Your data, treated like our own.

All production data is stored in Cloudflare D1 (SQLite at the edge), with assets on Cloudflare R2. Our Workers run on Cloudflare’s global edge network — the same infrastructure used by millions of production sites. We don’t operate our own data center.

Long-running scrapers (Google Maps SERP fetchers, Q&A scrapers) run on a dedicated Hetzner Cloud VPS in Germany (EU-West) behind a Webshare residential proxy pool. Scraped data is encrypted in transit and stored only as long as needed to power your alerts.

In transit: TLS 1.3 enforced on every public endpoint. HSTS preload-eligible. Cloudflare-managed SSL.

At rest: Cloudflare D1 encrypts all data at rest using AES-256. R2 objects are encrypted with AES-256 server-side encryption. Database backups are encrypted with customer-managed keys where available.

Secrets: API keys, OAuth tokens, and payment secrets are stored in Cloudflare Workers Secrets — never in source code, never in logs.

Business data: the public information about your Google Business Profile (name, address, place_id, category) plus reviews we scrape from your public profile. All of this is data Google already makes public.

Account data: your email, name, hashed password (bcrypt + 12 rounds), authentication tokens for the platform itself. Never your Google account password — we use OAuth where applicable.

Billing data: we never see your card number. Payments are processed by LemonSqueezy (their PCI-DSS Level 1), which returns us only a customer ID and subscription status.

RepuShield serves customers worldwide and complies with both the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). You have the right to:

• Access all personal data we hold about you (email privacy@repushield.app)
• Correct inaccurate data via your Account Settings
• Delete your account and all associated data within 30 days of request
• Export your data in a portable format (JSON or CSV)
• Opt out of any non-essential data sharing

We never sell personal data. See our full Privacy Policy for the legal-language version.

Cancel your account anytime from Portal → Settings. Active subscriptions stop billing immediately. Your data is retained for 90 days after cancellation in case you re-subscribe, then permanently deleted from production + backups.

Want immediate deletion before 90 days? Email privacy@repushield.app with “DELETE NOW” in the subject. We confirm deletion within 5 business days.

Third parties that process customer data on our behalf:

• Cloudflare — hosting, DNS, edge compute, D1 database, R2 object storage
• Hetzner Cloud — long-running scraper workers (EU-West)
• Webshare — residential proxy pool for public-data scraping
• Resend — transactional email delivery
• LemonSqueezy — payments + invoicing (their PCI-DSS L1)
• Anthropic / OpenAI — AI reply generation. Customer content sent to these vendors is excluded from model training per their enterprise terms.
• Google Analytics 4 — anonymous traffic analytics. No PII.