Privacy Policy

Effective date: January 1, 2026. Last updated: March 2026.

REPSShield, Inc. ("REPSShield", "we", "us", or "our") operates the REPSShield service at repsshield.com. This Privacy Policy describes how we collect, use, disclose, and protect your information when you use our service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and password (stored as a bcrypt hash). If you sign up via Google or Microsoft OAuth, we receive your name and email address from that provider.

1.2 Calendar and Email Data

If you connect a calendar or email integration, we access event titles, descriptions, attendees, locations, and timestamps. For email, we access subject lines and sender/recipient metadata for property-related activity detection. We request read-only access and do not modify, create, or delete your calendar events or emails.

We process this data to identify, classify, and log qualifying real estate activities on your behalf. We do not sell this data, share it with advertisers, or use it to train AI models for third parties.

1.3 Time Log and Property Data

We store the qualifying activity entries you create or confirm: date, property address, activity type, hours, and notes. This data constitutes your IRS time log and is the core purpose of the service.

1.4 Usage Data

We collect standard server logs including IP addresses, browser type, pages visited, and features used. This data is used for security, debugging, and improving the service. We do not use third-party advertising trackers.

1.5 Payment Information

Payments are processed by Stripe. We do not store your credit card number, CVV, or full card details on our servers. We store a Stripe customer ID and your subscription status to manage your account.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and improve the REPSShield service
• Classify calendar and email events into qualifying REP activity categories
• Generate and store your IRS-formatted time logs and audit reports
• Send transactional emails (account verification, password reset, export confirmations)
• Send product update emails (you may opt out at any time)
• Detect and prevent fraud, abuse, and unauthorized access
• Comply with legal obligations

We do not use your data for advertising targeting, and we do not sell your personal information to third parties.

3. Information Sharing and Disclosure

We share your information only in the following circumstances:

3.1 Service Providers

We share data with trusted service providers who help operate the service: Stripe (payments), Amazon Web Services (hosting and storage), and SendGrid (transactional email). These providers are contractually bound to use your data only to provide services to us.

3.2 Legal Requirements

We may disclose your information if required by law, subpoena, court order, or if we believe disclosure is necessary to prevent harm, fraud, or illegal activity.

3.3 Business Transfers

If REPSShield is acquired, merged, or sells substantially all its assets, your information may be transferred as part of that transaction. We will notify you via email before your data is transferred to a party with materially different privacy practices.

3.4 With Your Consent

We may share information with third parties when you have given explicit consent — for example, sharing a report with your CPA via a secure export link.

4. Data Retention

We retain your account data for as long as your account is active. If you cancel your subscription, your data is retained for 90 days so you can export it before permanent deletion. You may request immediate deletion by emailing privacy@repsshield.com.

Server access logs are retained for 90 days for security purposes. Audit logs of security-relevant events are retained for 3 years.

5. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Correct inaccurate personal information
• Delete your personal information
• Export your data in a portable format (CSV or PDF)
• Withdraw consent for calendar and email access at any time
• Opt out of marketing communications

To exercise any of these rights, email privacy@repsshield.com. We will respond within 30 days.

6. Cookies

REPSShield uses strictly necessary cookies for authentication (session token stored as an HttpOnly, SameSite=Strict cookie) and a single localStorage key to remember your light/dark theme preference. We do not use advertising cookies or third-party tracking pixels.

7. Children's Privacy

REPSShield is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact privacy@repsshield.com and we will delete it.

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email at least 30 days before the changes take effect. Your continued use of the service after the effective date constitutes your acceptance of the updated policy.

9. Contact

Questions about this Privacy Policy? Contact us: