Privacy Policy

Last updated: 4 August 2025

This Privacy Policy explains how Refix Reputation Solutions LLC ("Refix", "we", "us") collects, uses, discloses and protects personal information when you visit refix.cloud or use our cloud software‑as‑a‑service platform (the "Service"). It also outlines your privacy rights and how you can exercise them.

Scope: Our Service is offered exclusively to businesses (B2B). Nevertheless, the personal data of individual contact persons is covered by this Policy.

1 Who we are

  • Controller: Refix Reputation Solutions LLC
  • Managing Director – Matin Gholipour Borhani
  • 5 Judith Drive
  • Englewood Cliffs, NJ 07632
  • United States of America
  • Email: privacy@refix.cloud
  • Phone: +49 156 79682848

2 EU Representative (Art. 27 GDPR)

Because we are established outside the European Economic Area and offer services to customers inside the EEA, Article 27 GDPR requires us to appoint an in‑EU representative authorised to act on our behalf in all GDPR matters.

Until the representative is appointed, EEA residents may contact us directly using the details in Section 1.

3 What information we collect and why

Below you will find the main categories of personal information we process and the purposes for doing so. We always process only the information needed to achieve these purposes.

3.1 Website visit

  • Typical data: truncated IP address, date and time, requested page, browser and device information.
  • Purpose: technical delivery of the website and IT security.
  • Legal basis (GDPR): legitimate interests (Art. 6 (1)(f)).

3.2 Account creation and contract performance

  • Data: company name, contact person, business email, address, Stripe payment token, Amazon API keys, login credentials.
  • Purpose: set‑up and administration of your account, provision of the Service, billing.
  • Legal basis: contract (Art. 6 (1)(b)).

3.3 Use of the platform and review analysis

  • Data: product identifiers (e.g. ASINs), review text and pseudonyms, timestamps, removal status.
  • Purpose: identify and handle potentially illegitimate product reviews.
  • Legal basis: contract (Art. 6 (1)(b)) and our legitimate interest in combating fake reviews (Art. 6 (1)(f)).

3.4 Optional legal enforcement via partner law firm

  • Data: your contact details, the affected reviews and products.
  • Purpose: pursue legal removal of reviews through Huth Dietrich Hahn (Germany) when you choose that option.
  • Legal basis: contract (Art. 6 (1)(b)).

3.5 Payments via Stripe

  • Data: cardholder name, last four digits, expiry date, transaction ID.
  • Purpose: collect success‑based fees.
  • Legal basis: contract (Art. 6 (1)(b)).

3.6 Support and chat (Crisp)

  • Data: chat messages, email address, technical metadata.
  • Purpose: respond to support enquiries.
  • Legal basis: contract (Art. 6 (1)(b)).

3.7 Email delivery (SendGrid)

  • Data: email address, delivery status, and—if you subscribe—open and click statistics.
  • Purpose: send transactional emails; send newsletters only with opt‑in consent.
  • Legal basis: contract (Art. 6 (1)(b)), legitimate interests in B2B direct marketing (Art. 6 (1)(f)), or consent for newsletters (Art. 6 (1)(a)).

3.8 Web analytics (Google Analytics 4)

  • Data: truncated IP address, device data, site interactions captured via cookies.
  • Purpose: measure reach and improve our website.
  • Legal basis: consent via cookie banner (Art. 6 (1)(a)).

4 Cookies and tracking choices

Essential cookies provide core functions such as user authentication and are placed based on our legitimate interests.

Analytics cookies (Google Analytics 4) are loaded only after you opt‑in via our Bubble cookie banner. You can withdraw or modify your choice at any time in the banner or in your browser settings.

5 Who has access to your data

We never sell personal information. We disclose it only when necessary for the purposes set out above:

  • Bubble Group, Inc. (USA) – hosting and back‑end of our platform.
  • Cloudflare, Inc. (USA) – content delivery network and security services.
  • Stripe Payments Europe Ltd. (Ireland) / Stripe, Inc. (USA) – payment processing.
  • Google LLC (USA) – web analytics (acting as our processor under the EU‑US Data Privacy Framework).
  • Crisp IM SARL (France) – chat support.
  • Twilio SendGrid, Inc. (USA) – email delivery.
  • Huth Dietrich Hahn (Germany) – independent controller for legal enforcement, engaged only with your approval.
  • Amazon – relevant EU or US entities receive takedown requests on your behalf.
  • Legal authorities or potential acquirers – only if required by law or in the context of a corporate transaction.

6 International transfers

Some recipients are located in countries without an EU adequacy decision, notably the United States. Transfers rely on:

  • certification under the EU‑US Data Privacy Framework (where available), and/or
  • the European Commission’s Standard Contractual Clauses, and/or
  • contractual necessity under Art. 49 (1)(b) GDPR when data is sent directly to us in the USA.

7 How long we keep information

We store personal information only as long as needed:

  • Server logs: 90 days, then anonymised.
  • Account and contractual data: for the lifetime of the account; deleted 30 days after termination unless legal retention applies.
  • Billing and tax records: 10 years (statutory obligations).
  • Review data: until the removal process concludes or 30 days after contract end.
  • Support chats: 12 months after ticket closure.
  • Google Analytics data: 14 months (GA4 retention setting).

8 Your rights

If you are located in the EEA or UK, you have the right to request access, rectification, deletion, restriction, portability and to object to processing based on legitimate interests, as well as the right to withdraw consent at any time. Contact privacy@refix.cloud (or our EU representative once appointed). We respond within one month.

If you reside in California and the California Consumer Privacy Act (CCPA/CPRA) applies to us in the future, you may request to know or delete personal information. We do not sell or share personal information for cross‑context behavioural advertising.

9 Security measures

We employ appropriate technical and organisational safeguards, including TLS encryption, access controls, firewalls and regular backups. No internet transmission or storage system is completely secure; therefore, we cannot guarantee absolute security.

10 Children’s privacy

Our Service is intended for users aged 18 and older and is not directed to children under 13. We do not knowingly collect data from children. If we learn that a child’s data was collected, we will delete it promptly.

11 Changes to this Policy

We may update this Policy when our practices change or legal requirements evolve. We will post the new version here and, if the changes are significant, provide advance notice via the Service or email.

12 Contact

For questions or concerns about this Policy, email privacy@refix.cloud or write to the address in Section 1.

End of Privacy Policy