Privacy Policy

REPS Guard LLC
Effective Date: March 21, 2026
Last Updated: March 21, 2026

Introduction
Information We Collect
How We Use Your Information
Artificial Intelligence and Automated Processing
Cookies and Tracking Technologies
Third-Party Service Providers
How We Share Your Information
Aggregated and De-Identified Data
Data Storage, Security, and Retention
Data Breach Notification
Your Privacy Rights
California Privacy Rights (CCPA/CPRA)
Do Not Sell or Share My Personal Information
International Users (GDPR)
Children’s Privacy
Communications and Marketing
Changes to This Privacy Policy
App Store Privacy Labels and Data Safety
Contact Us

1. Introduction

REPS Guard LLC (“REPS Guard,” “Company,” “we,” “us,” or “our”) is a California limited liability company that operates the REPS Guard mobile application for iOS and Android (the “App”), the web dashboard located at repsguard.com (the “Website”), and all related services, features, content, and applications (collectively, the “Service”).

This Privacy Policy describes the types of personal information we collect when you use the Service, how we use and protect that information, the circumstances under which we may disclose it, and your rights and choices regarding your information.

REPS Guard helps real estate professionals track hours, mileage, and activities to support qualification for IRS Real Estate Professional Status (“REPS”) under Internal Revenue Code Section 469. Because this involves location data, work activity logs, and other sensitive information, we are committed to transparency about our data practices.

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect information in several ways: directly from you, automatically when you use the Service, and from third-party sources.

2.1 Information You Provide Directly

2.1.1 Account Information

When you create an account, we collect:

Email address — used for authentication, account recovery, service communications, and marketing (with your consent or as permitted by law)
Full name — used for display within the Service and on exported reports
Password — hashed and salted by our authentication provider (Supabase Auth) using industry-standard bcrypt algorithms; we never store or have access to your plaintext password

2.1.2 Time Entry Data

When you log work hours, we collect:

Activity descriptions — free-text descriptions of work performed
Timestamps — start time, end time, and activity date
IRS activity categories — the type of real property trade or business activity (e.g., construction, management, leasing, brokerage, rental, operation, development, redevelopment, reconstruction, acquisition, conversion)
Associated property addresses — addresses of properties related to the work performed
Duration — calculated from start and end times

2.1.3 Property and Vehicle Information

Property addresses — addresses of real properties you manage, own, or work on
Vehicle details — make, model, year, and odometer readings for vehicles used in business travel

2.1.4 Calendar Data

If you choose to connect your calendar:

Calendar events — read-only access to event titles, times, locations, and descriptions for the purpose of suggesting time entries

We do not modify, delete, or write to your calendar. Calendar data is accessed in real time for the purpose of generating suggestions and is not stored persistently on our servers unless converted into a time entry by you.

2.1.5 Communications

Support requests — emails, messages, or other correspondence you send to us
Feedback and suggestions — any product feedback, feature requests, or ideas you voluntarily submit
Survey responses — information provided in optional surveys or research studies

2.1.6 User-Generated Content

Notes, tags, and attachments — any additional information you choose to attach to time entries, trips, or properties
Imported data — time entries, trips, or other records you import from third-party services (e.g., MileIQ CSV exports)

2.2 Information Collected Automatically

2.2.1 Location and Trip Data

If you enable mileage tracking, we collect:

Precise GPS coordinates — latitude and longitude captured during trip recording
Start and end addresses — resolved from GPS coordinates via geocoding services
Trip distance — calculated mileage for each trip
Trip route data — waypoints and path information during active trip recording
Trip purpose and IRS category — business classification assigned by you
Speed and movement data — used to detect trip start/stop events

Location data collection details:

Location data is collected when the mileage tracker is actively recording a trip, or when background location tracking is enabled on your device
Background location access is used to continue recording an active mileage trip when the app is not in the foreground. Background location is never accessed when a trip is not being actively recorded
You may enable or disable location permissions at any time through your device settings
We may use location data to improve the accuracy and quality of the Service, including trip detection, route optimization, and address resolution
Location data may be used in aggregated or de-identified form for service improvement, product development, and business analytics as described in Section 8

