Privacy Policy

How we collect, use, and protect your personal information

Effective Date: December 1, 2025

Last Updated: March 3, 2026

Introduction

Reputation Genius, LLC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at reputation-genius.com or use our SaaS platform for review management, messaging, CRM, and related services.

By using our services, you agree to the collection and use of information in accordance with this policy. We will not use or share your information with anyone except as described in this Privacy Policy.

What Information We Collect

Personal Data

We may collect the following personal information:

  • Name, email address, phone number, and business information when you register for an account
  • Payment information processed through secure third-party payment processors
  • Communication data from integrated platforms (Facebook Messenger, Google Business Messages, SMS, email)
  • Customer review data and responses managed through our platform
  • Lead and contact information imported or created in our CRM system

Usage Data

We automatically collect certain information when you use our services:

  • IP address, browser type, operating system, and device information
  • Pages visited, time spent on pages, and click-through data
  • Platform usage statistics and feature interaction data
  • Log data for security and troubleshooting purposes

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience. Specifically, we utilize the following tools:

  • Google Tag Manager (GTM-KW5ZJDR4) (Google LLC) — Tag management container. Does not collect PII directly; loads the scripts listed below. Google Privacy Policy
  • Google Analytics 4 (G-M40W9TWCGH) (Google LLC) — Behavioral analytics. Collects anonymized IP address, device type, browser, and interaction data. Data may be processed in the US. Google Privacy Policy
  • Google Ads (AW-17932542379) with Enhanced Conversions (Google LLC) — Conversion tracking and remarketing. We use Google's Enhanced Conversions feature, which transmits hashed (one-way encrypted) personal data to Google to improve ad measurement. See the Enhanced Conversions disclosure below. Google Customer Data Policy
  • Meta Pixel / Facebook Pixel (1142188657645010) (Meta Platforms, Inc.) — Ad conversion tracking and audience targeting. Data may be used for cross-site behavioral advertising. Under California law, this may constitute "sharing" of personal information. Meta Privacy Policy
  • Microsoft Clarity (Microsoft Corporation) — Session recordings and heatmaps. Captures mouse movements, clicks, scrolls, and page interactions. May record content entered into forms. See the Microsoft Clarity disclosure below. Microsoft Privacy Statement
  • Bing Webmaster Tools (Microsoft Corporation) — Site performance and search indexing data. No user PII transmitted.
  • Vercel Analytics (Vercel Inc.) — Anonymous page view metrics. Cookie-free; no PII collected.
  • Vercel Speed Insights (Vercel Inc.) — Anonymous web performance metrics (Core Web Vitals). Cookie-free; no PII collected.

Enhanced Conversions Disclosure

When you complete a form or take a qualifying action on our website (such as submitting a demo request or downloading a guide), we may transmit hashed (one-way encrypted) versions of personal data — such as your email address, phone number, or name — to Google as part of Google's Enhanced Conversions program. This data is used solely for advertising measurement purposes to improve the accuracy of conversion reporting. The data is transmitted in hashed form only; Google does not use it to identify you for other advertising purposes. This practice is governed by the Google Ads Customer Data Policy.

Microsoft Clarity Session Recording Disclosure

We partner with Microsoft Clarity to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve our products and services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement. To opt out of Microsoft Clarity session recording, visit clarity.microsoft.com/optout.

UTM & Attribution Tracking

We use sessionStorage-based UTM parameter tracking to understand which marketing campaigns drive traffic to our site. UTM parameters (source, medium, campaign, term, content) are captured when you visit our site and stored temporarily in your browser's sessionStorage. This data is automatically cleared when you close your browser tab and is not stored in cookies or shared with third parties.

Custom Event Tracking

We track certain user interactions as anonymous events to improve our services and measure engagement. This includes CTA button clicks, calculator interactions, lead capture form submissions, and guide download conversions. These events are tracked through Vercel Analytics and Google Tag Manager's dataLayer and do not contain personally identifiable information.

You can control cookie preferences through your browser settings, though disabling certain cookies may affect platform functionality.

How We Use Your Information

We use collected information for the following purposes:

  • Provide, maintain, and improve our review management, messaging, CRM, and AI marketing services
  • Process payments and manage subscriptions
  • Send service-related communications, updates, and support messages
  • Analyze usage patterns to enhance user experience and develop new features
  • Ensure platform security and prevent fraud
  • Comply with legal obligations and enforce our terms of service
  • Send marketing communications (with your consent where required)

Note on Advertising Data: We do not sell your personal information to data brokers or third parties for their own marketing purposes. However, our use of Meta Pixel and Google Ads constitutes "sharing" of personal information for cross-context behavioral advertising under the California Privacy Rights Act (CPRA). California residents may opt out of this sharing. See "Do Not Sell or Share My Personal Information" below.

