The Reputation Rocket, LLC (“Reputation Rocket,” “we,” “us,” or “our”) helps businesses build and protect their online reputation—primarily through Google reviews, social media management, and related marketing services. We also process certain personal information on behalf of our business clients about their customers (e.g., to request a review).
This Privacy Policy explains how we collect, use, disclose, and protect personal information when we act (A) as a business/controller for our own website, apps, and marketing; and (B) as a service provider/processor to our clients.
Important: New Jersey’s comprehensive privacy law took effect on January 15, 2025. We designed this Policy to align with that law and similar U.S. state laws, as well as the GDPR where it applies.
If you are in the EEA/UK, we may appoint an EU/UK representative (contact details to be added if/when applicable).
II. Scope
This Policy covers:
•Our website(s), landing pages, forms, emails, SMS/MMS, and social channels we control.
•Our services provided to clients (review outreach, review response, listings, social media content/engagement, basic CRM integrations, ad/analytics tags, etc.).
•Any personal information we receive from or about you, our clients, or our clients’ customers in connection with those services.
It does not cover sites or services we do not control (e.g., Google, Meta, Yelp). Their privacy policies govern their platforms.
III. Key Roles & How We Operate
•When we collect data for our own purposes (e.g., your info in our lead forms, billing, or our analytics), we are a “business” (CA) / controller (GDPR).
•When clients give us their customers’ information to perform services (e.g., to send a review request), we act as a service provider (CA)/processor (GDPR) and follow the client’s documented instructions.
IV. Categories of Personal Information We Collect
A. Information you give us directly (website forms, email/SMS, phone, events):
•Social handles/usernames when we manage outreach or responses
•Any other data the client lawfully provides so we can perform the services
Sensitive data: We do not seek sensitive personal information (e.g., precise geolocation beyond what your browser shares, health info, government IDs). Please do not provide it unless we specifically request it and have appropriate safeguards in place.
Children’s data: Our services are not directed to children under 13, and we do not knowingly collect children’s personal information. Where children’s data may be implicated online, we follow applicable law (e.g., COPPA) and require appropriate consents where necessary.
V. How We Use Personal Information (Purposes)
•Provide and improve services (build review campaigns; send requests; respond to reviews; schedule social posts; monitor brand mentions; maintain CRM/inboxes; support and troubleshooting)
•Operate our websites/apps and perform analytics (usage trends, performance, security)
•Communicate with you (product/service updates, transactional notices, support, training)
Where the GDPR applies, our legal bases include: contract performance, legitimate interests (e.g., product improvement, fraud prevention), consent (e.g., certain marketing), and legal obligations.
VI. Cookies, Analytics & Ads
We use first- and third-party cookies/pixels (e.g., Google, Meta) for:
•Essential site functionality and security
•Analytics (traffic, engagement, conversions)
•Advertising/retargeting where permitted, including cross-context behavioral advertising in some jurisdictions
You can control cookies via your browser settings. Where required by law, we will present consent tools and honor applicable opt-out rights (see Your Privacy Rights).
Email/SMS marketing: We comply with CAN-SPAM for email and applicable rules for text messages (including the TCPA). You can unsubscribe or text STOP at any time. We obtain appropriate prior express (written) consent for promotional texts as required.
VII. When We Share Personal Information
We share personal information with:
•Service providers/sub-processors who perform services for us (hosting, email/SMS delivery, analytics, payment processing, security, support). They must use data only as instructed and protect it appropriately.
•Clients (when we act as their processor) so they can see campaign results, review content, opt-out status, and related metrics.
•Platforms you choose to connect (Google, Meta, review sites) to publish or manage content.
•Legal/Compliance recipients (if required by law, to protect rights, safety, security, or in connection with a business transaction).
Sale/Sharing: We do not sell personal information for money. Some jurisdictions (e.g., California CPRA) define “share” to include cross-context behavioral advertising. Where our use of advertising cookies/pixels constitutes a “share,” you may opt out (see Your Privacy Rights).