2.2.2 Device and Technical Information

We automatically collect certain technical information when you access the Service:

Device type, manufacturer, and model
Operating system and version
App version and build number
Browser type and version (web dashboard)
Screen resolution and display settings
IP address — used for security, fraud prevention, and approximate geographic location
Authentication tokens and session identifiers
Crash reports and diagnostic data — including stack traces and error logs
Referral URLs (web dashboard)

2.2.3 Usage Information

Feature usage patterns — which features you use and how frequently
Navigation paths — screens and pages visited within the Service
Interaction data — taps, clicks, scrolls, and gestures
Time spent — duration of sessions and time on specific screens
Search queries — searches performed within the Service
Performance metrics — load times, response times, and error rates

2.3 Information from Third-Party Sources

2.3.1 Payment Processors

When you subscribe to a paid plan, we receive limited information from our payment processors:

Stripe (web): subscription status, plan type, billing period, transaction identifiers, last four digits of card number, card brand, and billing address zip code
Apple App Store / RevenueCat (mobile): subscription status, plan type, transaction identifiers, and purchase history

We do not receive or store full credit card numbers, bank account details, CVV codes, or other direct payment credentials.

2.3.2 Authentication Providers

If you sign in using a third-party authentication provider (e.g., Google Sign-In, Apple Sign-In), we receive your name, email address, and a unique identifier from that provider.

2.3.3 Calendar Providers

If you connect Google Calendar, Apple Calendar, or another supported calendar provider, we receive read-only access to calendar events as described in Section 2.1.4.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Service

Processing and displaying your time entries, trips, and activity data
Generating IRS-ready reports, exports, and summaries
Providing mileage tracking and trip logging functionality
Resolving GPS coordinates to human-readable addresses
Processing and managing your subscription and payments
Authenticating your identity and maintaining account security
Providing calendar-based entry suggestions

3.2 Improving and Developing the Service

Analyzing usage patterns to identify and fix bugs, errors, and performance issues
Understanding how users interact with features to improve the user experience
Developing new features, products, and services
Conducting internal research and analytics
Training and improving machine learning models and algorithms (using aggregated or de-identified data)
Benchmarking and testing new product features before release

3.3 Communications

Sending transactional notifications (e.g., subscription confirmations, password resets, security alerts)
Sending service-related announcements (e.g., new features, scheduled maintenance, policy changes)
Sending promotional and marketing communications about REPS Guard products, features, and offers (with your consent or as permitted by law)
Responding to your support requests and feedback
Conducting surveys and collecting feedback about the Service

3.4 Safety, Security, and Compliance

Detecting, investigating, and preventing fraudulent, unauthorized, or illegal activity
Protecting the security and integrity of the Service and our users
Enforcing our Terms of Service and other agreements
Complying with legal obligations, including tax reporting and law enforcement requests
Establishing, exercising, or defending legal claims
Protecting the rights, property, or safety of REPS Guard, our users, or the public

3.5 Business Operations

Managing our business operations, including financial reporting and auditing
Facilitating corporate transactions such as mergers, acquisitions, or asset sales
Creating aggregated or de-identified data sets for business intelligence and analytics
Producing marketing materials, case studies, testimonials, and whitepapers (with user consent for any personally identifiable content)
Evaluating and improving our marketing and advertising effectiveness

4. Artificial Intelligence and Automated Processing

4.1 AI-Assisted Features

REPS Guard uses artificial intelligence and machine learning technologies to provide and enhance the Service. Current and future AI-powered features may include:

Voice-to-entry parsing — converting spoken or typed natural language descriptions into structured time entries
Smart categorization — suggesting IRS activity categories based on entry descriptions and patterns
Calendar intelligence — analyzing calendar events to suggest potential time entries
Trip detection — automatically detecting and classifying business trips
Activity suggestions — recommending entries based on your historical patterns and location
Report insights — generating summaries and highlights from your activity data

4.2 How AI Processes Your Data

When you use AI-assisted features:

Relevant data (e.g., activity descriptions, timestamps, categories, location context) may be sent to our AI service providers for processing
We currently use Anthropic’s Claude API for natural language processing; we may integrate additional AI providers in the future. If we integrate additional AI service providers, we will update this Privacy Policy to identify them before transmitting your personal data to such providers
AI service providers process data according to their respective privacy policies and data processing agreements
Under our current agreement with Anthropic, as of the effective date of this Privacy Policy, API inputs are not used to train their foundation models
AI-generated results are returned to the Service and stored only when you confirm or save them

4.3 Your Control Over AI Features

You may choose to use AI-assisted features or create entries manually
AI suggestions are always presented for your review and confirmation before being saved
You may disable specific AI features in your account settings where available

4.4 Future AI Development

We may develop additional AI and machine learning capabilities to enhance the Service. We may use aggregated, de-identified, or anonymized data derived from user activity to train proprietary models, improve algorithms, and develop new AI-powered features. Such use will not include personally identifiable information without your explicit consent.

5. Cookies and Tracking Technologies

5.1 What We Use

REPS Guard uses the following cookies and local storage technologies:

Technology	Type	Purpose	Duration
Supabase session cookie	Strictly Necessary	Authenticates your session on the web dashboard	Session / refresh token expiry
Supabase auth token (local storage)	Strictly Necessary	Maintains authentication state in the mobile app	Until logout
Device preferences	Functional	Stores your display preferences (e.g., theme, timezone)	Persistent
Timer state (local storage)	Functional	Preserves active timer state across app restarts	Until timer is stopped

5.2 What We Do Not Use

As of the effective date of this Privacy Policy, we do not use:

Third-party analytics cookies (e.g., Google Analytics, Mixpanel, Amplitude)
Advertising or targeting cookies
Social media tracking pixels
Cross-site tracking technologies
Fingerprinting technologies

5.3 Future Analytics

We may implement analytics and performance monitoring tools in the future to improve the Service. If we introduce non-essential cookies or tracking technologies, we will update this Privacy Policy and, where required by applicable law, obtain your consent before deploying them.

5.4 Your Browser Settings

Most web browsers allow you to control cookies through their settings. However, disabling essential cookies (such as authentication cookies) will prevent you from using the web dashboard. For instructions on managing cookies in your browser, consult your browser’s help documentation.

6. Third-Party Service Providers

We engage third-party companies and individuals to perform services on our behalf (“Service Providers”). These Service Providers have access to your personal information only to perform specific tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose.

6.1 Current Service Providers

Service Provider	Purpose	Data Accessed	Location
Supabase (via AWS)	Database hosting, authentication, file storage, real-time subscriptions	All user data	United States
Stripe	Web payment processing	Email, name, subscription details, payment method tokens	United States
Apple / RevenueCat	Mobile payment processing (iOS)	Apple ID, subscription plan, transaction data	United States
Anthropic	AI natural language processing (Claude API)	Activity descriptions, timestamps, contextual data for parsing	United States
Vercel	Web application hosting	IP address, user agent, standard HTTP request logs	United States (edge)
Apple Push Notification Service	Mobile push notifications	Device push tokens, notification content	United States
Google Maps Platform	Geocoding and address resolution	GPS coordinates for address lookup	United States
Expo (EAS)	Mobile app build and update distribution	App binary, update metadata	United States

6.2 Future Service Providers

We may engage additional Service Providers in the future to support the operation, improvement, and growth of the Service, including but not limited to:

Analytics and performance monitoring providers
Customer relationship management (CRM) platforms
Email delivery and marketing automation services
Error tracking and application monitoring services
Content delivery networks (CDNs)
Additional AI and machine learning providers
Customer support and helpdesk platforms

When we engage new Service Providers that access personal information, we will ensure appropriate data processing agreements are in place and update this Privacy Policy as needed.

7.1 We Do Not Sell Personal Information

We do not sell your personal information as defined under the California Consumer Privacy Act (CCPA) or any other applicable privacy law. We have not sold personal information in the preceding twelve (12) months and have no plans to do so.

7.2 Circumstances in Which We May Share Information

We may share your personal information in the following limited circumstances:

7.2.1 Service Providers

We share information with our Service Providers as described in Section 6 to operate and improve the Service.