Information Sharing and Disclosure

We may share your information in the following circumstances:

  • Third-Party Integrations: With services like GoHighLevel, Google, Facebook, QuickBooks, Clio, and Zapier as necessary for platform functionality
  • Payment Processors: Secure payment information is shared with certified payment processors for transaction processing
  • Service Providers: With trusted vendors who assist in operating our platform (under strict confidentiality agreements)
  • Legal Requirements: When required by law, court order, or to protect our rights and safety
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal information to third parties for marketing purposes.

Data Retention

The data expires and is removed in accordance with our third-party providers (Google, Facebook, Microsoft). We do not adjust the duration of time the data is retained from the default setting to ensure compliancy.

Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and employee training on data protection
  • Regular penetration testing and security assessments
  • Secure data centers with redundant backups

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal requirements)
  • Portability: Request transfer of your data in a structured format
  • Opt-out: Opt-out of marketing communications or certain data processing
  • Restriction: Request limitation of how we process your information

GDPR Rights (EU Residents)

If you are located in the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority.

CCPA / CPRA Rights (California Residents)

California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: Opt out of the sale or sharing of your personal information for cross-context behavioral advertising. See "Do Not Sell or Share My Personal Information" below.
  • Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information beyond what is necessary to provide the service.
  • Non-Discrimination: We will not discriminate against you for exercising any of these rights.

Do Not Sell or Share My Personal Information

Under the CPRA, California residents have the right to opt out of the "sharing" of personal information for cross-context behavioral advertising. Our use of Meta Pixel and Google Ads conversion tracking may constitute such sharing.

To opt out, use any of the following mechanisms:

  • Google Ads: Google Ad Settings
  • Meta / Facebook: Meta Ad Preferences
  • Network Advertising Initiative (all participating ad networks): NAI Opt-Out Tool
  • Microsoft Clarity session recording: Clarity Opt-Out
  • Global Privacy Control (GPC): We honor the GPC browser signal as an opt-out of sharing for California residents. Enable GPC in a supported browser (e.g., Brave, Firefox with the GPC extension).

To submit a formal Do Not Sell or Share request, contact us at privacy@reputation-genius.com.

To exercise any of these rights, please contact us using the information provided below. We will respond to your request within 30 days.

Third-Party Services

Our platform integrates with various third-party services:

  • GoHighLevel: CRM and marketing automation platform
  • Payment Processors: Secure payment processing services
  • Communication Platforms: Facebook Messenger, Google Business Messages, SMS providers
  • Business Tools: QuickBooks, Clio, Zapier, and other integrations
  • Analytics & Tracking: Google Analytics, Google Tag Manager, Google Ads, Facebook Pixel, Bing Webmaster Tools, Microsoft Clarity, Vercel Analytics, Vercel Speed Insights
  • Vercel: Website hosting, analytics, and performance monitoring
  • Google Ads: Paid advertising and conversion measurement

These third parties have their own privacy policies, and we encourage you to review them. We only share necessary information for service functionality.

Protected Health Information (PHI)

This section applies only to clients who have subscribed to the Reputation Genius HIPAA Compliance Add-On and have executed a Business Associate Agreement (BAA) with Reputation Genius.

  • Scope: Protected Health Information (PHI) is processed only within accounts where the HIPAA add-on is active and a BAA is in effect. Base accounts must not be used to handle PHI.
  • Encryption: PHI is encrypted at rest using AES-256 and in transit using TLS 1.3 with a minimum 2,048-bit key.
  • Infrastructure: PHI is stored exclusively on US-based infrastructure (Google Cloud Platform and Amazon Web Services). AWS holds SOC 2 Type 2 and ISO 27001 certifications for its infrastructure layer.
  • Access Controls: Access to PHI is restricted to authorized personnel only, enforced via multi-factor authentication (MFA), role-based access controls, and centralized audit logging of all data access events.
  • Backup and Recovery: PHI data is backed up daily with 7-day retention and point-in-time recovery capability. Backups are stored in multi-zone redundant availability zones.
  • Breach Response: In the event of a breach involving PHI, Reputation Genius will notify affected clients in accordance with HIPAA Breach Notification Rule requirements (45 CFR §§ 164.400–414).
  • Subprocessors: PHI may be processed by HighLevel, Inc. as a downstream subprocessor under a separate BAA between Reputation Genius and HighLevel. PHI is not transmitted to any analytics or advertising tools listed in this policy.

Children's Privacy

Our services are not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

Changes to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We will also send you an email notification for material changes. Your continued use of our services after any changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Reputation Genius, LLC

Email: privacy@reputation-genius.com

Website: reputation-genius.com

Phone: 1-413-798-8836

Address: West Springfield, MA

We are committed to addressing your privacy concerns and will respond to inquiries within a reasonable timeframe.