Privacy Policy

Local-first design

MyRep is designed to help you review risky messages, documents, payment requests, offers, and other trust decisions before you act. In the current MVP, saved cases, profile context, connector preparation states, verification checks, and local backups are stored in your browser on your device.

What may be stored locally

• Case text that you paste, share, upload, or describe.
• Risk review results, red flags, verification steps, safer drafts, and reports.
• Optional profile context such as country, language, trusted contacts, services, and common risk concerns.
• Local checklist and Representative Agent preparation states.
• Local backup files only when you choose to export them.

What not to store

Do not store passwords, one-time codes, full card details, private keys, bank login data, government credentials, or other secrets in MyRep. If something includes sensitive details, remove or redact them before saving or sharing a report.

Who is responsible

MyRep by Azora is the controller for the limited personal data processed by this service. Contact for privacy questions, data requests, and deletion: support@azora.lt.

AI analysis

When live AI mode is active, the case text you submit and selected safe context are sent to OpenAI (the AI provider) for structured analysis, under the OpenAI API data usage terms. MyRep servers do not store the submitted case text. When live AI is unavailable, MyRep analyzes the case locally in your browser instead. Before submitting, remove secrets, credentials, card numbers, and personal details that are not needed for the check — the analysis works on the risky message itself.

Service providers (processors)

• Netlify hosts the website and serverless functions.
• OpenAI processes case text for live AI analysis only when you request an analysis.
• Supabase provides optional account sign-in (email, session). Passwords are never stored by MyRep itself.
• Stripe handles payments on Stripe-hosted pages. Card data never reaches MyRep servers and is never stored by us.

International processing

Some processors operate outside the EU/EEA: OpenAI (AI analysis) and Stripe (payments) are based in the United States, and Netlify and Supabase may process data outside the EU/EEA. Where personal data is transferred internationally, it is protected by appropriate safeguards such as the European Commission Standard Contractual Clauses. Write to support@azora.lt for details of the transfer mechanism.

Children

MyRep is not directed at children. You must be at least 16 years old, or the minimum age of digital consent in your country, to use MyRep.

Retention

Case data, profile context, checklists, and backups live in your browser until you delete them (Reset local data in Settings, or clearing browser data). Optional account data is kept while your account exists. Submitted case text is not retained on MyRep servers; OpenAI API retention follows the OpenAI API data policy.

Your rights

Under the GDPR you can access, correct, delete, export, and object to processing of your personal data. Local data is fully under your control inside the app (export and reset are built in). For account or payment data, write to support@azora.lt and we will action the request.

Lawful basis

We process data on the basis of your consent (when you submit a case for analysis), contract (when you create an account or buy a plan), and legitimate interest (keeping the service secure and abuse-free).

No automatic external action

MyRep does not automatically send messages, pay money, sign documents, submit forms, call anyone, or connect to external accounts. Connector screens in the MVP are preparation states unless a future version clearly asks for user authorization.

Future mobile apps

Future iOS and Android versions should keep the same approval-first privacy model. Native features such as share sheets, file pickers, OCR, camera capture, and notifications should be added only with clear user control.