PIXIQS LLC (a Wyoming Limited Liability Company in good standing, “PIXIQS,” “we,” “us,” “our”) operates a reputation management SaaS platform under the “RepuVibe” brand (the “Platform” or “RepuVibe”). This Privacy Policy (“Policy”) describes how we collect, use, disclose, and protect your personal information when you visit repuvibe.com, sign up for an account, or use the Platform.
By using the Platform, you acknowledge that you have read and understood this Policy. If you do not agree with this Policy, please do not use the Platform.
1. Scope and Parties
1.1 Who this Policy applies to
This Policy applies to:
- Visitors to repuvibe.com
- Registered subscribers of the RepuVibe Platform (“users,” “you”)
- Your team members and authorized representatives
- Review authors who interact with RepuVibe under your authorization (limited to data publicly available on the originating review platform)
1.2 Controller and processor roles
- Personal information (your account data, billing data, browsing data): PIXIQS is the Data Controller
- Customer data (your business reviews, customer contact lists, campaign recipient data): you are the Data Controller; PIXIQS is the Data Processor
When processing customer data, we act only on your documented instructions and for the purposes set out in this Policy.
2. Categories of Personal Information We Collect
Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), we may collect the following categories of personal information:
| CCPA category | What we actually collect |
|---|---|
| A. Identifiers | Name, email, phone, business name, business address, account ID |
| B. Customer records | Billing address, payment history (full card numbers are held by Stripe; we store only the last 4 digits and expiration) |
| D. Commercial information | Subscription plan, credit balances, purchase history |
| F. Internet or other electronic activity | Login timestamps, feature usage records, IP address (truncated), browser type, device identifier |
| G. Geolocation | Approximate location inferred from IP (country / state level; no precise coordinates) |
| K. Inferences | Usage-pattern inferences used to generate AI Insights and feature recommendations |
2.1 Customer data (data you manage)
Customer data you process through the Platform has a distinct character and includes:
- Review data: review content, public author name, rating, and timestamp fetched from public review platforms (Google, and other supported platforms you connect)
- Contact lists: customer email, phone, and name that you import or add (used for review-request campaigns)
- Campaign engagement records: send status, opens, clicks, replies, unsubscribes
2.2 SMS data (specific disclosure)
If you subscribe to the Grow plan or above and enable SMS Campaigns, we process:
- Customer phone numbers you import
- SMS send status and reply records
- STOP / UNSUBSCRIBE opt-out records (retained as required by TCPA and CTIA standards)
SMS is sent through your bring-your-own provider (such as Twilio or Vonage). The data is also subject to your separate agreement with that provider.
2.3 Categories we do not collect
We do not collect the following CCPA categories: biometric information, professional information, education information, political opinions, religious beliefs, sexual orientation, or health information (unless the user voluntarily mentions it in a review reply).
We do notcollect “Sensitive Personal Information” as defined in CCPA §1798.140(ae) (including SSN, driver’s license number, complete financial account information, precise geolocation, race, religion, health, sexual orientation, or contents of communications).
3. How We Collect
We obtain personal information through:
- Directly from you: account registration, subscription, support interactions, contact-list imports
- Generated through Platform use: login activity, feature usage, AI prompt interactions, widget view events on embedded sites
- Third-party platform APIs: with your authorization, we fetch your public business review data from Google Business Profile and other supported review platforms
- Payment processor: Stripe stores your payment method and returns payment status to us
4. How We Use Personal Information
4.1 Service delivery and management
- Providing, maintaining, and improving the core RepuVibe Platform
- Handling account registration, login, and role-based access
- Processing subscription payments, credit purchases, and refunds
- Sending transactional service messages (trial expiration, payment failure, monthly AI Insights digests, low credit balance, important service changes)
4.2 AI feature processing
We use third-party large language models (including OpenAI, Anthropic, or other model providers) to process:
- AI-generated review reply drafts you request
- AI Insights weekly digest summaries
- Sentiment analysis tagging
- AI-assisted brand mention monitoring
Our contracts with AI model providers prohibit them from using your data to train models. The content sent to a model is limited to the minimum necessary to fulfill your request.