7.2.2 Legal Requirements

We may disclose your information if we believe in good faith that disclosure is necessary to:

Comply with applicable law, regulation, legal process, or enforceable governmental request
Respond to a subpoena, court order, or similar legal process
Cooperate with law enforcement or government agencies
Protect the rights, property, or safety of REPS Guard, our users, or the public
Detect, prevent, or address fraud, security, or technical issues
Enforce our Terms of Service or other agreements

7.2.3 Business Transfers

If REPS Guard is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, dissolution, sale of all or a portion of our assets, or transition of service to another provider, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy.

7.2.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so, such as:

When you choose to export and share reports via email
When you connect third-party integrations
When you authorize us to use your experience as a testimonial or case study
When you participate in co-marketing activities

7.2.5 Professional Advisors

We may share information with our attorneys, accountants, auditors, and other professional advisors in connection with the provision of professional services to us.

8. Aggregated and De-Identified Data

8.1 Our Rights to Aggregated Data

We may collect, create, use, disclose, transfer, and otherwise process aggregated, anonymized, or de-identified data derived from your use of the Service for any lawful business purpose. Aggregated and de-identified data is information from which individual identifiers have been removed such that the data cannot reasonably be linked back to a specific individual.

8.2 Permitted Uses

We may use aggregated and de-identified data for purposes including, but not limited to:

Analyzing industry trends in real estate professional activity tracking
Improving and optimizing the Service and developing new products and features
Creating benchmarks, reports, and market research
Producing statistical analyses and business intelligence
Supporting marketing efforts, including publishing industry reports and insights
Sharing with business partners, researchers, and the public
Training machine learning models and algorithms
Demonstrating the value of the Service to potential users, investors, and partners

8.3 Safeguards

We implement technical and organizational measures to ensure that aggregated and de-identified data cannot be re-identified, including:

Minimum aggregation group sizes — aggregated data sets include a minimum of fifty (50) users to prevent identification of individuals
Location precision reduction — location data in aggregated or de-identified datasets is reduced to city level or broader; precise GPS coordinates are not included
Property address removal — specific property addresses are removed from all de-identified datasets
Re-identification prohibition — we will not attempt to re-identify data that has been de-identified, and we contractually require the same of any third parties with whom we share such data

9. Data Storage, Security, and Retention

9.1 Data Storage Location

Your data is stored in Supabase-managed PostgreSQL databases hosted on Amazon Web Services (AWS) infrastructure in the United States.

9.2 Security Measures

We implement industry-standard security measures to protect your information, including:

Row Level Security (RLS) — database-level access controls ensuring users can only access their own data
Encryption in transit — all data transmitted between your device and our servers is encrypted using TLS 1.2 or higher
Encryption at rest — database storage is encrypted using AES-256 encryption
Password hashing — passwords are hashed using bcrypt with appropriate salt rounds
Secure authentication tokens — short-lived JSON Web Tokens (JWTs) with automatic refresh token rotation
API key management — server-side keys are stored securely and never exposed to clients
Access controls — employee access to production data is restricted to essential personnel

No security measure is perfect. While we use commercially reasonable efforts to protect your information, we cannot guarantee the absolute security of data transmitted over the internet or stored in our systems. You use the Service at your own risk.

9.3 Data Retention

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

Data Category	Retention Period	Rationale
Account information	Duration of account + 30 days post-deletion	Service operation
Time entries and trip data	Duration of account + soft delete retention	IRS audit trail integrity
Payment and subscription records	7 years after last transaction	Tax and legal compliance
Server logs	Up to 90 days	Security and debugging
Backup data	Up to 90 days after account deletion	Disaster recovery
Support correspondence	3 years after resolution	Quality assurance and legal
Aggregated/de-identified data	Indefinitely	Business analytics (non-personal)

9.4 Soft Deletes and Audit Trail

Because REPS Guard generates records intended to support IRS audit requirements, we use soft deletes rather than hard deletes for time entries and trip data. When you delete a record within the Service:

The record is marked as deleted and hidden from your view in the application
The underlying data is retained in the database to preserve your audit trail
This design is intended to protect you — the IRS values contemporaneous records that demonstrate a consistent, unaltered record-keeping practice

9.5 Anti-Backfill Protections

To maintain IRS-grade record integrity, our system enforces that the created_at timestamp on records is set to the time of actual creation and cannot be modified. Activity dates are constrained to within 48 hours of the creation date for manually created entries. Imported records are exempt from this constraint to support legitimate bulk data migration.

