Get Free Quote

Privacy Policy

1. Introduction

Your Reputation Agency (“we,” “us,” or “the Company”) provides online reputation management services, including negative content removal, data broker opt-outs, court record & mugshot requests, review remediation, monitoring, and related advisory services (the “Services”). This Privacy Policy explains how we collect, use, disclose, and protect personal data when you: (a) visit our website; (b) contact us for a quote or use our Services; or (c) provide us personal data for processing as part of our Services. (Examples of our public service pages: Negative Content Removal and Data Broker removal).

This policy explains:

  • Who is the controller of your data;
  • What personal data we collect and why;
  • Legal bases for processing;
  • How we share data and with whom;
  • Your rights under applicable laws (GDPR, CCPA/CPRA, and others);
  • How to contact us about privacy matters.

2. Controller & Contact Details

Data Controller: Your Reputation Agency
Postal address: 1309 Coffeen Ave STE 1200, Sheridan, WY 82801, United States.
Email: sales@yourreputation.agency
Telephone: (307) 429-2531.

If you are located in the EU/EEA and wish to make a GDPR request, contact us at the email above. If you are in California, see Section 11 for CCPA rights and how to submit requests.

3. What personal data we collect & when

A. When you visit our website

  • Technical & device data: IP address, browser type/version, device identifiers, page views, referring URLs, cookies and similar technologies.
  • Usage data: pages visited, time on site, form submissions, and chat transcripts.

B. When you contact us / request a quote / become a client

  • Contact details: name, email address, telephone, postal address, and company name.
  • Case details: URLs, copies or screenshots of the content you want addressed, names of affected people or accounts, and identity verification materials (ID scans) if required to submit opt-out or legal requests.
  • Billing details: billing name, billing address, payment token or transaction reference (we do not store full card numbers — processors hold card data).
  • Communications: email exchanges, support chats, and call recordings (if you consent or where permitted).

C. Data we process to deliver Services (client-supplied or collected)

  • Target data about third parties: names, addresses, phone numbers, email addresses, employment details, public court record information, images (e.g., mugshots), social media handles, review content, and any other data necessary to identify and pursue removal/suppression actions.
  • Sensitive or special categories (possible): criminal record excerpts or court records, health-related data, or other sensitive information where such information is part of the content you ask us to address.

Important note: when you supply us with information about third parties (for example, a review author or a public record), you must ensure you have the lawful right to provide that information to us. In many cases you are the controller of that data; we will act as a processor under your instruction (see Section 14). If we act as controller (e.g., for marketing lists we compile), we will notify you and provide lawful basis details.

4. Purposes of processing & lawful bases

We process personal data for the following primary purposes:

  1. To provide and administer the Services (contract performance). This includes case assessment, takedown requests, legal notices, de-index requests, monitoring, and reporting.
    Lawful basis: performance of a contract and/or our legitimate business interest in providing services.
  2. To communicate with you (sales, onboarding, support).
    Lawful basis: contract performance and/or legitimate interest.
  3. Billing, invoicing, fraud prevention, and collections.
    Lawful basis: contract performance and legal obligation.
  4. Site analytics and improvement (cookies, analytics).
    Lawful basis: legitimate interest and/or consent where required.
  5. Marketing (newsletters, promotional offers) only if you opt in where required; you may opt out any time.
    Lawful basis: consent or legitimate interest (with opt-out).
  6. Legal compliance & defense: processing to comply with legal obligations or to protect legal claims (e.g., to respond to subpoenas or defend claims).
    Lawful basis: legal obligation and legitimate interest.
  7. Processing of special categories (limited, case-by-case): where processing involves public court records or criminal information, we will only process that data where necessary for service delivery and where we have an appropriate lawful basis (e.g., task carried out in the public interest or necessary for legal claims) and appropriate safeguards. In some cases we may require a signed instruction and representational warranty from the client.
    Lawful basis: varies by jurisdiction — contact us for specifics.

Risk control: we do not create or host fake reviews, nor do we impersonate others — our methods follow platform rules and applicable law. If a client requests illegal methods, we will refuse and may terminate the engagement.

5. Cookies & tracking

We use cookies and similar technologies to operate the site and improve services: essential cookies (site functionality), performance/analytics cookies (usage tracking), and marketing cookies (ads). On the first visit we present a cookie banner; you may accept or configure preferences. For guidance on what a privacy notice should contain and cookie transparency, see ICO guidance.

6. Sharing & disclosures (who we share data with)

We share personal data only as necessary to deliver the Services:

  • Service providers/subprocessors: payment processors (e.g., Stripe, PayPal), hosting providers, analytics providers (e.g., Google Analytics), email platforms, and monitoring tools. We require subprocessors to protect data and act only on our instructions in a written agreement (DPA).
  • Publishers & platforms: when pursuing takedowns, we share required identity or case information with website owners, social platforms (Google, Facebook, Yelp, etc.), legal counsel, and courts as required by the takedown process.
  • Legal/Regulatory: where required by law or to defend legal claims.
  • Prospective purchasers/business transfers: in the event of sale or reorganization (with appropriate safeguards).

