Privacy Policy

Effective date: February 15, 2026 · Last updated: February 15, 2026

1. Who We Are

RepVault ("we," "us," "our") is a mobile application designed to help field sales representatives manage professional credentials, facility visits, and daily planning. This Privacy Policy explains how we collect, use, store, and protect your information when you use the RepVault app and website.

2. Information We Collect

Account Information: When you create an account, we collect your email address, name, and password (stored securely via hashed authentication). If you use the community feature, we also store your chosen anonymous alias.

Credential Documents: When you scan or upload credentials (certificates, licenses, training records), we store the document images and extracted data including credential type, issuing authority, expiration dates, and certificate numbers. These documents are stored in your private, encrypted vault.

Facility Information: Hospital names, addresses, credentialing platform details, contact information, and visit frequency preferences you provide when adding facilities to your portfolio.

Location Data: With your explicit permission, we access your device's location to power the Territory Map feature. Location data is used in real-time to display your position relative to facilities and is not stored on our servers or tracked over time.

Visit History: Check-in/check-out times, facility visited, procedure types, surgeon names, and notes you provide when logging visits.

Community Content: Posts, replies, facility ratings, and reviews you submit to the community feed. These are associated with your anonymous alias, not your real identity.

Device Information: We collect push notification tokens (to send credential expiration alerts), device type, and operating system version for app functionality and troubleshooting.

3. How We Use Your Information

We use your information exclusively to provide and improve RepVault's features:

• Store and organize your credential documents across facilities
• Calculate credential expiration status and generate planner tasks
• Display your facilities on the Territory Map
• Send push notifications for expiring credentials
• Log and display your visit history
• Power the anonymous community feed and facility ratings
• Improve app performance and fix bugs

We do not use your data for advertising, profiling, or any purpose unrelated to RepVault's core functionality.

4. Data Storage and Security

Your data is stored securely using Supabase, which provides enterprise-grade PostgreSQL databases with row-level security, encrypted connections (TLS), and encrypted storage at rest. Document images are stored in Supabase Storage with access restricted to your authenticated account.

We implement the following security measures:

• Row-level security (RLS) ensuring users can only access their own data
• Encrypted data transmission (HTTPS/TLS)
• Encrypted storage at rest (AES-256)
• Secure authentication via Supabase Auth with hashed passwords
• No plain-text storage of sensitive credentials

5. Data Sharing

We never sell your personal data. We share information only in the following limited circumstances:

• Community content: Posts and reviews you submit are visible to other RepVault users under your anonymous alias
• Service providers: We use Supabase (database/auth), Expo (push notifications), and Anthropic's Claude API (credential scanning AI) to operate the app. These providers process data only as needed to provide their services
• Legal requirements: We may disclose information if required by law, court order, or governmental request

6. AI-Powered Credential Scanning

When you scan a credential, the document image is sent to Anthropic's Claude API for text extraction. The API processes the image to identify credential type, dates, and other fields, then returns the extracted data. Anthropic does not store or retain the images sent through their API. The extracted data is stored only in your RepVault account.

7. Location Data

The Territory Map feature requires location permission to show your position on the map. This permission is optional — the app functions without it. We use Apple's and Google's geocoding services to convert facility addresses into map coordinates. Your real-time location is never stored on our servers, logged, or shared with third parties.

8. Your Rights and Choices

You have the following rights regarding your data:

• Access: View all data associated with your account within the app
• Export: Export your credential and visit data through the Export Data feature in Settings
• Deletion: Delete your account and all associated data at any time through Settings. Deletion is permanent and irreversible
• Location: Revoke location permission at any time through your device settings
• Notifications: Disable push notifications at any time through your device settings or in-app notification preferences

9. Data Retention

We retain your data for as long as your account is active. When you delete your account, all personal data — including credential documents, visit history, facility information, and community posts — is permanently deleted within 30 days. Anonymized, aggregated data (such as average facility ratings) may be retained for product improvement.

10. Children's Privacy

RepVault is designed for professional use by adults. We do not knowingly collect information from anyone under the age of 16. If we learn that we have collected personal information from a child under 16, we will delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy in the app and updating the "Last updated" date. Continued use of RepVault after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: privacy@repvault.app