9.6 Account Deletion

If you request full account deletion:

Your account credentials will be deactivated immediately
Your personal data will be removed from our active production database within 30 days
Data may persist in encrypted backups for up to 90 days before being purged
Aggregated and de-identified data that has already been derived from your information will not be deleted, as it cannot be linked back to you
We may retain limited information as required by law (e.g., payment records for tax compliance)

10. Data Breach Notification

10.1 Our Obligations

In the event of a security breach involving your unencrypted personal information, REPS Guard will comply with all applicable data breach notification laws, including California Civil Code Sections 1798.29 and 1798.82.

10.2 Notification Timeline

We will notify affected users without unreasonable delay, consistent with the legitimate needs of law enforcement and any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. In no event will notification be delayed beyond the timeframes required by applicable law.

10.3 Information Provided to Affected Users

If you are affected by a data breach, our notification will include:

The date or estimated date of the breach
A description of the types of personal information involved
A general description of the breach incident
The toll-free telephone numbers, addresses, and websites of the major credit reporting agencies (if applicable)
Contact information for REPS Guard so you can obtain additional information
Steps you can take to protect yourself from potential harm
What REPS Guard is doing to address the breach and prevent future incidents

10.4 Notification Methods

We will notify affected users via email to the address associated with your account. If we are required to notify more than 500 California residents, we will also notify the California Attorney General as required by law.

11. Your Privacy Rights

11.1 Rights Available to All Users

Regardless of your location, you have the following rights:

Access — You can view and export all your time entries, trips, properties, vehicles, and reports at any time through the Service’s built-in export features
Correction — You can edit your account information and activity entries directly within the Service
Deletion — You can request deletion of your account and personal data by contacting support@repsguard.com
Data portability — You can export your data in CSV or PDF format at any time
Opt-out of marketing — You can unsubscribe from promotional emails at any time using the unsubscribe link in any marketing email or by contacting us

11.2 How to Exercise Your Rights

To exercise any of your privacy rights, you may:

Email: support@repsguard.com with the subject line “Privacy Rights Request”
In-app: Use the account settings and data export features available within the Service

We will verify your identity before processing any request. We will respond to verified requests within the timeframes required by applicable law (generally 30 to 45 days). If we need additional time, we will notify you of the extension and the reason.

We will not charge a fee for processing your request unless the request is manifestly unfounded, excessive, or repetitive, in which case we may charge a reasonable fee or decline the request.

11.3 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. Authorized agents must provide proof of authorization (e.g., a signed written authorization or power of attorney). We may require you to verify your identity directly even when an authorized agent submits a request.

12. California Privacy Rights (CCPA/CPRA)

This section applies to California residents and supplements the information in the rest of this Privacy Policy.

12.1 Categories of Personal Information Collected

In the preceding twelve (12) months, we have collected the following categories of personal information as defined by the CCPA:

CCPA Category	Examples	Collected	Sold	Shared for Cross-Context Behavioral Advertising
A. Identifiers	Name, email address, IP address, account ID	Yes	No	No
B. Personal information categories listed in Cal. Civ. Code 1798.80(e)	Name, address, telephone number	Yes	No	No
C. Protected classification characteristics	None	No	N/A	N/A
D. Commercial information	Subscription plan, purchase history, transaction records	Yes	No	No
E. Biometric information	None	No	N/A	N/A
F. Internet or electronic network activity	App usage data, browsing history (web dashboard), interaction data	Yes	No	No
G. Geolocation data	Precise GPS coordinates during trip recording	Yes	No	No
H. Sensory data	Voice recordings (if using voice-to-text feature, processed in real time)	Yes	No	No
I. Professional or employment-related information	Real estate activity descriptions, IRS activity categories, property addresses	Yes	No	No
J. Non-public education information	None	No	N/A	N/A
K. Inferences drawn from personal information	Activity patterns, suggested categories, time tracking insights	Yes	No	No
L. Sensitive personal information (precise geolocation)	GPS coordinates	Yes	No	No

12.2 Sources of Personal Information

We collect personal information from the following sources:

Directly from you when you create an account, enter data, or communicate with us
Automatically from your device when you use the Service
From third-party service providers (payment processors, authentication providers, calendar providers)

12.3 Business or Commercial Purposes for Collection

We collect personal information for the business and commercial purposes described in Section 3 of this Privacy Policy.

