Privacy Policy

1. Introduction

Welcome to Repsalio ("we", "our", "us"). We respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our platform at repsalio.com.

Repsalio is a B2B SaaS platform for sales network management. Our company is registered in Serbia, and we voluntarily comply with the General Data Protection Regulation (GDPR) to ensure the highest standards of data protection for all our users, regardless of their location.

2. Data Controller Information

Data Controller: Repsalio

Contact Email: office@repsalio.com

Data Protection Officer: office@repsalio.com

If you have any questions about this privacy policy or our data practices, please contact us at the email addresses above.

3. Data We Collect

3.1 Information You Provide

Registration Data:

• Email address (required)
• Password (securely hashed)
• First name and last name (required)
• User type (company or agent)

Company Profile Data:

• Company name
• Company logo (uploaded images)
• Company size and industry
• Phone number (optional)
• Country and city
• Website URL
• Social media links (LinkedIn, Twitter)
• Company bio/description

Agent Profile Data:

• Years of experience
• Specializations and skills
• Languages spoken
• Territories/countries of operation
• LinkedIn profile URL
• Portfolio items
• Profile picture

3.2 Automatically Collected Data

• Session cookies (for authentication)
• Login timestamps and activity logs
• Listing view counts and application submissions
• Chat messages and conversations
• Usage analytics (via Vercel Analytics)
• IP address and device information

3.3 Communication Data

• Messages sent through our platform chat system
• Email communications (sent and received)
• Support tickets and inquiries

4. How We Use Your Data

We process your personal data for the following purposes:

4.1 Service Provision

• Creating and managing your account
• Powering search, discovery, and listing management tools
• Managing opportunity listings and applications
• Enabling chat communications between users
• Processing payments and subscriptions

4.2 Communication

• Sending verification and welcome emails
• Notifying you about applications and messages
• Sending subscription and payment confirmations
• Alerting you about listing expiration warnings
• Sending password reset links

4.3 Platform Improvement

• Analytics to understand platform usage
• Improving our search and discovery algorithms
• Detecting and preventing fraud or abuse
• Ensuring platform security

4.4 Legal Compliance

• Complying with legal obligations
• Responding to legal requests
• Protecting our rights and property

5. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services (Art. 6(1)(b) GDPR)
• Consent: You have given explicit consent for specific processing activities (Art. 6(1)(a) GDPR)
• Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention and platform security (Art. 6(1)(f) GDPR)
• Legal Obligation: Processing required to comply with legal obligations (Art. 6(1)(c) GDPR)

6. Data Retention Periods

We retain your personal data only as long as necessary for the purposes outlined in this policy:

7. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR), you have the following rights:

For a quick reference on how to exercise these rights, visit our GDPR & Your Data Rights page.

7.1 Right of Access (Art. 15)

You have the right to request a copy of all personal data we hold about you. You can export your data from your account settings or contact us at office@repsalio.com.

7.2 Right to Rectification (Art. 16)

You can update and correct your personal information directly from your profile settings at any time.

7.3 Right to Erasure / "Right to be Forgotten" (Art. 17)

You can request deletion of your account and all associated data from your account settings. We will permanently delete your data within 30 days, except where we are legally required to retain certain information.

7.4 Right to Restrict Processing (Art. 18)

You can request that we limit how we use your data in certain circumstances. Contact office@repsalio.com to exercise this right.

7.5 Right to Data Portability (Art. 20)

You can download your data in a structured, machine-readable format (JSON) from your account settings.

7.6 Right to Object (Art. 21)

You have the right to object to processing based on legitimate interests. You can manage your preferences in account settings or contact us.

7.7 Right to Withdraw Consent

Where we process data based on your consent, you can withdraw consent at any time by updating your preferences or contacting office@repsalio.com.

7.8 Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with your national data protection authority (DPA). For EU countries, find your DPA at:European Data Protection Board

7.9 Automated Decision-Making (Art. 22)

We use automated processing in the following ways:

• Opportunity Recommendations: Our algorithm surfaces opportunities based on territory, language, industry, and experience. This is used to suggest relevant opportunities but does not make binding decisions.
• Profile Matching: Companies may see match scores when viewing applications. These scores are advisory only and do not automatically accept or reject applications.

You have the right to:

• Request human review of any automated decision
• Express your point of view regarding automated processing
• Contest decisions based solely on automated processing

These automated systems do not make legally binding decisions without human involvement.

8. Data Sharing and Third-Party Processors

We share your personal data with the following third-party service providers:

All third-party processors are carefully selected and required to comply with GDPR and maintain appropriate data protection measures. Data Processing Agreements (DPAs) are in place with all processors.

International Data Transfers: Some processors may be located outside the EU. In such cases, we ensure adequate safeguards through Standard Contractual Clauses (SCCs) or adequacy decisions.

9. Data Security

We implement industry-standard security measures to protect your data:

• Encryption: All data transmitted is encrypted using TLS/SSL
• Password Security: Passwords are hashed using bcrypt with salt rounds
• Secure Sessions: HTTP-only, secure cookies for session management
• CSRF Protection: Cross-Site Request Forgery protection on all state-changing operations
• Access Controls: Role-based access control (companies vs agents)
• Regular Security Audits: Ongoing monitoring and security assessments
• Secure Infrastructure: Hosted on secure, GDPR-compliant cloud providers
• Payment Data: We do not store banking credentials. Payments are processed via bank wire transfer. We only store billing information necessary for invoicing (company name, address, VAT number).

Despite our security measures, no system is 100% secure. If you discover a security vulnerability, please report it to office@repsalio.com immediately.

9.1 Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (as required by GDPR Article 33)
• Notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms (GDPR Article 34)
• Document all breaches, including facts, effects, and remedial actions taken

To report a security incident, please contact us immediately at office@repsalio.com.

10. Cookie Policy

We use the following types of cookies:

10.1 Essential Cookies (Required)

These cookies are necessary for the platform to function:

• repsalio_session: Stores your login session (30-day expiration)
• Type: HTTP-only, Secure (production only), SameSite=Lax
• Purpose: Authentication and security

10.2 Analytics Cookies (Optional)

These cookies help us understand how users interact with our platform:

• Vercel Analytics: Anonymous usage statistics
• Data Collected: Page views, navigation patterns (anonymized)
• Control: You can opt-out via cookie preferences

You can manage cookie preferences through your browser settings or our cookie consent banner.

For more detailed information about the cookies we use, please see our dedicated Cookie Policy.

11. Children's Privacy

Repsalio is a B2B platform intended for business professionals. We do not knowingly collect personal information from individuals under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us immediately at office@repsalio.com.

12. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on this page
• Updating the "Last updated" date at the top
• Sending an email notification for significant changes

Your continued use of the platform after changes constitutes acceptance of the updated policy.

13. Contact Us

For any questions, concerns, or requests regarding your personal data or this privacy policy, please contact us:

14. Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority. You can find contact information for EU data protection authorities at:

European Data Protection Board - National Authorities