This policy explains how Reputiv collects, uses, and protects personal information in accordance with the Protection of Personal Information Act (POPIA).
Reputiv is a reputation management platform built for South African dental practices. We are the Responsible Party under the Protection of Personal Information Act, 2013 (POPIA).
Contact: privacy@reputiv.co.za
Practice users (dentists / practice managers):
- Full name, email address, password (hashed by Supabase Auth)
- Practice name, address, and configuration details
- Billing information processed by PayFast (we do not store card numbers)
Patients (imported by the practice):
- Name, phone number, email address
- Date of last visit
- Review request history (channel, date sent)
Audit tool visitors:
- Practice name, Google Maps URL, email address
We collect personal information only for the following purposes:
- To provide the Reputiv platform and its features
- To send review request messages to patients on behalf of the practice (SMS, WhatsApp, email)
- To generate AI-drafted review responses
- To process subscription payments
- To send product and billing communications to practice users
We share personal information with the following third-party processors only to the extent necessary to deliver our service:
All processors operate under agreements that require them to protect your data. We do not sell personal information to any third party.
| Processor | Purpose |
|---|---|
| Supabase (USA) | Database and authentication hosting |
| PayFast (South Africa) | Subscription billing |
| BulkSMS (South Africa) | SMS and WhatsApp delivery |
| Resend (USA) | Email delivery |
| Anthropic (USA) | AI-generated review response drafting |
| Vercel (USA) | Application hosting |
Patient contact details are imported by the dental practice and are used solely to send review requests on that practice's behalf. Reputiv does not use patient data for any other purpose.
Practices are responsible for obtaining appropriate consent from their patients before importing contact details into Reputiv.
- Practice user accounts: Retained for the duration of the subscription and deleted within 90 days of account closure upon request.
- Patient records: Retained until the practice deletes them or closes their account.
- Review request logs: Retained for 24 months for audit and compliance purposes.
- Audit leads: Retained for 12 months.
As a data subject you have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Delete your personal information (subject to legal retention obligations)
- Object to the processing of your personal information
- Lodge a complaint with the Information Regulator of South Africa at inforeg.org.za
To exercise any of these rights, email us at privacy@reputiv.co.za.
If you are a patient whose data was imported by a dental practice and you wish to have your information removed, please contact the practice directly or email us at privacy@reputiv.co.za with the name of the practice. We will process your request within 30 days.
We implement industry-standard security measures including:
- All data encrypted in transit (TLS) and at rest
- Row-level security on all database tables
- Service role keys restricted to server-side operations only
- Regular security reviews
We may update this policy from time to time. Material changes will be communicated to practice users via email at least 14 days before taking effect.
Last updated: March 2026