12.4 Your California Privacy Rights

As a California resident, you have the following rights under the CCPA/CPRA:

Right to Know — You may request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information. We will deliver responses in a portable, readily usable format (e.g., CSV or JSON). For specific-pieces requests, we will provide the actual personal information we have collected about you.
Right to Delete — You may request deletion of your personal information, subject to certain exceptions (e.g., completing a transaction, detecting security incidents, complying with legal obligations, maintaining your audit trail at your request).
Right to Correct — You may request correction of inaccurate personal information.
Right to Opt-Out of Sale or Sharing — We do not sell personal information or share it for cross-context behavioral advertising. If this changes, we will provide a “Do Not Sell or Share My Personal Information” mechanism.
Right to Limit Use of Sensitive Personal Information — We use sensitive personal information (precise geolocation) only for the mileage tracking feature you have opted into. You may limit this use by disabling location permissions on your device.
Right to Non-Discrimination — We will not discriminate against you for exercising your CCPA/CPRA rights. We will not deny you the Service, charge different prices, or provide a different quality of service because you exercised your rights.

12.5 Exercising Your California Rights

To submit a verifiable consumer request, email support@repsguard.com with the subject line “CCPA Request.” We will verify your identity by matching information you provide with information we have on file. We will respond within 45 days. If we need additional time (up to an additional 45 days), we will notify you in writing.

You may submit a request to know up to twice in any twelve (12) month period.

12.6 California “Shine the Light” Law

California Civil Code Section 1798.83 permits California residents to request information about the disclosure of personal information to third parties for direct marketing purposes. We do not disclose personal information to third parties for their direct marketing purposes.

12.7 Notice at Collection for Sensitive Personal Information

Under the CCPA/CPRA, precise geolocation data is classified as sensitive personal information. We collect precise geolocation (GPS coordinates) for the sole purpose of providing the mileage tracking feature you have opted into. We do not use sensitive personal information for purposes beyond what is necessary to provide the Service. You have the right to limit the use of your sensitive personal information by disabling location permissions on your device at any time.

12.8 Financial Incentive

REPS Guard offers tiered subscription pricing (Free, Pro, and Pro+) based on feature access and service levels. Our tiered pricing is not based on the volume, type, or sensitivity of personal information we collect from you. All subscription tiers are subject to the same data collection and privacy practices described in this Privacy Policy. We do not offer financial incentives in exchange for the retention or sale of personal information.

12.9 Retention of Personal Information

We retain each category of personal information for the periods described in Section 9.3 of this Privacy Policy. We will not retain personal information for longer than is reasonably necessary for the disclosed purpose of collection.

REPS Guard does not sell your personal information as defined by the CCPA. We do not share your personal information with third parties for cross-context behavioral advertising purposes.

If our practices change in the future, we will:

Update this Privacy Policy
Provide a conspicuous “Do Not Sell or Share My Personal Information” link on our Website and in the App
Honor all opt-out requests promptly

For questions about this section, contact support@repsguard.com.

REPS Guard is designed primarily for real estate professionals in the United States. However, if you access the Service from the European Economic Area (“EEA”), United Kingdom (“UK”), or Switzerland, the General Data Protection Regulation (“GDPR”) or equivalent local legislation may apply to you.

14.1 Data Controller

REPS Guard LLC is the data controller for personal data processed through the Service.

