Privacy Policy

Effective date: June 13, 2026

Seanboy, Inc ("Seanboy," "we," "us," or "our"), doing business as URep, operates the website at urep.me and the URep application (together, the "Service"). Seanboy, Inc is the data controller of the information collected from and about you when you use the Service.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service. URep is a tool for creators: you connect your Gmail and Instagram accounts, and the Service uses automated systems and artificial intelligence to identify and prioritize legitimate brand-partnership opportunities, help you draft responses, and track potential deal flow — so you spend less time managing your inbox.

If you choose not to provide certain information or to connect certain accounts, some features may not function as intended or at all.

1. Information We Collect

We collect the following types of information:

2. How We Use Your Information

We use the information we collect to:

3. Cookies and Similar Technologies

URep is a web application and uses cookies and similar technologies that are strictly necessary to operate the Service — primarily to keep you signed in and to maintain your session securely.

We do not use cookies for advertising or cross-site behavioral tracking, and we do not currently use third-party analytics. You can control or block cookies through your browser settings, though disabling strictly-necessary cookies may prevent the Service from functioning.

Do Not Track and Global Privacy Control. Some browsers offer a "Do Not Track" (DNT) signal or a Global Privacy Control (GPC) signal that lets you express a preference not to be tracked. Because we do not sell or share personal information, do not display advertising, and do not track you across third-party websites, there is no cross-site tracking or "sale" for these signals to opt out of, and we do not change our strictly-necessary-only cookie practices in response to them. You can still manage cookies at any time through your browser settings.

4. Automated Processing and AI-Assisted Features

URep uses automated systems, including artificial intelligence, to evaluate, score, and prioritize inbound communications based on whether they appear to be legitimate brand-partnership opportunities, and to generate suggested draft replies.

These features are decision-support tools: they assist you, but you remain in control. URep does not send messages, accept or decline deals, or take other actions with legal or similarly significant effects automatically. You review, edit, and approve any draft before it is sent, and you make the final decision on every opportunity. To the extent any processing constitutes automated decision-making under Article 22 of the GDPR, you have the right to request human review — and in practice, a human (you) is already in the loop for every consequential action.

5. Legal Bases for Processing

Some jurisdictions require a "legal basis" for processing personal information. Where those laws apply, our legal bases are:

6. How We Share Information

We do not sell your personal information. We share data only with the service providers and in the circumstances listed below. All service providers act on our behalf and are permitted to use the data only to provide services to us, not for their own purposes.

Outbound replies you approve are sent through your own connected Gmail account; we do not route the content of your replies through a separate bulk-email provider.

7. Google API Services User Data Policy (Limited Use)

URep's access to, use, storage, and sharing of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We request the standard openid, email, and profile scopes to sign you in and show your basic account profile, and the Gmail API gmail.modify scope so URep can read your incoming email to identify, classify, summarize, and organize brand-partnership opportunities; send the replies you compose or approve; and label and organize threads at your direction. Specifically:

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service, and thereafter only as required to comply with our legal obligations, resolve disputes, and enforce our agreements. You can request deletion of all your data at any time through the Settings page or by contacting us.

Content minimization. To limit how long we hold the raw content of your email, the full message bodies of conversations you are no longer actively working — those classified as spam, low-priority, archived, or declined — are automatically purged after 90 days. The associated deal metadata (such as subject, sender, status, and AI summaries) and the content of your active deals are retained for as long as needed to provide the Service.

9. Data Deletion

You can delete all your data — including threads, messages, deal history, connected accounts, and settings — from the Data & Privacy section in Settings. If you remove URep from your Facebook or Instagram account, we automatically process a data-deletion request via Meta's data-deletion callback.

10. Security

We implement administrative, technical, and physical safeguards to protect your data, including encrypted OAuth tokens (AES-256-GCM), HTTPS-only connections, scoped per-user access controls, and signature verification for inbound webhook payloads. However, no method of transmission over the internet or method of electronic storage is completely secure.

11. Children

The Service is intended for users who are 18 years of age or older. It is not directed to children, and we do not knowingly collect personal information from anyone under 18. If we learn that we have collected such information, we will delete it. If you believe a minor has provided us information, please contact us.

12. International Users and Data Transfers

The Service is operated from, and your data is stored in, the United States. If you access the Service from outside the United States, you understand your information will be transferred to and processed in the United States.

For users in the United Kingdom and the European Economic Area: where we transfer personal information out of the UK/EEA, we rely on appropriate safeguards such as the Standard Contractual Clauses (and the UK Addendum) or another valid transfer mechanism. You also have the right to lodge a complaint with your local data protection supervisory authority (see Section 13).

13. Your Rights and Choices

a. General rights. Depending on your jurisdiction, you may have the right to:

Some information may be exempt from these requests under applicable law — for example, information we must retain to provide the Service or to comply with our legal obligations.

Identity verification. Before responding to a request, we take reasonable steps to verify your identity, which may include verifying your name and the email address associated with your account, appropriate to the sensitivity of the information and the type of request.

Authorized agents. You may designate an authorized agent to submit requests on your behalf. To be verified, the agent must provide signed written permission or a power of attorney, and we may follow up with you directly to confirm.

Appeals. Depending on applicable law, you may have the right to appeal a decision to deny your request. If we deny a request, we will explain how to appeal where that right applies.

Supervisory authority. If you are in the UK or EEA, you also have the right to lodge a complaint with your local data protection supervisory authority.

How to exercise your rights. Contact us at privacy@urep.me.

b. Marketing communications. If we send marketing emails, you can unsubscribe via the link in those emails. Even if you opt out of marketing, you will continue to receive administrative messages — such as account notices, security alerts, and updates to our policies.

14. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended (the "CCPA"), requires us to disclose the following.

Categories of personal information we collect:

We use and share these categories for the business purposes described throughout this Policy (see Sections 1, 2, and 6).

We do not sell or share your personal information as those terms are defined under the CCPA — we do not sell personal information, and we do not share it for cross-context behavioral advertising.

Sensitive personal information. To the extent any information we process is "sensitive personal information" under the CCPA, we use it only as necessary to provide the Service and for the limited purposes permitted by law, and not for inferring characteristics about you. You may have the right to limit our use of sensitive personal information.

Shine the Light. California residents may request a list of third parties to which we have disclosed certain personal information for those third parties' direct-marketing purposes in the prior year. We do not share personal information with third parties for their direct-marketing purposes.

To exercise any California right, see Section 13.

15. Aggregate / De-Identified Information

We may aggregate and/or de-identify information so that it can no longer reasonably be linked to you or your device. We may use and share such aggregate or de-identified information for any lawful purpose, and we will maintain and use it in de-identified form and not attempt to re-identify it, except as permitted by law.

16. Data Breach Notification

In the event of a data breach affecting your personal information, we will notify you and the relevant authorities as required by, and within the timeframes set by, applicable law.

17. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and revise the effective date. If we make a material change to how we use your data, we will provide appropriate notice — by email and/or an in-app notice before the change takes effect — in accordance with legal requirements.

18. Contact Us

If you have questions about this Privacy Policy or your data, contact us at: privacy@urep.me

Seanboy, Inc (DBA URep)