Data Privacy Policy

1. Data Accessed

Our application may access user data from integrated third-party services (for example, Google Workspace) only with explicit authorization from the user or organization administrator. Types of data we may access include, where applicable:

1. Basic user profile information (e.g., name, email address, job title)
2. Directory and group information (e.g., group names, group membership)
3. Domain-level metadata (e.g., organization or domain identifier)

Access is strictly limited to the specific scopes and permissions granted during the authorization process.

2. Data Usage

We use accessed data solely to provide and improve the core functionality of our product, including:

1. Displaying and managing organizational users and groups as requested by authorized administrators
2. Performing administrative actions (create, read, update, delete) on behalf of an authorized administrator
3. Improving platform usability, debugging, and maintaining service reliability

We do not use this data for advertising, unrelated analytics, or profiling users for marketing purposes.

3. Data Sharing

We do not sell, rent, or otherwise share user data obtained from third-party integrations with external parties for their own purposes.

We may share data internally only as necessary to:

1. Fulfill a user-initiated request
2. Provide customer support or troubleshooting
3. Maintain and improve system reliability and security

In limited circumstances where disclosure is required by law, regulation, or valid legal process, we may disclose data. Where permitted, we will provide notice of such disclosures.

4. Data Storage & Protection

We implement reasonable administrative, technical, and physical safeguards to protect data, including but not limited to:

1. Encryption: Data is encrypted in transit and at rest (industry-standard algorithms such as AES-256).
2. Access controls: Role-based access, least-privilege principles, and multi-factor authentication for sensitive systems.
3. Secure token handling: OAuth tokens and credentials are encrypted and stored securely.
4. Monitoring & audits: Logging, monitoring, vulnerability scanning, and periodic security assessments.

We maintain administrative policies and employee training to reduce the risk of unauthorized access or disclosure.

5. Data Retention & Deletion

User data is retained only as long as necessary to provide the requested services, to comply with legal obligations, or to fulfill legitimate business needs.

1. Data associated with an authorization (e.g., OAuth tokens) is retained while the authorization is active.
2. When authorization is revoked or an account is deleted, related tokens and application-held data are removed within 60–90 days, subject to backups and legal holds.
3. We will honor requests from users or administrators to export or delete their data. To request deletion, contact us at hello@repute.net.

6. Policy Updates

We may update this policy to reflect changes in our practices, services, or legal requirements. When we make material changes we will post a prominent notice on our website and update the Last updated date at the top of this page.

7. Compliance & Third-Party Services

Where relevant, we enter into agreements (for example, Business Associate Agreements) with third-party service providers to ensure appropriate protection for regulated data (such as healthcare information). Only third-party services that meet our security and compliance requirements are used for processing or storage of regulated data.

If you rely on cloud providers (AWS, GCP, Azure) to host or process regulated data, we will use only services and configurations that are appropriate for those regulatory requirements and where the provider offers contractual assurances when required.

8. Contact & Requests

If you have questions about this policy, want to request access to or deletion of data, or need additional information about our data practices, contact:

Repute Network Private Limited
Email: hello@repute.net

For privacy-related requests, please include your organization name, the associated admin email, and a clear description of your request to help us process it quickly.