Privacy Policy

This Privacy Policy explains how ReUp LLC (“ReUp,” “we,” “us”) collects, uses, and discloses personal information in connection with the ReUp inventory management service (the “Service”). It applies to our website at getreup.net and to the application.

The Service is offered to United States-based businesses. This Policy is written to align with the California Consumer Privacy Act, as amended (the “CCPA”), which we use as our baseline because it is among the strictest U.S. state privacy laws. Where a particular law applies to you, the rights it grants apply to the extent required.

Business and personal information. Much of the data in the Service is your business’s own records (products, inventory, suppliers, purchase orders). This Policy concerns personal information — information that identifies or relates to an individual, such as the contact details of account owners, employees, and suppliers.

We collect the following categories of personal information:

• Account and contact data — name, business name, email address, and login credentials.
• Authentication data — information used to sign in and keep your account secure.
• Business records you enter — which may include the names and contact details of your staff or your suppliers.
• Payment data — processed by Stripe. We receive limited billing details (such as a confirmation and the last digits of a card); full card numbers are handled by Stripe and are not stored on our servers.
• Usage and device data — log data, device and browser information, and how you interact with the Service, used for security and to operate and improve it.
• Communications — messages you send us for support.

• Directly from you — when you create an account, subscribe, enter data, or contact us.
• Automatically — through your use of the Service (log and device data).
• From our service providers — for example, billing status from Stripe.

Notice at collection. Where the CCPA applies, we provide a short notice of the categories collected and the purposes at or before the point of collection (for example, at sign-up), with a link to this Policy.

We use personal information to:

• provide, operate, and maintain the Service;
• process subscriptions, billing, and renewals;
• provide support and respond to requests;
• secure the Service, prevent fraud and abuse, and debug;
• send transactional and account messages (such as receipts, trial-expiry notices, and renewal reminders);
• comply with law and enforce our Terms.

WE DO NOT SELL YOUR PERSONAL INFORMATION, AND WE DO NOT SHARE IT FOR CROSS-CONTEXT BEHAVIORAL ADVERTISING. Because we do not sell or share personal information, we do not provide a “Do Not Sell or Share My Personal Information” link; if this practice ever changes, we will update this Policy and provide the required controls.

WE DO NOT USE YOUR BUSINESS DATA OR PERSONAL INFORMATION TO TRAIN ARTIFICIAL-INTELLIGENCE OR MACHINE-LEARNING MODELS. We plan to introduce AI-assisted features in a future release (such as demand forecasting). When those features ship, we will update this Policy to describe how they process data, which third-party AI providers are involved and under what contractual terms, and what data is sent to those providers. We will not train models on your data without disclosure and, where required, your consent. Until those features are released, no customer data is processed by any AI or machine-learning system.

We share personal information only as needed to run the Service:

• Service providers (sub-processors) — listed below, who process data on our behalf under contracts that restrict their use of it.
• Legal and safety — to comply with law, legal process, or to protect rights and safety.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Policy.

Our sub-processors:

A current sub-processor list is available on request, and our Data Processing Agreement describes how we notify customers of changes.

We retain personal information for as long as your account is active and as needed to provide the Service, then for the period necessary to meet legal, accounting, and security obligations, after which we delete or de-identify it. Specifically:

(a) account, contact, and business-record data are kept while your Subscription is active. After cancellation, your data remains associated with your account so you can return or export it. You may request deletion at any time by writing to privacy@getreup.net, and we will delete or de-identify your data within 30 days of a verified request, except where retention is required by law.

(b) Billing and tax records are kept for up to seven (7) years to meet tax, accounting, and audit obligations.

(c) Authentication, usage, and security logs are kept as managed by our hosting and infrastructure providers, typically up to twelve (12) months.

(d) Backups are managed by our infrastructure providers and rotated according to their retention policies. We may retain information longer where required by law or to resolve a dispute.

After your Subscription ends, you may export your data for a limited window, after which we may delete it as described in our Terms of Service and Data Processing Agreement.

Depending on your state of residence and to the extent the law applies to you, you may have the right to:

• know and access the personal information we hold about you;
• delete personal information, subject to legal exceptions;
• correct inaccurate personal information;
• opt out of any “sale” or “sharing” (not applicable, as we do neither);
• limit the use of sensitive personal information (we do not use sensitive personal information for purposes that trigger this right); and
• be free from discrimination for exercising these rights.

To exercise a right, contact us at the address in Section 13. We will verify your request using information associated with your account before responding. An authorized agent may submit a request on your behalf with proof of authorization.

We use cookies and similar technologies that are strictly necessary to operate the Service (for example, to keep you signed in) and, where used, first-party analytics to understand and improve performance. We do not use third-party advertising or cross-site tracking technologies. Because of this, a cookie consent banner is not legally required for the Service; if we add any non-essential or third-party tracking in the future, we will provide notice and controls and will honor recognized opt-out signals such as Global Privacy Control where applicable.

We use technical and organizational measures designed to protect personal information, including encryption in transit (TLS) and at rest, access controls and least-privilege practices, multi-factor authentication on administrative tools, and database-level tenant isolation so that one customer’s data is not accessible to another. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12.1 Breach notification. If a security breach affects your personal information, we will notify you and any authorities as required by applicable law.

12.2 Children’s privacy. The Service is for businesses and is not directed to children under 16, and we do not knowingly collect personal information from children.

12.3 Changes. We may update this Policy. We will post the updated version with a new effective date and, for material changes, provide additional notice.

ReUp LLC
Privacy email: privacy@getreup.net
Mailing address: ReUp LLC, 30 N Gould St Ste N, Sheridan, WY 82801