Contact:
REPS Guard LLC
Email: admin@repsguard.com

14.2 Legal Bases for Processing

We process your personal data on the following legal bases:

Legal Basis	Applicable Processing Activities
Performance of a contract (Art. 6(1)(b) GDPR)	Providing the Service, processing your account, managing subscriptions
Consent (Art. 6(1)(a) GDPR)	Location tracking, calendar access, marketing communications, AI-assisted features
Legitimate interests (Art. 6(1)(f) GDPR)	Service improvement, security, fraud prevention, analytics, product development
Legal obligation (Art. 6(1)(c) GDPR)	Tax record retention, law enforcement compliance

14.3 Your GDPR Rights

In addition to the rights described in Section 11, EEA, UK, and Swiss residents have the right to:

Restrict processing — request that we limit how we use your data in certain circumstances
Object to processing — object to our processing of your data based on legitimate interests
Withdraw consent — withdraw consent at any time where processing is based on consent (without affecting the lawfulness of prior processing)
Lodge a complaint — file a complaint with your local data protection supervisory authority

14.4 International Data Transfers

Your data is stored and processed in the United States. When personal data is transferred from the EEA, UK, or Switzerland to the United States, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission
Data processing agreements with our Service Providers that include appropriate safeguards
Your explicit consent to the transfer, where applicable

By using the Service from outside the United States, you acknowledge and consent to the transfer, storage, and processing of your data in the United States, where data protection laws may differ from those in your jurisdiction.

14.5 Data Protection Officer

We have not appointed a Data Protection Officer, as we are not subject to the mandatory appointment requirements under Article 37 of the GDPR at this time. For data protection inquiries, contact admin@repsguard.com.

15. Children’s Privacy

REPS Guard is a business tool designed for real estate professionals. The Service is not directed to children under the age of 16. We do not knowingly collect, use, or disclose personal information from anyone under the age of 16.

If we discover that we have collected personal information from a child under 16, we will promptly delete that information. If you believe a child has provided us with personal information, please contact us immediately at support@repsguard.com.

16. Communications and Marketing

16.1 Transactional Communications

We will send you transactional and service-related communications that are necessary for the operation of your account, including:

Account verification and password reset emails
Subscription confirmation and billing notifications
Security alerts and suspicious activity notifications
Service announcements and maintenance notifications
Changes to our Terms of Service or Privacy Policy

You cannot opt out of transactional communications while maintaining an active account.

16.2 Marketing Communications

With your consent or as permitted by applicable law, we may send you promotional communications about:

New features and product updates
Tips for maximizing your REPS tracking
Special offers, discounts, and pricing promotions
Industry news and IRS-related updates relevant to real estate professionals
Invitations to events, webinars, or educational content
Partner offers and co-marketing communications

16.3 Opting Out

You may opt out of marketing communications at any time by:

Clicking the “unsubscribe” link in any marketing email
Adjusting your notification preferences in your account settings
Contacting support@repsguard.com

Please allow up to 10 business days for your opt-out request to be processed. Opting out of marketing communications does not affect transactional communications.

16.4 Testimonials and Case Studies

We may request your permission to use your experience with REPS Guard in testimonials, case studies, or marketing materials. We will only use personally identifiable information in such materials with your explicit, written consent. You may withdraw consent at any time by contacting us.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

17.1 Notification of Changes

When we make material changes to this Privacy Policy:

We will update the “Last Updated” date at the top of this page
We will provide notice via email to the address associated with your account and/or through a prominent notice within the Service
We will provide at least thirty (30) days’ notice before material changes take effect, unless a shorter notice period is required by law

17.2 Acceptance of Changes

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with the changes, you should discontinue use of the Service and request account deletion.

17.3 Prior Versions

Prior versions of this Privacy Policy will be made available upon request by contacting support@repsguard.com.

18. App Store Privacy Labels and Data Safety

We maintain App Store Privacy Labels (iOS) and Google Play Data Safety declarations that are consistent with the data practices described in this Privacy Policy. Our store declarations accurately reflect:

The categories of data we collect (as described in Section 2)
Whether data is linked to your identity
Whether data is used for tracking
Our data retention and deletion practices

If you notice any discrepancy between our store declarations and this Privacy Policy, please contact us and we will investigate and correct the inconsistency promptly.

19. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: support@repsguard.com
Legal inquiries: admin@repsguard.com
Company: REPS Guard LLC
Mailing Address: REPS Guard LLC, c/o Registered Agent, Sacramento, CA
State of Incorporation: California, United States
Website: https://repsguard.com

We will endeavor to respond to all inquiries within 30 days.

This Privacy Policy was last reviewed and updated on March 21, 2026.