Business Data Sources & Removal

Reapify maintains a research database of local businesses — the kind of information anyone would find through a Google Maps search. For each business we may store: the business name, category, address, public phone number, website URL, any publicly listed email address, Google Business Profile rating and review count, and screenshots of the business's public website. We do not collect private information, non-public email addresses, or any data behind login walls.

Our business records come from Google Maps (via Serper.dev, a public search API), from the publicly accessible pages of business websites, and from structured data those websites publish themselves (schema.org, meta tags, contact pages). Everything is information the businesses have already chosen to publish publicly. We do not use private databases, purchased lead lists, paid data brokers, or any non-public sources.

Reapify is a research tool for web-design agencies and freelancers. Our subscribers use the tool to identify businesses in their target market whose websites may benefit from professional redesign or modernization. Our lawful basis for processing under GDPR is legitimate interest (Art. 6(1)(f)) — the interest of our subscribers in finding prospective clients, balanced against the limited intrusion of processing public business information. We do not use this data for advertising, profiling for automated decisions, or any purpose outside B2B research.

Business records are cached for up to 7 days in a shared pool that our whole platform uses to avoid re-scraping the same locations. When a subscriber runs a campaign that includes your business, a copy of the record is saved in that subscriber's lead database and retained there until the subscriber deletes it or closes their account. If you appear on a suppression request (see Section 7 below), you are removed from the shared cache and blocked from future campaign exports permanently.

Within Reapify, access is limited to the subscriber who ran the campaign. Your record is never shared with other Reapify subscribers, sold, or used to populate any kind of marketplace or public directory. We use a small number of sub-processors to operate the platform (Supabase for database hosting, Vercel for web hosting, Google Gemini for AI analysis of public website content, Stripe for billing). None of these sub-processors use your data for their own purposes under our agreements with them.

If you are an EU or UK data subject, you have the right to access the data we hold about you, have it corrected, have it erased, restrict its processing, object to processing, and lodge a complaint with your national data protection authority. California residents have equivalent rights under the CCPA/CPRA. You can exercise any of these rights by emailing [email protected] with your request. We will respond within 30 days.

If your business appears in our database and you would like us to remove you, email [email protected] with your business name, email address, phone number, and / or website URL. We will add your identifiers to our suppression list within one business day, which prevents your business from appearing in any future subscriber campaign. We do not require proof of identity for removal requests — we would rather err on the side of respecting an opt-out than leave a record in place.

GDPR Art. 14 requires a data controller to notify subjects when their personal data is collected from third-party sources. Article 14(5)(b) provides an exemption where individual notification would involve disproportionate effort. Our database contains public business records from Google Maps, and emailing the contact address on every record to explain our processing would be both technically impractical at our scale and counterproductive to the interest of those businesses — the very addresses we would have to email are often general inboxes not staffed by the person who would care. This public notice, reachable from every page of our website and referenced in every piece of outreach our subscribers can generate, is our substitute for individual notification. If you believe this balance is wrong for your specific situation, please contact us.

When a subscriber selects a business from our database, our platform may generate short AI-assisted summaries about that business's public website (e.g. a design-quality assessment or a suggested conversation opener). These summaries are generated on demand from public website content only, are visible only to the subscriber who generated them, and are not stored or republished. The AI model used is Google Gemini 2.5, operating under Google's enterprise data-processing agreement.

We may update this page as our processing changes or as compliance requirements evolve. Material changes are dated at the top of this page. For significant changes that affect your rights, we will update the date and revise the sections in question.

Questions about anything on this page, or about a specific business record: [email protected].