Privacy Policy

Effective date: January 22, 2024

‍

We at Repeat know you care about how your and your End Customers’ personal information is used and shared, and we take your and your End Customers’ privacy seriously. Please read the following privacy policy (“Privacy Policy”) to learn more about our processing of personal information. By using or accessing our App and Services in any manner, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will process your information in the following ways. Remember that your use of our Services is at all times subject to our Repeat Terms of Service (“Terms of Service”), which incorporates this Privacy Policy. Any terms we use in this Privacy Policy without defining them have the definitions given to them in our Terms of Service.

‍

What does this Privacy Policy cover?

‍This Privacy Policy covers our treatment of personally identifiable information (“Personal Information”) that we process when you are accessing or using our Services, but not to the practices of companies we don’t own or control, or people that we don’t manage. We process various types of Personal Information from our users, as explained in more detail below, and we use this Personal Information internally in connection with our Services, including to personalize, provide, and improve our Services, to fulfill your requests for certain products and services, and to analyze how you use the Services. In certain cases, we may also share some Personal Information with third parties, but only as described below.

Lawful Basis for Processing

Many jurisdictions require that we disclose to you the lawful basis for our processing of your Personal Information. We do that throughout this Privacy Policy. In general, our lawful basis for processing your Personal Information is based on your specific consent or your contract with us.

By accessing or using any of the Services or by otherwise interacting with us online, you consent to our processing of your Personal Information as described in this Privacy Policy. If our processing of your Personal Information is based on your consent, you may withdraw your consent at any time, and we will cease processing your Personal Information. However, in some cases, this may result in your inability to receive partial or full access to the Services, and your withdrawal of consent does not limit our ability to use anonymized information for processing by us in connection with our legitimate business efforts in the future. In addition, your withdrawal of consent may not prevent us from processing Personal Information if we have processed such Personal Information pursuant to a different lawful basis or to preserve legal claims. For example, if you give your consent for us to process your Personal Information, but we are also required by law to keep your Personal Information, that separate “lawful basis” will still apply, even if you withdraw your consent.

When you enter into an agreement with us, either by accessing the Services, by executing an agreement in hard copy, or by clicking “I Accept” or similar language online, we will process your Personal Information for the purposes of fulfilling the terms of our contract with you. In that case, our processing of your Personal Information is based on the contract, so your withdrawal of consent will only be effective after the purposes for processing that Personal Information have been fulfilled and after we no longer have a legal obligation to keep that Personal Information.

In all cases, we will comply with applicable law and we will cease processing your Personal Information after the legal right, obligation, or other lawful basis expires.‍

Personal Information we process‍

When you install the App, we are automatically able to process the following types of Personal Information from your Shopify account:

• Your name; and
• Your email address

Additionally, after you have installed the App and granted us Shopify Partner Access, we process the following types of Personal Information from you and your End Customers:

• Information regarding transactions on the Shopify Webstore, including but not limited to sales revenue, order replenishment, purchase information about specific products sold, and information about your End Customers (“End Customer Data,” which is included when we use the term Personal Information). When you access the Services, you affirm that you are compliant with our Terms of Service that you have obtained all necessary consents for us to process End Customer Data.
• End Customer Data includes an End Customer’s name, email, physical address, billing information and their order history on your Shopify Webstore.
• For End Customers who opt-in to receive Electronic Messages, we receive their telephone number, email address (or other electronic contact information), first name and complete order history.
• Billing information you provide to Repeat.
• Information about the browsing activity of individuals that visit your Shopify Webstore, including web browser details and the most recent web page (if any) from which the Shopify Webstore and/or App was accessed.

We also process information (which may include Personal Information) from you either directly or through a third-party service provider using the following technologies (“Tracking Technologies”):

• “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. Cookies tell us how and when pages and features in our Services are visited and by how many people.
• “Log files” track actions occurring on the Services, and process data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
• “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Services

Your web browser(s) may offer a “Do Not Track” option, which allows the individual to signal to operators of websites and web applications and services (including behavioral advertising services) that he or she does not wish such operators to track certain of his or her online activities over time and across different websites. Our Services do not support Do Not Track requests at this time, which means that we may process information about your and your End Customers’ online activity both while you are using the Services and after you leave our Services

We do not knowingly process or solicit personal information from anyone under the age of 13. If you are under 13, please do not attempt to register for or use the Services or App or send any personal information about yourself to us. If we learn that we have processed personal information from a child under age 13, we will delete that information as quickly as possible. Please email us at team@getrepeat.io if you believe that a child under 13 may have provided us personal information.

How do we use Personal Information?‍

We use the Personal Information we process from you and End Customers to provide the Services and to operate the App. Additionally, we use this Personal Information for the following purposes:

• Communicate with you at your request;
• Provide you with information about updates to the Services and App;
• Optimize or improve the Services and App;
• To procure unique numbers from carriers for your use in the Services; and
• Provide you with information or advertising relating to our products or services.

