Privacy Policy

Last updated: 16 May 2026

1. Introduction

ReputationSentry ("we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website reputationsentry.co.uk and use our reputation management SaaS platform.

ReputationSentry is a trading name of Eden22 Ltd, a company registered in England and Wales (Company No. 12667891) with its registered office at 134 London Road, Tunbridge Wells, TN4 0PL, United Kingdom.

2. Scope and Compliance

This policy applies to all personal data processed by us.

2.1 What law applies?

Data usage follows applicable national data protection law and the EU General Data Protection Regulation (GDPR), as well as the UK GDPR.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. For the purposes of these regulations, ReputationSentry acts as a Data Controller for our direct customers' information, and as a Data Processor regarding the customer feedback and review data processed on behalf of our clients.

2.2 What is Personal Data?

Personal Data is any information about personal or factual circumstances that relate to a person. Examples include name, date of birth, email, postal address, phone number, IP addresses, or device IDs.

2.3 What is processing?

Processing encompasses any operation or set of operations that is performed on Personal Data, whether or not it is done automatically.

2.4 Who is responsible for data processing?

The responsible party is ReputationSentry (Eden22 Ltd).

Contact questions through via our contact form or 134 London Road, Tunbridge Wells, TN4 0PL, United Kingdom.

2.5 What are the legal bases for processing?

ReputationSentry processes data under these bases:

  • Fulfilling contractual obligations
  • Protecting legitimate interests (IT security, service development, legal defence)
  • Your explicit consent
  • Complying with legal obligations

2.6 Am I obliged to provide data?

You must provide data necessary to establish, implement, or terminate business relationships, or data legally required for collection. Without this information, contract refusal or termination may occur.

3. Data We Collect

We collect several types of information from and about users of our Services.

3.1 Data that we collect automatically

3.1.1 Log data

The system automatically collects: file names accessed, visit date/time, data transferred, retrieval success notifications, browser type/version, IP address, operating system, internet service provider, referral website, and pages visited. The legal basis is legitimate interest.

3.1.2 Hosting

Hetzner (Industriestr. 25, 91710 Gunzenhausen, Deutschland) provides hosting services and processes inventory, contact, content, usage, metadata, and communication data based on legitimate interests and contractual service provision.

3.1.3 Cookies

Two cookie types exist:

  • Essential Cookies — provide correct, user-friendly website functionality
  • Non-essential Cookies — analytics and advertising cookies requiring consent

Non-essential cookie usage requires consent under applicable national cookie law and the EU Privacy and Electronic Communications Directive (PECD).

3.1.4 Cookie consent

The cookie consent tool collects: consent decisions, IP address, browser information, device information, and visit timing. The legal basis is legitimate interest and your consent.

3.1.5 Links to other websites

Third-party websites may set cookies not covered by this policy. Review their individual cookie policies accordingly.

3.1.6 Third-party services and content

Third-party providers receive user IP addresses to deliver content, which is necessary for display.

3.2 Data we collect directly

3.2.1 Contact

Contact data including name, email, IP address, phone number, and message context is collected to process your request. The legal basis is your consent.

3.2.2 Registration

Users provide: full name, username, email address, and password for account creation and service provision. Processing bases include contractual obligation fulfilment, legal obligation compliance, and consent.

3.3 When you use our services

Data arising from service usage is processed to provide contracted services, including support, correspondence, invoicing, and tax obligations. ReputationSentry becomes the data processor under GDPR, processing data per your instructions only. Employee access is restricted on a need-to-know basis and logged/audited.

3.4 Administration, financial accounting, office organisation, contact management

Administrative data processing for business organisation and legal compliance uses the same data processed for service provision. Legal bases are legal obligations and legitimate interest.

3.5 Payment data

Stripe (510 Townsend Street, San Francisco, California 94103) processes payments exclusively. ReputationSentry has no access to payment data. The legal basis is contract establishment/implementation.

3.6 Marketing

Separate consent allows contacting you for marketing purposes. Consent may be explicit or implied from reasonable expectations. Any direct marketing provides an opportunity to opt out.

3.7 Economic analyses and market research

Business transaction, contract, inquiry, and browsing data undergoes analysis for business evaluation. Analyses remain internal, using anonymous/pseudonymous values.

3.8 Social media

ReputationSentry operates on social media platforms. Contact via social media creates joint controller arrangements.

3.9 Service and AI Data

As a reputation management platform, we process:

  • Customer Feedback: Data captured through QR codes, NFC tags, SMS, email, and WhatsApp requests.
  • Review Data: Publicly available review data from over 67 sources (including Google Business Profile, Facebook, Trustpilot, etc.) to provide sentiment analysis and reporting.
  • AI Hub Inputs: Data provided when connecting external AI models (such as ChatGPT or Claude) to your live review data.
  • Competitor Data: Publicly available metrics regarding local competitors to provide velocity and ranking comparisons.

4. Legal Bases for Processing

We process your personal data under the following legal bases:

  • Performance of a Contract: To provide the SaaS services you have subscribed to.
  • Legitimate Interests: For business operations, improving our AI algorithms, maintaining security, and tracking "AI Search Visibility" across platforms like ChatGPT, Gemini, and Perplexity.
  • Consent: Where you have explicitly opted into marketing communications or specific data sharing.
  • Legal Obligation: To comply with tax, accounting, or regulatory requirements.

5. How We Use Your Data

We use your information to:

  • Provide, operate, and maintain our platform.
  • Generate "Sentry Briefings" and reputation intelligence reports.
  • Facilitate AI-driven review responses and sentiment analysis.
  • Monitor review velocity against local competitors to improve your local search ranking.
  • Process payments via our third-party processor, Stripe.
  • Send technical notices, updates, and support messages.

6. Data Sharing and Disclosure

We do not sell your personal data.

6.1 Who receives my information?

Information recipients within ReputationSentry are those needing access to fulfil contractual/legal obligations. Processors in IT services, telecommunications, and sales/marketing receive data with appropriate legal precautions ensuring GDPR compliance.

We may share information with:

  • Service Providers: Including hosting providers (Hetzner), payment processors (Stripe), and AI model providers (OpenAI, Anthropic) to facilitate the "AI Hub" features.
  • Third-Party Review Platforms: Where necessary to pull or push review data via official APIs.
  • Professional Advisers: Lawyers, bankers, auditors, and insurers where necessary.
  • Legal Requirements: If required by law or in response to valid requests by public authorities.

7. International Data Transfers

While our primary hosting is within the EEA (Germany), some service providers (such as AI toolsets or payment gateways) may process data in the United States. In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or reliance on the UK Extension to the EU-U.S. Data Privacy Framework.

8. Data Security

We implement robust technical and organisational measures to protect your data. This includes encrypted data transmission, restricted employee access on a need-to-know basis, and regular security audits of our AI integrations.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

10. Your Rights

Under UK GDPR, you have the following rights:

  • Access: The right to request copies of your personal data.
  • Rectification: The right to request that we correct inaccurate information.
  • Erasure: The right to request that we erase your personal data under certain conditions.
  • Restriction: The right to request that we restrict the processing of your data.
  • Portability: The right to request the transfer of your data to another organisation.
  • Objection: The right to object to our processing of your data.

To exercise these rights, please contact us at the address provided below.

11. Third-Party Links

Our website may include links to third-party websites (e.g., Google Business Profile). Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact:

Data Protection Officer
Eden22 Ltd T/A ReputationSentry
134 London Road
Tunbridge Wells
TN4 0PL
United Kingdom

Contact: Please use our contact form Web: reputationsentry.co.uk/contact