Privacy Policy

SUMOSMASH UG (haftungsbeschränkt) c/o Repflow
Seydelstr. 12, 10117 Berlin, Germany
Last updated: August 15, 2025

1. Introduction

At SUMOSMASH UG (haftungsbeschränkt), d/b/a Repflow (“us”, “we”, “our”, or the “Company”), we value your privacy and the importance of safeguarding your data. This Privacy Policy (the “Policy”) describes our privacy practices for the activities set out below. As per your rights, we inform you how we collect, store, access, and otherwise process information relating to individuals. In this Policy, “Personal Data” means any information that on its own, or in combination with other available information, can identify an individual.

We are committed to protecting your privacy in accordance with the highest level of privacy regulation. As such, we follow the obligations under the regulations below, to the extent they apply:

  • Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial laws
  • Quebec Law 25
  • EU General Data Protection Regulation (GDPR)
  • Brazil’s General Data Protection Law (LGPD)
  • California Consumer Privacy Act / California Privacy Rights Act (CCPA/CPRA) and CalOPPA
  • Colorado Privacy Act (CPA)
  • Utah Consumer Privacy Act (UCPA)
  • Connecticut Data Privacy Act (CTDPA)
  • Virginia Consumer Data Protection Act (VCDPA)
  • Texas Data Privacy and Security Act (TDPSA)
  • Oregon Consumer Privacy Act (OCPA)
  • Montana Consumer Data Privacy Act
  • Delaware Personal Data Privacy Act
  • Nebraska Data Privacy Law
  • New Hampshire Data Privacy Act
  • New Jersey Data Privacy Act
  • Minnesota Consumer Data Privacy Act
  • Maryland Online Consumer Protection Act
  • South Africa’s POPIA
  • Switzerland’s FADP
  • Saudi Arabia’s PDPL

Controller. For GDPR and similar laws, SUMOSMASH UG c/o Repflow is the controller of your Personal Data, unless we state otherwise.

Scope

This Policy applies to Repflow websites, domains, applications, services, and products owned or operated by SUMOSMASH UG.

This Policy does not apply to third-party applications, websites, products, services, or platforms that may be accessed through non-Repflow links we provide. These sites are owned and operated independently and have their own privacy practices. Any Personal Data you provide to those sites is governed by their privacy policies. We are not responsible for their content or practices.

Processing activities

This Policy applies when you:

  • Use our application or services as an authorized user
  • Visit any of our websites that link to this Policy
  • Receive communications from us, including newsletters, emails, calls, or texts/SMS

2. Personal Data We Collect

What Personal Data we collect

Account and Contact Information. Name, email address, password, company, role, and similar details.
Payment Information. Billing address, phone number, and payment method details (for example, credit or debit card tokenized via our payment processor).
Device and Usage Data. IP address, device identifiers, browser type, operating system, referring URLs, pages viewed, links clicked, session information, and similar diagnostics.
Location Data. Approximate location derived from IP or device settings, where enabled.
Content and Communications. Information you provide through forms, surveys, support requests, feedback, and content you create or upload while using our services.
Marketing Preferences. Your choices about receiving marketing communications.

If you make a purchase or attempt to make a purchase, we collect Account and Payment Information to process your order.

How we collect Personal Data

From you. You provide data when you create an account, use our products or services, create content, request information, download software or our mobile app, subscribe to newsletters, complete surveys, contact support, or log in via social media.

Automatically. We collect certain Device and Usage Data via cookies, pixels, SDKs, and server logs as you interact with our websites and services. See “Cookies” below.

From third parties. We may receive data from:

  • Analytics providers
  • Social media platforms when you choose to log in through them
  • Payment and delivery service providers
  • Anti-fraud and credit risk partners
  • Individuals who purchase gifts or seats for you

If you provide Personal Data about someone else, you represent that you have authority to do so and that the data may be used in accordance with this Policy.

Device and Usage Data

When you visit a Repflow website, we may set cookies or similar technologies on your device. You can configure your browser to refuse non-essential cookies. Some features may not function without them.

We may also process:

  • Approximate location information
  • Search terms or referrals that led you to our site

Data from third parties

We may receive Personal Data about you from subscribers to our services, partners, or other sources. Such data is subject to the third party’s privacy practices. You can contact them directly to exercise your rights. If they are unresponsive, contact our privacy team using the details below.

Purpose and Legal Basis for Processing

We collect and use Personal Data to provide, maintain, and improve our products and services, and to understand how to enhance them. Our purposes include:

Providing and securing the services.

  • Authenticate identity and manage accounts
  • Detect, investigate, and prevent security incidents, fraud, and abuse

Communicating with you.

