Legal

Privacy Policy

Last updated: February 27, 2026

This Privacy Policy explains how Reapdat ("we," "us," or "our") collects, uses, stores, and protects your information when you use our platform and services.

1. Information We Collect

When you use Reapdat, we collect information that you provide directly and information generated through your use of our services. This includes:

  • Account information: name, email address, phone number, company name, and billing details provided during registration.
  • Service data: AI call transcripts, chat logs, booking records, lead details, and knowledge base documents you upload.
  • Usage analytics: pages visited, features used, session duration, and interaction patterns to improve our platform.
  • Device and technical data: IP address, browser type, operating system, and device identifiers collected automatically.
  • Communication records: emails, support tickets, and other correspondence with our team.

2. How We Use Your Information

We use the information we collect to provide, maintain, and improve our services. Specifically:

  • Deliver and operate Vox AI, Engage AI, and Inbox AI services on your behalf.
  • Process bookings, manage leads, and sync data with your connected CRM systems.
  • Train and improve your AI agent using the knowledge base documents you provide (your data is never used to train other tenants' agents).
  • Send transactional notifications: booking confirmations, lead alerts, and system status updates.
  • Analyze aggregate, anonymized usage patterns to improve platform performance and reliability.
  • Detect and prevent fraud, abuse, and security incidents.
  • Comply with legal obligations and respond to lawful requests from authorities.

3. Data Storage and Security

Your data is stored on secure servers with industry-standard protections:

  • Production databases are hosted on PostgreSQL 16 with pgvector, running in isolated Docker containers.
  • All data in transit is encrypted with TLS 1.3.
  • All data at rest is encrypted using AES-256 encryption.
  • CRM credentials and OAuth tokens are encrypted with Fernet AES-128 before storage.
  • Access to production systems is restricted by role-based access controls and audit logging.
  • We conduct regular vulnerability assessments and penetration testing (VAPT).

4. Data Encryption

Reapdat employs multiple layers of encryption to protect your information:

  • Transport encryption: All API communication uses HTTPS with TLS 1.3. HTTP Strict Transport Security (HSTS) is enforced.
  • Credential encryption: CRM API keys, OAuth tokens, and webhook secrets are encrypted using Fernet symmetric encryption before storage. Only encrypted values (prefixed with enc:) are persisted.
  • Token security: JWT authentication tokens use HS256 signing. Token blacklisting is managed via Redis with SHA-256 hashed keys.
  • Password hashing: User passwords are hashed using bcrypt with per-user salts. Plaintext passwords are never stored or logged.

5. Data Retention

We retain your data only as long as necessary to provide our services and comply with legal obligations:

  • Active account data is retained for the duration of your subscription.
  • Call transcripts and chat logs are retained for 12 months after creation, unless you request earlier deletion.
  • Audit logs are retained for 24 months for compliance and security purposes.
  • After account deletion, all associated data is permanently removed within 30 days, except where retention is required by law.
  • You can export or delete your data at any time from the portal dashboard.

6. Third-Party Services

We integrate with the following third-party services to deliver our platform. Each processes data in accordance with their own privacy policies:

  • Twilio: Telephony infrastructure for voice calls and SMS delivery.
  • OpenAI: Language model inference for chat, transcription, and embedding generation.
  • Google: Calendar API for booking availability, Gemini for LLM fallback.
  • Stripe: Payment processing for subscriptions and billing.
  • CRM Providers (HubSpot, Salesforce, Pipedrive, Zoho, Odoo): Data sync when you connect your CRM account.

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

7. Cookies

We use a limited set of cookies essential to the operation of our platform:

  • Authentication cookies: HttpOnly, Secure, SameSite=Lax cookies containing your JWT session token. These are required to keep you logged in.
  • Preference cookies: Theme selection (dark/light mode) stored locally.
  • We do not use third-party tracking cookies, advertising cookies, or analytics cookies that identify individual users.

8. Your Rights (GDPR)

If you are located in the European Economic Area, United Kingdom, or Canada, you have the following rights under applicable data protection laws:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete data.
  • Right to erasure: Request deletion of your personal data (subject to legal retention requirements).
  • Right to data portability: Receive your data in a structured, machine-readable format.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at info@reapdat.com. We will respond within 30 days.

9. Children's Privacy

Reapdat is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information promptly. If you believe a child has provided us with personal data, please contact us at info@reapdat.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes:

  • We will update the "Last Updated" date at the top of this page.
  • For significant changes, we will notify you via email or a prominent notice in the portal dashboard.
  • Continued use of our services after changes become effective constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

  • Email: info@reapdat.com
  • Phone: +1-437-655-6573
  • Address: Brampton, Ontario, Canada

Have questions about our privacy practices?

Contact Us