4.3 Security and fraud prevention
- Detecting and preventing unauthorized account access
- Identifying and blocking abuse, bots, and malicious activity
- Tracking suspicious credit-usage patterns
4.4 Product improvement
- Aggregated and anonymized usage statistics for analyzing feature adoption and system performance
- We do not use your individual data for personalization or behavioral advertising
4.5 Legal compliance
- Meeting bookkeeping, tax, and consumer-protection obligations
- Responding to subpoenas, court orders, and lawful government requests
5. Do We “Sell” or “Share” Personal Information?
No. Within the meaning of CCPA §1798.140(ad) and the CPRA amendments:
- We do not sell personal information for monetary or other valuable consideration
- We do not share personal information for cross-context behavioral advertising
RepuVibe does not embed any advertising SDK, conversion pixel, or third-party marketing tracking code on the Platform or the marketing site.
6. Disclosures to Third Parties
We disclose personal information only as necessary to deliver the Platform, to the following categories of third parties:
| Category | Purpose | Examples |
|---|---|---|
| Infrastructure providers | Site hosting, CDN, database, cloud storage | Cloudflare, AWS |
| Payment processor | Subscription and credit-pack billing (card data handled under Stripe's own privacy policy) | Stripe |
| AI model providers | Generating review replies, AI Insights summaries, sentiment analysis, brand-mention monitoring (model vendors are contractually prohibited from training on your data) | OpenAI, Anthropic, and other LLM providers |
| Email delivery infrastructure | Sending review request campaigns and transactional emails on your behalf | Transactional email infrastructure provider |
| SMS provider (bring-your-own) | Sending SMS campaigns (you connect your own provider account; that provider's terms apply) | Twilio, Vonage, or similar (you select) |
| Reputation infrastructure provider | Underlying review monitoring and reply delivery infrastructure | Third-party reputation infrastructure provider |
| Analytics tools | Anonymized site analytics; no cross-site tracking | Plausible Analytics |
| Legal / regulatory authorities | Responding to subpoenas, court orders, or other compelled legal disclosures | Courts, prosecutorial agencies, tax authorities |
| Business successors | If PIXIQS LLC undergoes a merger, acquisition, or asset transfer | Acquirer (which will inherit the obligations of this Policy) |
We have data processing agreements with, or are bound by the service terms of, each of the third parties listed above, requiring them to process your data only for the purposes authorized by this Policy.
7. Cookies and Similar Technologies
The Platform uses the following categories of cookies and similar technologies:
| Category | Required? | Description |
|---|---|---|
| Strictly necessary | Yes | Maintain login state, CSRF protection, store preferences; cannot be disabled. |
| Performance / analytics | No | Anonymized traffic statistics via Plausible Analytics; no cross-site tracking. |
| Widget cookies (RepuVibe widget embedded on your site) | No | Stores widget load state only; does not track visitors across sites. |
We do not use advertising cookies, social media tracking pixels, or cross-site personalization tracking.
8. Data Retention
| Data category | Retention period |
|---|---|
| Account and billing records | Retained for 7 years after account termination (to comply with tax and accounting regulations) |
| Platform operational data (reviews, widget configuration) | Deleted or anonymized within 90 days of account termination |
| Campaign delivery and engagement records | Retained for 24 months after sending, then aggregated and anonymized |
| TCPA / CAN-SPAM opt-out records | Retained indefinitely (necessary to honor unsubscribe obligations) |
| Site visitor analytics | Aggregated and anonymized 12 months after collection |
| Data required for legal obligations | Retained as required by applicable law |
9. Your Rights
9.1 California resident rights (CCPA / CPRA)
If you are a California resident, you have the following rights:
- Right to Know: request the categories of personal information we collect, the sources, the purposes, and the categories of third parties to whom we disclose
- Right to Access: request a copy of the personal information we hold about you
- Right to Delete: request deletion of personal information (subject to statutory exceptions)
- Right to Correct: request correction of inaccurate personal information
- Right to Opt-Out of Sale / Sharing: satisfied automatically because we do not sell or share
- Right to Limit Use of Sensitive Personal Information: satisfied automatically because we do not collect SPI
- Right to Non-Discrimination: exercising the rights above will not result in denial of service, different pricing, or different service quality
To exercise these rights, email privacy@repuvibe.com (or hello@repuvibe.com) with the subject line “CCPA Request”. We will respond within 45 days of verifying your identity (with one possible 45-day extension, of which we will notify you in advance).
9.2 California Shine the Light Law (Cal. Civ. Code §1798.83)
California residents may, once per calendar year and free of charge, request disclosure of the categories of personal information we disclosed to third parties in the preceding year. Email privacy@repuvibe.comwith the subject line “Shine the Light Request”.
