmitted over HTTPS/TLS 1.3
• Password Security: Passwords hashed using bcrypt (never stored in plain text)
• Access Controls: Limited employee access to personal data
• Secure Storage: Data stored in encrypted databases
• Regular Audits: Security reviews and vulnerability testing

However: No system is 100% secure. While we use reasonable efforts to protect your data, we cannot guarantee absolute security.

5. Data Retention

We retain your personal information:

• Active Accounts: For the duration of your subscription
• Cancelled Accounts: 30 days after cancellation (for account recovery)
• Financial Records: 7 years (required by law for tax and audit purposes)
• Usage Logs: 90 days for analytics and troubleshooting

After retention periods expire, we securely delete or anonymize your data.

6. Your Rights and Choices

6.1 Access and Correction

You can:

• View and update your account information in Settings
• Request a copy of your data by emailing support@rep-dash.com
• Correct inaccurate information directly in your account

6.2 Account Deletion

You can delete your account through Settings or by contacting support@rep-dash.com. Upon deletion:

• Your account will be deactivated immediately
• Personal data will be deleted within 30 days
• Financial records retained for 7 years as required by law
• Anonymized usage data may be retained for analytics

6.3 Marketing Communications

We currently do NOT send marketing emails. If we introduce them in the future, you can opt-out via the unsubscribe link in emails or in your account settings.

You CANNOT opt-out of transactional emails (receipts, password resets, critical service updates).

6.4 Do Not Track

We do not currently respond to "Do Not Track" browser signals, as there is no industry standard for compliance.

7. Cookies and Tracking Technologies

We use cookies and similar technologies for:

7.1 Essential Cookies (Required)

• Authentication: Keep you logged in
• Security: Prevent CSRF attacks, detect fraud
• Session Management: Remember your preferences during a session

7.2 Analytics Cookies (Optional)

• Usage Analytics: Understand which features are used
• Performance Monitoring: Identify and fix errors
• A/B Testing: Test new features

7.3 Managing Cookies

You can disable cookies in your browser settings, but this may break essential functionality like login and session management.

8. Third-Party Links

Our Service may contain links to eBay and other third-party websites. We are NOT responsible for the privacy practices of these sites. We encourage you to read their privacy policies.

9. Children's Privacy

RepDash is NOT intended for users under 18 years of age. We do not knowingly collect information from minors. If we discover we have collected data from a child, we will delete it immediately.

If you believe we have information about a child, contact us at support@rep-dash.com.

10. International Users

RepDash is operated in the United States. If you are located outside the U.S., your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

10.1 GDPR Rights (EU Users)

If you are in the European Union, you have additional rights under GDPR:

• Right to Access: Request a copy of your data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restriction: Limit how we process your data
• Right to Portability: Receive your data in a machine-readable format
• Right to Object: Object to certain processing activities

To exercise these rights, email support@rep-dash.com.

11. California Privacy Rights (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of sale of personal information (we do NOT sell data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, email support@rep-dash.com with "CCPA Request" in the subject line.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Effective Date." Material changes will be announced via email or in-app notification.

Continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions, data requests, or concerns, contact us at:

Email: support@rep-dash.com
General Support: support@rep-dash.com

Data Protection Officer Contact: For GDPR-related inquiries, email support@rep-dash.com