  • Send transactional messages about the services
  • Provide support and respond to inquiries

Research and development.

  • Analyze usage to improve features and user experience

Marketing and events.

  • Send newsletters and promotional communications where permitted
  • Organize events, register attendees, and schedule meetings

Legal grounds. We process data as necessary to perform a contract with you, based on our legitimate interests to provide and protect the services, to comply with legal obligations, and where required, with your consent. If you do not provide requested data, some services may not be available.

Third-Party Tools

We use third-party providers to operate and improve our services, which may process Personal Data on our behalf, including:

  • HubSpot
  • Amplitude
  • Intercom

For details about specific sub-processors or data recipients, contact us using the information in “Contact Us.”

International Data Transfer and Storage

Where possible, we store and process data in the general region where you reside. Your Personal Data may be transferred to and processed in countries with different data protection laws. We implement appropriate safeguards, such as standard contractual clauses, to protect your data. More information about these clauses can be found here: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32021D0914

Sharing and Disclosure

We share Personal Data only as described in this Policy or at the point of collection. This includes sharing with service providers that host, analyze, support, or otherwise help operate our services, and with advertising or marketing partners as permitted by law and your preferences.

We may use your Personal Data for targeted advertising or marketing communications where allowed. You can learn about interest-based advertising at the Network Advertising Initiative and opt out via the Digital Advertising Alliance’s opt-out page.

Legal requirements. We may disclose data to comply with law or lawful requests, to protect life or safety, or to protect our rights or property. Where practical, we will notify you in advance.

3. Cookies

What are cookies?

Cookies are small files stored on your device that help websites function and provide analytics, personalization, and advertising.

How we use cookies

  • Strictly necessary. Required for core site functions and secure login.
  • Preferences. Remember settings such as language or region.
  • Analytics. Understand how our sites and features are used to improve them.
  • Personalization/Marketing. Tailor content or offers, where permitted.

You can manage cookie preferences in your browser and, where available, through our on-site cookie controls. Global Privacy Control (GPC) signals are honored where legally required. Learn more at https://globalprivacycontrol.org/. Disabling certain cookies may impact functionality.

4. Retention and Deletion

We retain Personal Data only as long as necessary for the purposes described and as required by law. When no longer needed, we delete or anonymize the data.

5. Merger or Acquisition

If we are involved in a merger, acquisition, reorganization, or asset sale, your Personal Data may be transferred to the relevant parties. We will notify you where required.

6. How We Keep Your Data Safe

We use administrative, technical, and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Data transmitted between your device and our services uses encryption where Personal Data is involved. We require our processors to implement appropriate security measures. If a data breach occurs, we will notify you and regulators as required by law.

7. Your Rights

Depending on where you live, you may have some or all of the rights below:

  • Access. Request whether we process your Personal Data and obtain a copy.
  • Rectification. Ask us to correct inaccurate or incomplete data.
  • Erasure. Request deletion of your Personal Data, subject to legal exceptions.
  • Restriction. Ask us to limit processing in certain circumstances.
  • Portability. Receive Personal Data you provided to us in a portable format and transmit it to another controller where applicable.
  • Opt out. Opt out of targeted advertising, sale or sharing of Personal Data, and certain profiling where applicable.
  • Object. Object to processing based on our legitimate interests.
  • Non-discrimination. Exercise your rights without being denied goods or services or charged different prices where prohibited by law.
  • Appeal. If we deny a rights request where state law provides an appeal process, you may appeal our decision and, if unresolved, contact your regulator.
  • Complaint. Lodge a complaint with your local data protection authority. For EEA residents, see the list of supervisory authorities here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Withdrawing consent. Where we rely on consent, you may withdraw it at any time. This will not affect processing that occurred before withdrawal.

How to exercise your rights. Email us at ssa@repflow.ai with your request. For your privacy and security, we may need to verify your identity before acting on a request.

8. Changes to This Policy

We may update this Policy from time to time. We will post the updated version on this page and update the “Last updated” date. In some cases, we may provide additional notice.

9. Contact Us

If you have questions about this Policy or wish to exercise your rights:

Email: ssa@repflow.ai

Mail:
SUMOSMASH UG (haftungsbeschränkt) c/o Repflow
Seydelstr. 12
10117 Berlin
Germany

If you want me to tailor this further, I can: add or remove specific jurisdictions, list your exact sub-processors, wire up a cookie table to your actual cookies, or translate it to German.

ImprintPrivacy PolicyTerms of Service
© 2025 SUMOSMASH UG (haftungsbeschränkt). All rights reserved.