Privacy Policy

At Reap, we value your privacy and are committed to protecting your personal information. This Privacy Policy outlines how we collect, use, share, and safeguard your data when you use our app. By accessing or using Reap, you agree to the terms and practices described in this policy.

What we collect
Email address — used for account creation, login, and password recovery only.
Username — your display name on the platform. Visible to other users in the forum.
Transaction history — records of which IBANs and tokens you've purchased, stored to fulfill orders.
Balance — your account balance for purchases. We do not store payment card details.
Device fingerprint — collected only during software (Reapware desktop) login to enforce single-device sessions.

A. Primary Purpose IBAN and UDID/AMID Validation: The primary purpose of collecting your data is to validate IBANs and UDIDs/AMIDs. These validations help ensure that data entered into the system is correct and complies with industry standards. Improving User Experience: We analyze usage data to improve the functionality of the app and optimize features. This helps us enhance the app’s performance and address any issues users may encounter. B. Payment Processing Fiat and Cryptocurrency Payments: Reap partners with third-party payment providers (such as AFDS) to process fiat and cryptocurrency payments. These services handle all payment information, including your credit card or cryptocurrency wallet details, and are governed by their own privacy policies. Data Handling: Payment-related data, including transaction details, is not stored by Reap. Instead, payment processors manage this data securely. We only share necessary data with these third parties to complete transactions.

What we do not collect
No phone data is ever saved online at any point.
No government ID, passport, or KYC documents.
No payment card numbers, bank account details, or crypto wallet keys.
No location data, browsing history, or behavioral tracking beyond basic session logs.
No selling or sharing of your data with third parties for advertising.

A. Third-Party Sharing Payment Processors: We may share some basic user information (such as your email address and transaction details) with payment processors for the purpose of facilitating fiat and cryptocurrency transactions. These processors are responsible for securing and handling your payment data according to their own privacy policies. Legal Requirements: If required by law, we may disclose your information to government authorities or legal bodies. This could include situations involving subpoenas, investigations, or other legal processes. B. Data Usage Improvement of Services: We may share aggregated, anonymized data with third-party partners for the purpose of improving the app, analyzing trends, and enhancing user experience. Marketing: We do not share your personal information for marketing purposes. We do not sell or rent your data to third parties.

How we use your data
Authentication and account security — verifying your identity on login and session management.
Order fulfillment — associating purchased IBANs and tokens with your account so you can access them in Orders.
Fraud prevention — detecting suspicious activity such as account sharing or policy violations.
Transactional email — confirmation emails and password resets only. No marketing unless you opt in.
Data storage & security
All data is stored in our database hosted on AWS. Data is encrypted at rest and in transit.
Passwords are never stored in plaintext. Authentication is handled by our Auth using bcrypt hashing.
Crypto payments are processed through cryptocurrency payments. We do not see or store your wallet addresses beyond what is provided in payment callbacks.
Your rights
Account deletion — email support@reap.la to request full account and data deletion. We will process within 7 days.
Data export — you can request a copy of your account data including order history at any time.
Corrections — contact us to correct inaccurate information associated with your account.
Contact
Privacy questions: support@reap.la

A. Jurisdiction and Legal Requirements U.S. Operations: Reap operates in the United States, and all data handling is subject to U.S. privacy laws and regulations. We comply with relevant federal and state privacy laws, including the California Consumer Privacy Act (CCPA) and others as applicable. International Transfers: If any data is transferred internationally, we ensure that the data is handled in compliance with applicable privacy laws, such as the General Data Protection Regulation (GDPR) for EU users. B. Minors Age Restrictions: Reap is strictly intended for users over the age of 18. We do not knowingly collect or solicit personal data from individuals under 18 years of age. If we discover that we have inadvertently collected data from a minor, we will take steps to delete such data as soon as possible.