Repwiz – Hospitality online presence & Feedback management

Privacy policy

This privacy policy describes how we collect, use, and protect your personal information.

Version: 1.0

Who we are

RepWiz is reputation and presence software for hospitality operators.
Controller for our own sites, marketing and sales: joshua matheson, 4 St Anns road, Malvern, WR14 4RG
Processor for venue data inside the RepWiz platform: RepWiz Ltd acts on behalf of our customer.
Contact: privacy@joshthepubguy.co.uk
DPO or privacy lead: joshua matheson, privacy@joshthepubguy.co.uk.

What we collect

  • Account setup – name, business name, role, email, phone, login identifiers, audit logs.
  • Billing – billing contact, address, VAT number, transaction data. Card data handled by our payment provider.
  • Product data we process on your behalf – reviews, ratings, comments, public profile data, photos, social handles, messages, locations, scheduling, orders and tickets, EPOS order metadata, device and usage logs.
  • Website and app analytics – IP address, device, identifiers, pages viewed, events, cookies.
  • Support content – tickets, call recordings, attachments.

Sources

  • You and your team.
  • Connected platforms you choose to link: Google, TripAdvisor, Facebook, Instagram, TikTok, website analytics, EPOS, email and chat tools such as Slack or Outlook.
  • Public sources where content is already public.

How we use data and legal bases

  • Provide and secure the service, authenticate users, prevent abuse – contract and legitimate interests.
  • Connect to and sync with third party platforms under your instructions – contract.
  • Customer support and incident response – legitimate interests.
  • Billing, accounting, legal compliance – legal obligation.
  • Product improvement and analytics with aggregated or pseudonymised data – legitimate interests.
  • Marketing communications with opt in controls – consent or legitimate interests with opt out.
  • Show social content in widgets you embed – contract.

When we are processor

For venue data inside RepWiz, you are the controller and you decide what we process. Our Data Processing Addendum forms part of your contract and includes confidentiality, security, sub-processor controls, international transfer terms and breach notification.

Sharing and sub-processors

We use vetted sub-processors to run the service, for example: cloud hosting, database, analytics, payments, email, file storage, logging and monitoring, customer support. We only share what is necessary, require contracts, and supervise access. We publish an up to date list at repwiz.co.uk/subprocessors. We also share data where required by law or to defend legal claims, and during corporate transactions.

International transfers

We host primarily in the UK or EEA. Where data moves outside the UK or EEA, we use approved safeguards such as UK IDTA or EU SCCs plus additional measures.

Retention

  • Account and contract records – 6 years after end of contract.
  • Product logs – 12 months by default.
  • Support tickets – 3 years.
  • Backups – rolling cycles up to 35 days.
    You can delete venue data in app at any time. We will also delete or return personal data on termination per the DPA.

Security

ISO aligned controls, least privilege access, MFA, encryption in transit and at rest, network segmentation, vulnerability management, staff training, vendor due diligence, incident response. We notify affected customers and regulators of a personal data breach when legally required.

Your rights

Under UK GDPR and EU GDPR you can request access, correction, deletion, restriction, portability, and object to processing.

  • For data we control, email privacy@repwiz.co.uk.
  • For venue data we process for a customer, contact the venue. We will assist them.
    You can complain to the ICO or your local authority.

Cookies

We use essential cookies for login and security, and optional analytics or advertising cookies. On first visit we ask for consent and provide controls in our preferences panel. See our Cookie Notice for details.

Children

The service is for business users aged 16+. We do not knowingly collect children’s data.

Automated decision making

No decisions with legal or similar significant effects are made solely by automated means.

Third party services

Your use of connected platforms is governed by their terms and privacy policies. Disconnect any integration at any time in Settings.

Marketing choices

You can opt out of marketing emails using the unsubscribe link or by contacting us. Service emails are still sent.

Changes to this policy

We will post updates here and change the effective date. Material changes will be notified in app or by email.

Contact

Questions or requests: privacy@joshthepubguy.co.uk
Address: RepWiz, 4 st anns road, mavern, wr14 4rg United Kingdom.

Addendum for customers
By enabling integrations you instruct RepWiz to fetch, process and store content from those services so you can reply, analyse and publish insights. You confirm you have a lawful basis and appropriate notices in place for any personal data you input or connect. We provide tooling for access, export, deletion, audit logs and role based access control. A signed DPA is available on request.