Privacy FAQ, Inc. and its subsidiaries (“Reputation”) takes privacy seriously and is dedicated to its continued compliance of global privacy laws and regulations, including the General Data Protection Regulation (GDPR), UK GDPR, and California Consumer Privacy Act (CCPA). 

These are some commonly asked questions regarding our efforts to protect our customers’ personal data.  

Q: Where can I find a copy of your Privacy Notice or Cookie Notice?

A: We continuously evaluate our Privacy Notice and Cookie Notice, and make updates when needed.  Our Privacy Notice details what personal data we collect and how we use it.

Q: Where is customer personal data located?

A: Customers located in the US have their accounts set up, and customer data stored, on Reputation’s US platform. 

Customers in the European Union may have their accounts set up, and customer data stored, on our EU Platform so that personal data remains in the EU.

Reach out to your CSM for more information.

Q: What personal data does Reputation collect?

A: The personal data Reputation collects is dependent on the products or services you use. Generally, name and email address are collected for review requesting or survey requesting services. Reach out to your CSM for more information.

Q: Who can access my data?

A: Depending on the Reputation products or services you use, your data may be accessed by our support teams located in the United States, United Kingdom, and/or India.

Q: Where can I find a copy of your Data Processing Addendum?

A: Reputation’s Data Processing Addendum is incorporated into our Service Agreement

Q: What transfer mechanism does Reputation rely on for data that leaves the EU/UK?

A: We rely on the Standard Contractual Clauses as a legal mechanism for these transfers. Certain transfers of personal data from the EU or UK to our support locations in the United States, United Kingdom, and/or India, are necessary to perform the agreement we entered into with our customers. 

Q: Where can I find a copy of your Technical and Organizational Measures?

A: Reputation’s Technical and Organization Measures are part of our Data Processing Addendum.

Q: What kind of security measures do you have in place? 

A: We take the security of your personal data seriously, and use industry standard safeguards to protect any personal data on our systems. Reputation is SOC2 Type II compliant and ISO 27001 certified as attested by a third-party auditor and is HIPAA compliant to ensure all customer PII and PHI are properly handled. Visit Reputation’s Security Posture page for more information.

Q: What Sub-Processors access my data?

A: Our Sub-Processor Page details the sub-processors that we engage to process personal data for Reputation services. We closely review our agreements with subprocessors and require that our agreements at least contain the same data protection obligations as set out in contract with our customers. Additionally, we require a Data Protection Impact Assessment from our subprocessors. 

Q: Do Reputation employees receive privacy training?

A: Yes, Reputation employees complete annual GDPR and CCPA privacy training.

Q: How does Reputation help enable Customers regarding Data Subject Access Requests (DSAR)?

A: Our clients can personally manage their customer’s DSAR using the self-service Data Protection Tool in Reputation’s platform. Clients can search for, delete, and/or access an individual’s personal data.

We also have an Online Form available for individuals to exercise their privacy rights.

Q: What if an individual wants to exercise their rights to delete, access, or modify personal data?

A: For individuals that want to exercise their rights to delete, access, or modify personal data, please use our Online Form.

Q: Does Reputation have a Data Protection Officer (DPO)?A: Reputation has a DPO can be contacted by sending an email to or by mail to: Data Protection Officer, Privacy Team 6111 Bollinger Canyon Road, Suite 500, San Ramon, CA 94583. 

Get a Demo

Please submit the form below to schedule a custom demo.