VII. Data Retention
We retain personal information only as long as needed for the purposes described above (and longer if required by law, to resolve disputes, or enforce agreements). For client customer data processed as a service provider, we follow the client’s retention instructions.
IX. Security
We use administrative, technical, and physical safeguards designed to protect personal information (access controls, encryption in transit where appropriate, least-privilege, monitoring, vendor diligence). No method of transmission or storage is 100% secure. If we discover a security incident that poses a risk to you, we will notify you and/or our client as required by law.
X. International Data Transfers
If you access our services from outside the United States, your data may be processed in the U.S. and other countries, which may have different data protection laws. Where the GDPR applies, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) for transfers.
XI. Your Privacy Rights
Depending on your location, you may have the right to:
•Access your personal information and obtain a portable copy
•Correct inaccuracies
•Delete your personal information
•Opt out of targeted advertising, certain profiling, or the sale/sharing of personal information
•Limit the use/disclosure of certain sensitive personal information (where applicable)
•Appeal a rights request decision (certain U.S. states)
•Withdraw consent (for processing that relies on consent)
•Lodge a complaint with a supervisory authority (GDPR/EEA, UK)
These rights exist under California’s CCPA/CPRA and similar state privacy laws, New Jersey’s law (effective Jan 15, 2025), and the GDPR where applicable. We will verify your identity and comply as required by law. Authorized agents may submit requests where permitted.
For California residents, this Policy also serves as our “Notice at Collection” describing categories, purposes, and your opt-out rights, including the right to opt out of sale/sharing.
Universal opt-out mechanisms: Where required by law, we treat recognized browser/app signals (e.g., state-recognized universal opt-out mechanisms) as a valid request to opt out of targeted advertising/sale-or-sharing for that browser or device.
XII. Additional Disclosures for Marketing Communications
•Email: We include unsubscribe links in marketing emails and maintain accurate sender information, consistent with CAN-SPAM.
•Text/Calls: We obtain the level of consent required by the TCPA and applicable FCC rules before sending marketing texts/calls via autodialer or with pre-recorded voices. You can revoke consent at any time by replying STOP. Note: as of 2025, the FCC requires “one-to-one” consent for certain lead-generated marketing calls/texts.
XIII. How We Process Data On Behalf of Clients (Service Provider/Processor Addendum)
When clients engage us to handle their review/outreach/social tasks, we act as their service provider/processor:
•Scope & Instructions: We process personal information only on documented instructions from the client and solely to provide the contracted services.
•Confidentiality & Security: We require confidentiality and apply appropriate safeguards.
•Sub-processors: We may engage vetted sub-processors (e.g., hosting, messaging providers). We remain responsible for their performance and will provide an up-to-date list upon request.
•Assistance: We assist clients with responding to privacy rights requests, security incidents, DPIAs, and recordkeeping, as applicable.
•Return/Deletion: At the end of services, we will return or delete personal information per the client’s instructions and our legal obligations.
•Audits: Upon reasonable notice, we will provide information necessary to demonstrate compliance and allow audits as required by law/contract.
If needed, we will sign a standalone Data Processing Addendum (DPA) reflecting these terms and any state- or GDPR-specific requirements.
XIV. Third-Party Platforms, Reviews & Social Media
When we help you request or publish reviews, respond to feedback, or manage profiles on platforms like Google, Meta, Yelp, or TikTok, those platforms process personal information under their privacy policies. We do not control their data practices. Please review their policies for details.
XV. Do Not Track
Our services do not currently respond to “Do Not Track” (DNT) signals. We will, however, honor legally recognized opt-out mechanisms where required (see Your Privacy Rights).
XVI. Financial Incentives
If we offer promotions, discounts, or referral incentives that relate to personal information, we will describe the program terms, the categories of data involved, how to opt in, and how to withdraw, consistent with applicable law.
XVII. Changes to This Policy
We may update this Policy from time to time. If we make material changes, we will post the updated version and adjust the “Last Updated” date. Where required, we will notify you and/or obtain consent.