Electronic Messages.‍

We send Electronic Messages solely to End Customers who have consented to such receipt. You agree to provide End Customers with the notice about Electronic Messaging as set forth in our Terms of Service. If your End Customers no longer wish to receive Electronic Messages they may reply STOP at any time to cancel, HELP for help, or use the Unsubscribe feature at the bottom of certain Electronic Messages. Any phone numbers, short codes, or other electronic identifiers Repeat uses to communicate with End Customers belong solely to Repeat and are non-transferable, whether during or upon termination of your use of the Services.‍

Data Retention.

We will retain Personal Information only for as long as necessary to fulfill the purposes for which the information was processed. The length of our data retention depends on the purposes for which we processed the information, the nature of the information, obligations as set forth in any contractual relationship that may govern the data and its retention, and any applicable legal obligations. At the conclusion of our retention, we will either destroy or anonymize the data, as allowed under applicable law.‍‍

Information that’s been anonymized.

We may anonymize yours or your End Customer’s Personal Information so that you and your End Customers cannot reasonably be identified as individuals, and provide such anonymized information to our partners. We may also provide aggregate usage information to our partners (or allow partners to process that information from you), who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. However, we never disclose aggregate usage or anonymized information to a partner (or allow a partner to process such information) in a manner that would identify you or your End Customers as individuals. ‍

Advertisers.

We allow advertisers and merchant partners (“Advertisers”) to choose the demographic information of users who will see their advertisements or promotional offers and you agree that we may provide any of the information we have processed from you in anonymized or aggregated form to an Advertiser, for that Advertiser to select the appropriate audience for those advertisements or offers. For example, we might use the fact you are located in San Francisco to show you ads or offers for San Francisco businesses, but we will not tell such businesses who you are. Or, we might allow Advertisers to display their ads to users with similar usage patterns to yours, but we will not disclose usage information to Advertisers except in aggregate form, and not in a manner that would identify you personally. Note that if an advertiser asks us to show an ad to a certain audience or audience segment and you respond to that ad, the advertiser may conclude that you fit the description of the audience they were trying to reach.

Affiliated Businesses.‍

In certain situations, businesses or third party websites we’re affiliated with may sell or provide products or services to you through or in connection with the Services (either alone or jointly with us). You can recognize when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service. One such service may include the ability for you to automatically transmit third party account information to your Services profile or to automatically transmit information in your Services profile to your third party account. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any transaction or service relating to an affiliated website or business, please review all such business’ or websites’ policies.‍

Analytics.

We may use third party analytics service providers, including but not limited to Google Analytics (https://www.google.com/analytics/terms/us.html), for our business purposes, including but not limited to improving and developing our Services, monitoring and analyzing use of our Services, and increasing the functionality and user-friendliness of our Services. When you use our Services, these analytics service providers may process some information about you by planting a persistent cookie or identifier on your web browser or device.

Our Service Providers.

We engage other companies and people to perform tasks on our behalf and may need to share your Personal Information with them to provide our Services to you. For example, we may use a payment processing company to receive and process your credit card transactions for us. Twilio helps us generate text messages, subject to its Terms of Service, https://www.twilio.com/legal/tos. Klaviyo helps us generate emails, subject to its Terms of Service, https://www.klaviyo.com/legal/terms-of-service. We also use other third-party service providers to help us provide the Services to you; thus we may share Personal Information with such service providers. Further, we may use service providers to gather information directly from you, which you authorize us to process to provide the Services as described herein and in our Terms of Service. Unless we tell you differently, our service providers do not have any right to use the Personal Information we share with them beyond what is necessary to assist us. Note that a “service provider” may also be considered a “partner” in certain circumstances, and would be subject to the terms of the “Information that’s been anonymized” section in that regard. Further, a "service provider" may also be a "subprocessor" as defined in applicable data privacy laws.‍

Business Transfers.

If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, your and your End Customers’ Personal Information could be among the assets transferred to or acquired by a third party.

Protection of Repeat and Others.

We reserve the right to access, read, preserve, and disclose any information that we believe is necessary to comply with law or court order; enforce or apply our Terms of Service and other agreements; or protect the rights, property, or safety of Repeat, our employees, our users, or others.  We endeavor to protect the privacy of your account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

We use commercially reasonable efforts to process your Personal Information in a secure environment. We take technical, contractual, administrative, and physical security steps designed to protect Personal Information that you provide to us. We have implemented procedures designed to limit the dissemination of your Personal Information to only such designated staff as are reasonably necessary to carry out the stated purposes we have communicated to you.

Access to Personal Information‍

Please refer to Shopify’s Privacy Policy and Shopify’s account settings to understand what information you may access, edit, or delete on your Shopify account.

The information you can view, update, and delete may change as the Services change and depending on what information you add to your Shopify account. If you have any questions about viewing or updating information we have on file about you or your End Customers, please contact us at team@getrepeat.io.