We do not sell personal data for third-party advertising. If this changes, we will notify users and provide opt-out mechanisms (including the Global Privacy Control and CCPA opt-outs for California residents).

7. Client-supplied third-party data (important)

Often clients supply us with another person’s data (e.g., a reviewer, a poster). You must confirm you have the legal right to provide that data to us and to instruct us to act. By sending us data about third parties you represent and warrant that such processing is lawful and that you have obtained necessary consents or have another lawful basis. When we act as a processor for your instructions, we will only process data in accordance with your documented instructions and any DPA we sign (see Section 14).

8. International transfers & safeguards

We operate from the United States and may transfer personal data to other countries. Where transfers involve jurisdictions without an adequacy decision, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), binding contractual protections, or other lawful transfer mechanisms. If you are in the EU and require additional details, contact us and we will provide the transfer safeguards implemented. Guidance on the GDPR and transfer obligations is available from EU resources.

9. Data retention

We retain personal data only as long as necessary to deliver Services, comply with legal obligations, or for legitimate business purposes (e.g., fraud prevention, business records). Typical retention examples:

  • Client onboarding/contract data: retained for the length of the engagement plus 7 years for accounting/legal purposes.
  • Case files/takedown records: retained for the engagement plus 3–7 years depending on complexity and applicable laws.
  • Marketing & analytics data: retained in anonymized or aggregated form; marketing lists until opt-out or 3 years unless you ask us to delete sooner.

If you require stricter retention rules (e.g., delete after project close), include this in your contract and we will honor it where feasible and lawful.

10. Security

We implement technical and organizational measures to protect personal data (access controls, encryption in transit, secure backups, limited access to case teams). No system can be 100% secure; we maintain incident response procedures and will notify affected individuals and regulators where applicable in the event of a data breach, consistent with law.

11. Your rights (GDPR & CCPA summaries)

If you are in the EU/EEA (GDPR rights)

You have rights including: access, rectification, deletion (erasure), restriction of processing, objection to processing, data portability, and withdrawal of consent. Our legal bases and recipients are described above; to exercise a right contact us at sales@yourreputation.agency. See ICO guidance on what to include in notices and rights.

If you are a California resident (CCPA / CPRA)

You have rights, including the right to know the categories and specific pieces of personal information collected, the right to request deletion (with exceptions), the right to opt out of sale or targeted advertising, and the right to non-discrimination for exercising your rights. Submit CCPA requests to sales@yourreputation.agency or use this toll-free method: (307) 429-2531. We will verify requests per CCPA rules. For more: California OAG CCPA guidance.

How we verify requests

We verify requestors with reasonable steps to confirm identity (e.g., email confirmation, matching account info, or government ID for sensitive requests). We will not comply with manifestly unfounded or excessive requests.

12. Minors

Our Services are not directed to children under 16. If you are under 16, do not provide us with personal data without parental/guardian consent. If you believe we have collected data from a child, contact us immediately and we will delete it where appropriate.

13. Changes to this Privacy Policy

We may update this policy to reflect changes in law or our services. Material changes will be posted with an updated “Last Updated” date and, where required by law, we will notify users.

14. Data Processing Agreement (DPA) — short template (clients)

When we act as a processor on behalf of a client (controller), we will sign a DPA specifying subject matter, duration, nature and purpose of processing, types of personal data, categories of data subjects, security measures, subprocessors, notice/assistance obligations, and deletion/return of data after processing. Below is a short sample clause to include in your client contract:

DPA clause: The Parties agree that the Client is the Controller and [Your Reputation Agency] is the Processor. The Processor will process personal data only on documented instructions from the Client, implement appropriate technical and organizational measures, ensure confidentiality of personnel, assist the Client with data subject requests, and delete or return all personal data at the end of the Services. The Processor may engage subprocessors after providing the Client with notice and, where requested, a copy of the subprocessor agreement.

We can provide a full DPA on request.

15. Additional legal & operational notes (tailored for reputation services)

  1. No guarantees: Because many removals depend on third-party platforms, courts, or publishers, we do not guarantee removal or a specific timeline.
  2. Public records & court data: Some public information (court records, government databases) may not be removable. We may assist with suppression or legal requests, but outcomes vary and may require court orders.
  3. Lawful instructions only: We will not perform or assist with illegal activities (e.g., impersonation, hacking, posting fake reviews). If a client instructs us to perform unlawful acts we will decline and may terminate the contract.
  4. Client warranties: Clients must warrant that they have lawful authority to provide us with any third-party personal data required for Services and that they obtained any required consents or legal bases. Where clients are controllers, the client remains primarily responsible for compliance with data protection laws.

16. How to contact us

Questions, requests, or complaints: sales@yourreputation.agency or mail: 1309 Coffeen Ave STE 1200, Sheridan, WY 82801, United States. You may also call (307) 429-2531 for general inquiries. For EU/EEA-specific inquiries, request contact details for an EU representative if required.

If you have unresolved privacy concerns, you may lodge a complaint with your local data protection authority (for EU/EEA residents) or the California Attorney General (for California residents). See ICO and California OAG guidance for rights and complaint processes.

Scroll to Top