9.3 Other state laws
If you reside in Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, or another state with a comprehensive consumer privacy law, you may have rights similar to CCPA. Use the same email address to exercise them.
9.4 EU / UK residents
If you are an EU or UK resident, you may have additional rights under GDPR / UK GDPR (including access, correction, deletion, restriction of processing, data portability, objection to processing, and withdrawal of consent). Our lawful bases for processing your data are: (a) necessity for the performance of a contract, (b) our legitimate interests (delivering services, improving the product), or (c) your consent.
If you are an EU resident and believe we have violated GDPR, you have the right to lodge a complaint with the data protection authority of your member state.
9.5 SMS and email opt-out
- SMS: reply “STOP” or “UNSUBSCRIBE” to any message received
- Marketing email: click the unsubscribe link at the bottom of any email
- Transactional service messages: necessary for contract performance and cannot be opted out of; terminating your account will stop them
10. TCPA and CAN-SPAM Compliance
10.1 Our role
PIXIQS is a software service provider that helps you send review-request campaigns. We do not originate marketing messages on our own behalf.
10.2 Your compliance obligations
You, as the message sender, are fully responsible for:
- Obtaining recipients' prior express written consent (as required by TCPA for marketing SMS)
- Providing a clear opt-out mechanism (CAN-SPAM requirement for email)
- Disclosing sender identity and contact information
- Complying with additional state laws (including Florida Mini-TCPA, Washington TCPA, Oklahoma TCPA)
- Maintaining a do-not-contact list
Platform-provided templates include STOP opt-out language, but ultimate compliance responsibility rests with you.
10.3 How we help
- The Platform automatically processes STOP replies as opt-outs
- Opt-out records are retained indefinitely to prevent re-contact
- Audit logs are available for your review
11. Special Handling of Review Data
Review data is publicly available data, but still involves personal information of the review author (public name, review content).
Our principles for handling review data:
- Fetched only from third-party platforms you have authorized
- Used only to provide the analytics, reply, and display features you have subscribed to
- Review authors may exercise their rights through the originating review platform
- Review data displayed in our widgets is sourced from the originating platform's public data
12. Data Security
We use commercially reasonable technical and organizational measures to protect your data:
- TLS 1.2+ encryption for all data in transit
- At-rest encryption
- Least-privilege access controls
- Two-factor authentication for administrator accounts
- Regular backups and disaster recovery planning
- Third-party penetration testing (at least annually)
Please understand that no method of network transmission or storage can guarantee 100% security. If a data breach affecting your personal information occurs, we will notify you within a reasonable time period as required by Wyoming (Wyo. Stat. §40-12-501 et seq.) and other applicable state laws.
13. International Data Transfers
PIXIQS’s primary servers are located in the United States. If you use the Platform from outside the U.S. (including the EU, UK, Taiwan, or elsewhere), you understand and agree that your personal information will be transferred to and processed in the United States under U.S. law.
For transfers of EU resident data, we rely on the European Commission’s Standard Contractual Clauses (SCCs) as the transfer mechanism.
14. Children’s Privacy
The Platform and Services are not directed at children under 13 (per COPPA), nor do we offer features requiring prior consent to persons aged 13–16 (under CCPA’s special protections for minors). We do not knowingly collect personal information from children or minors.
If you discover that we may have inadvertently collected information from a minor, please email hello@repuvibe.com immediately and we will delete it promptly.
15. Third-Party Links
The Platform may include links to third-party sites (including our parent brand PIXIQS). Privacy practices on third-party sites are governed by their own policies.
16. Automated Decision-Making
We do not subject you to any fully automated decision-making with legal or significant effects. AI tools are limited to assisting you in drafting content (such as review replies) and producing analytical summaries; all output is reviewed by you before action is taken.
17. Policy Changes
We may revise this Policy from time to time. Material changes will be communicated by:
- Conspicuous notice on this page
- Updating the “Last updated” date at the top of this page
- Email notice to existing users (with 30 days’ advance notice for material changes)
Continued use of the Platform constitutes acceptance of the revised Policy.
18. Contact Us
If you have any questions about this Policy, our handling of your personal information, or wish to exercise any statutory rights, please contact:
PIXIQS LLC (operating as RepuVibe)A Wyoming Limited Liability Company
Email: hello@repuvibe.com (or privacy@repuvibe.com)
Reply window: within 24 hours on weekdays
For EU residents, hello@repuvibe.com also serves as our designated GDPR contact address.