Skip to main content

Privacy Policy

Last updated April 15, 2026

Are you a local business appearing in Reapify's research database rather than a Reapify subscriber? See our business data notice & removal instructions.

1. Information We Collect

We collect information you provide directly: your name, email address, and payment details when you create an account or subscribe to a paid plan. We also collect usage data automatically, including pages visited, features used, browser type, IP address, and device information. When you run campaigns, Reapify processes publicly available business data from third-party sources (Google Maps, public websites) on your behalf.

2. How We Use Your Information

We use your information to: (a) provide, maintain, and improve the Service; (b) process payments and manage your subscription; (c) send transactional emails (account confirmations, billing notices, security alerts); (d) analyze usage patterns to improve the product; (e) respond to support requests. We do not sell your personal information to third parties.

3. Lead & Business Data

Reapify collects and processes publicly available business information, including business names, addresses, phone numbers, websites, and publicly listed email addresses. This data is sourced from public directories and websites. Reapify does not scrape private or password-protected content. Leads generated through the Service are stored in your account and are accessible only to you.

4. AI Processing

We use third-party AI services to analyze website screenshots, generate insight summaries, and draft outreach content. Website screenshots and publicly available page content may be sent to these AI providers for processing. We do not send your personal account information or private data to AI providers. AI providers process data according to their own privacy policies and data processing agreements.

5. Data Sharing

We share data only with a limited set of trusted infrastructure and AI subprocessors necessary to operate the platform. All subprocessors are covered under contractual data protection agreements. We may also disclose information if required by law or to protect our rights. A current list of subprocessors is available upon request at [email protected].

6. Data Retention

We retain your account data for as long as your account is active. Campaign data and leads are stored indefinitely while your account is active. If you delete your account, we retain your data for 30 days to allow for recovery, after which it is permanently deleted. Payment records are retained as required by tax and financial regulations.

7. Data Security

We implement industry-standard security measures including encryption in transit, encrypted storage, strict data isolation, and secure authentication. While we take reasonable steps to protect your data, no system is completely secure, and we cannot guarantee absolute security.

8. Cookies & Tracking

We use two categories of cookies: (a) Essential cookies, which are required for authentication, session management, and security. These cannot be disabled. They include your login session token (set by Supabase) and your cookie consent preference. (b) Analytics cookies, which help us understand how the Service is used so we can improve it. These are set by Vercel Analytics and do not track you across websites. Analytics cookies are only activated if you accept them via our cookie banner. We do not use third-party advertising cookies, tracking pixels, or cross-site trackers. You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site. If your browser sends a Global Privacy Control (GPC) signal, we automatically honor it by declining all non-essential cookies on your behalf.

9. Your Rights

Depending on your jurisdiction, you may have the right to: (a) access your personal data; (b) correct inaccurate data; (c) delete your data; (d) export your data in a portable format; (e) object to or restrict certain processing. To exercise these rights, contact us at [email protected]. We will respond within 30 days.

10. International Data Transfers

Your data may be processed in countries outside your own, including the United States. We ensure appropriate safeguards are in place for any international data transfers, including standard contractual clauses where required.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). You have the right to: (a) know what personal information we collect, use, and disclose; (b) request deletion of your personal information; (c) opt out of the sale or sharing of your personal information; (d) correct inaccurate personal information; (e) limit the use of sensitive personal information. We do not sell or share your personal information as defined under the CCPA/CPRA. We do not use or disclose sensitive personal information for purposes other than those permitted by the CCPA/CPRA. To exercise your rights, contact us at [email protected]. We will not discriminate against you for exercising any of these rights.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. The date at the top of this page indicates when the policy was last revised.

14. Contact

If you have questions about this Privacy Policy or how we handle your data, contact us at [email protected].