Your Rights Regarding Your Personal Information

Under applicable data protection, privacy, and other laws, you may have certain rights related to your access and control of your Personal Information. Such rights may include the following:

1. The right to access, correct, update, or request deletion of your Personal Information.
2. The right to object to processing or restrict the processing of your Personal Information (Please note that if you exercise this right, it may limit or eliminate our ability to provide you the Services).
3. The right to request portability of your Personal Information.
4. The right to opt-out of marketing communications we send you. You can exercise this right by clicking the "Unsubscribe" or "Opt-Out" link found in these communications.
5. The right to not be subject to a decision based solely on automated processing, including profiling, known as Automatic Decision Making. Please note that we currently do not employ any Automatic Decision-Making processes in providing the Services.
6. The right to submit a complaint to any applicable regulatory authority about our processing activities.
7. The right to opt-out of us sharing (as defined in the CPRA) your Personal Information, including for direct marketing purposes, subject to certain legal exceptions.
8. The right to limit use, disclosure, and restrict sensitive personal information (as defined in the CPRA).

We may use additional processes to verify your identity before we reveal or delete any of your Personal Information, including two-factor or two-step authentication measures to ensure we can identify you.

This list may not include all of your rights under applicable laws. If you believe you have additional rights, please contact us using the methods in this Privacy Policy.

Further, although we currently do not process Personal Information without consent, if we at any time in the future process Personal Information without your express consent, you may opt-out or withdraw consent at any time.

Please note that exercising any of the above rights may limit or eliminate our ability to provide you the Services. If so, we may terminate the Services due to such requests.

We will try to comply with your request(s) as soon as reasonably practicable and at the very least as required under applicable law. Upon receipt of your written request, we will provide you with a copy of your Personal Information, although in certain limited circumstances we may not be able to make all relevant information available to you, such as where that information also pertains to another user. In such circumstances we will provide reasons for the denial to you upon request.

Please also note that if you do opt-out of receiving marketing-related emails from us, we may still send you messages for administrative or other purposes directly relating to your use of the Services, and you cannot opt-out from receiving those messages while continuing to use the Services.

Further, you may opt-out or disable certain functions on your particular device, preventing us from processing Personal Information. For example, you may disable geolocation or GPS functionality on your mobile device or disable push notifications. If you disable such features, your ability to use and access the Services may be limited.

To exercise any of these rights, or if you have any questions about our processing of your Personal Information, please contact us at team@getrepeat.io or at our toll-free number: 1-213-259-3736.

A.  Privacy for EU/UK Residents

The Regulation (EU) 2016/679 (General Data Protection Regulation) made effective in Europe on May 25, 2018 (“GDPR”) requires that we clearly describe to data subjects the data we process and how we use that data. This Privacy Policy does that and if you have any questions for us regarding our data processing, please contact us at team@getrepeat.io. We comply with the GDPR requirements to the extent they apply to us.

We are based in the United States. By accessing or using the Services or otherwise providing information to us, you understand that your information, including Personal Information, will be subject to processing, transfer, and storage in and to the United States.

Due to the nature of our Services, we act as a "Processor" as defined under the GDPR. If you have questions about the nature of our relationship with you, please contact us at team@getrepeat.io.

Pursuant to the GDPR, residents of the EU (and the EEA, as applicable) have the right to obtain our confirmation of whether we maintain Personal Information relating to them in the United States. If you are a resident of Europe, upon request from you, we will provide you with access to the Personal Information that we hold about you. Please contact us if you have any questions.

Further, if you are a resident of the United Kingdom ("UK"), to the extent the GDPR as incorporated into UK law pursuant to s.3 of the European Union (Withdrawal Act) 2018 (as amended, the "UK GDPR") is different than the GDPR, we will follow all supplemental requirements under the UK GDPR and you have all rights as a UK citizen under the UK GDPR.

B.  Privacy for California Residents

California adopted the California Consumer Privacy Act (“CCPA”), which took effect at the beginning of 2020 and has now adopted the California Privacy Rights Act ("CPRA"), which took effect January 1, 2023. We comply with the requirements of the CCPA and CPRA to the extent they apply to us.

If you are a California resident, you may request to exercise your rights for any Personal Information we have processed in the 12 months prior to your request. Such request covers any categories, sources, purposes, and, if applicable, third parties to whom we share the Personal Information. Further, you can exercise any of your rights free of discrimination, for example, we cannot increase the price of the Services or decrease the quality of the Services because you exercise your rights.

Due to the nature of our Services, we act as a "service provider" as defined under the CCPA and CPRA. If you have questions about the nature of our relationship with you, please contact us at team@getrepeat.io or at our toll-free number: 1-213-259-3736.

For more information, please direct your questions to us at team@getrepeat.io or at our toll-free number: 1-213-259-3736.

C. Privacy for Other Jurisdictions

We strive to comply with all data protection and privacy laws in applicable jurisdictions, to the extent such laws apply to us and our Services. We strive to be transparent about our data processing activities and have disclosed our practices throughout this Privacy Policy. If you have any questions about your rights under any applicable data protection and privacy laws, please contact us team@getrepeat.io or at our toll-free number: 1-213-259-3736.

Changes to this Privacy Policy‍

We may update this Privacy Policy from time to time to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons. We will alert you to changes by sending a notice via the App, by sending you an email, and/or by some other means.‍

Contact Us‍

‍For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by email at team@getRepeat.io.