Privacy

Privacy Policy

Last updated: February 25, 2026.
This Privacy Policy explains how IHTConsulting (“we”, “us”, “our”) collects, uses, and protects personal data when you use ReputationKit.io (the “Service”).

1) Data Controller

IHTConsulting is the data controller for personal data processed through the Service, except where we act as a processor on behalf of business customers (see Section 4).

Registered office
3 Boulevard du général jean simon, 75013 Paris, France

For privacy requests, please use the support form available on the website.

2) Personal data we collect

We collect different categories of personal data depending on how you interact with the Service:

A) Data you provide

  • Account data: name, email, password (stored as a secure hash), company/business name, country, settings and preferences.
  • Support and communications: information you submit through forms or support requests.
  • Content and configuration: business links, QR destination URLs, templates, text content you enter, and configuration data needed to run your flows.

B) Data we collect automatically

  • Usage data: pages/screens visited, features used, clicks, timestamps, and approximate location inferred from IP.
  • Device and log data: IP address, device identifiers, browser type, operating system, referrer URLs, and diagnostic logs.
  • Cookies and similar technologies: used for essential functionality and analytics (see Section 10).

C) Customer/end-user data (processed for your business)

If you are a business user, you may upload or input customer data into the Service (for example, customer contact details for follow-ups or feedback requests). Depending on your setup, this may include customer identifiers (name, phone number, email) and interaction data (delivery status, clicks, feedback responses).

3) How we use personal data

We use personal data to:

  • Provide, operate, and maintain the Service.
  • Create and manage accounts, authenticate users, and prevent fraud.
  • Generate and host Assets (such as QR pages, flyers, and share pages).
  • Provide customer support and respond to requests.
  • Process subscriptions, billing, and payment-related events.
  • Monitor performance, troubleshoot issues, secure the platform, and prevent abuse.
  • Improve the Service, including product analytics and feature development.
  • Comply with legal obligations and enforce our Terms.

4) Controller / Processor roles

A) Business customers

For customer/end-user data you upload or input into the Service, you are typically the data controller and we act as a data processor on your behalf. You are responsible for having a lawful basis to process that data, providing required notices, and handling data subject requests where applicable.

B) Direct users

For your account data, website interactions, and usage data processed for our own purposes, we act as the data controller.

5) Legal bases for processing (GDPR)

Where GDPR applies, we rely on the following legal bases:

  • Contract: to provide the Service and manage your subscription.
  • Legitimate interests: to secure and improve the Service, prevent fraud, and ensure performance.
  • Legal obligations: for accounting, tax, and compliance requirements.
  • Consent: when required (for example, certain cookies or marketing communications).

6) Sharing and disclosure

We may share personal data with:

  • Service providers that help operate the Service (hosting, analytics, communications, customer support, monitoring). They are bound by confidentiality and security obligations.
  • Payment processing providers to handle transactions and billing events. We do not store full payment card details.
  • Legal and compliance recipients where required by law or to protect our rights and users.
  • Business transfers (merger, acquisition, financing, or sale of assets), subject to this Policy.

We do not sell personal data.

7) International transfers

Some service providers may process data outside the European Economic Area. Where this occurs, we use appropriate safeguards required by applicable law to help ensure an adequate level of protection.

8) Data retention

We retain personal data only as long as necessary for the purposes described in this Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce agreements. When data is no longer needed, we delete or anonymize it.

9) Security

We apply reasonable technical and organizational measures designed to protect personal data. However, no system is perfectly secure. You are responsible for keeping your credentials secure.

10) Cookies and similar technologies

We use cookies and similar technologies for essential functionality (such as login sessions and security), and for performance and analytics to improve the Service. You can control cookies through your browser settings. Disabling some cookies may affect the Service.

Where required by law, we collect consent for certain cookies.

11) Your rights

Depending on your location and applicable law, you may have rights such as:

  • Access, rectification, deletion (where applicable)
  • Restriction or objection to processing
  • Data portability
  • Withdrawal of consent (where processing is based on consent)

To exercise your rights, please use the support form on the website. We may need to verify your identity.

If you are an end-user whose data was processed by one of our business customers, we may redirect your request to that business customer (the controller), or support them as required.

12) Children’s privacy

The Service is not intended for children under 16 (or under the minimum age required in your jurisdiction). We do not knowingly collect personal data from children.

13) Changes to this Privacy Policy

We may update this Policy from time to time. We will update the “Last updated” date and may notify you for material changes. Continued use of the Service after changes become effective means you accept the updated Policy.

14) Contact

For privacy requests, questions, or complaints, please use the support form available on the website.