Repute legal
Privacy Notice
A plain-language privacy notice for visitor records handled through Repute.
Last updated: June 2026
What Repute processes
Depending on customer settings and user actions, Repute may process visitor name, document type, document number, optional visitor mobile number, country code, destination building, destination unit, purpose of visit, delivery company, notes, timestamps, staff identity, organization identity, internal IDs, staff IDs, session data, and optional document photos.
Why it is processed
Visitor data is processed to provide a digital visitor log, support building operations, improve guard accountability, let authorized management retrieve records, assist with legitimate inquiries or disputes, protect the service, detect abuse, troubleshoot issues, and comply with legal obligations.
Customer control
Customer organizations decide who receives access, which buildings and staff are configured, what operational notices are provided to visitors, whether optional details are collected, and how visitor records are used inside their own operational and legal obligations.
Access controls
Access is role-based. Repute admins manage customer organizations. Customer managers manage their buildings, units, managers, staff, and records. Staff accounts are designed for mobile guard workflows and cannot edit management data.
Retention
Visitor logs are designed for a five-year retention period unless a different written arrangement, legal requirement, or deletion workflow applies. Staff-facing mobile views are intentionally limited to recent records. Retention settings may be implemented through scheduled deletion jobs and private-object cleanup.
Data sharing
We may share data with infrastructure providers, subprocessors, professional advisers, authorities where legally required, or customer-authorized recipients. We do not sell visitor log data.
Privacy requests
Visitors and users may contact the relevant customer organization for requests about visitor records. Repute may support the customer where reasonably possible, but customer organizations are usually best placed to verify identity, legal basis, and building-specific context.
Security
We design Repute with role-based access, server-side authorization, private storage for sensitive photos, temporary signed URLs, telemetry redaction, limited data exposure, password controls, session controls, production configuration checks, and retention controls. No security program removes all risk.
Contact
For privacy questions, contact hello@repute.ae. Customers should not send sensitive visitor records through ordinary email unless necessary and authorized.