1 Vision USA Security ADT Authorized Dealer ← Back
← Back

Privacy Policy

Last updated: May 22, 2026

Blackwolf AI USA, LLC ("Provider," "we," or "us") operates the RepConnect platform (the "Service"). This Privacy Policy explains how we collect, use, store, and protect information when you use the Service as an authorized user of a customer organization. By using the Service, you agree to the practices described here. For data collected from consumers in connection with the underlying customer relationship (payment authorizations, TCPA opt-ins, service-activation agreements), see the customer organization's separately published consumer-facing privacy notice — that relationship is between the consumer and the customer organization, not Provider.

1. Information We Collect

We collect information necessary to provide and operate the Service:

Account Information

When an account is created for you, we collect your name, email address, and assigned role within the platform. Administrators may also collect your phone number and any notes provided during onboarding.

Rep Profile Data

For rep accounts, we store information needed to identify you on customer-facing work orders, including display name, contact phone, and an optional badge photo you upload.

Work-Order and Operational Data

The Service stores information you submit through it on behalf of the customer organization, including consumer contact information, service addresses, equipment selected, plan and pricing details, dispatch and scheduling data, TCPA opt-in records (with IP address, user agent, and disclosure-text snapshot), and tokenized payment references. This data is the property of the customer organization; Provider holds it on the customer organization's behalf.

Usage and Activity Data

We maintain audit logs that record actions performed within the platform, including login events, work-order submissions, data modifications, reveal events on encrypted records, and system operations. This data is used for security monitoring, compliance, and troubleshooting.

Communications Data

If SMS, email, or push-notification features are enabled, we process the message destination (phone number, email, or device token), message content, delivery status, and responses in order to facilitate dispatch notifications, opt-in capture, and rep alerts.

Technical Data

We automatically collect IP address, browser/user-agent, timestamps, and device-token information necessary to operate the Service securely and to maintain auditable consent records.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and operate the Service, including authentication, work-order capture, dispatch coordination, and rep notifications
  • To support PCI-compliant payment-information tokenization through our payment-processor partner
  • To maintain audit trails for security, accountability, and compliance — including TCPA consent records that may be required by law for several years
  • To send operational notifications (SMS, email, push) related to your role
  • To provide customer support and respond to inquiries
  • To monitor, maintain, and improve the performance and reliability of the Service

We do not sell your personal information, share it for cross-context behavioral advertising, or use it for marketing unrelated to the Service.

3. Third-Party Service Providers

We use trusted third-party service providers to operate the Service. These providers process data only as necessary to perform their functions and are bound by their own privacy and security obligations:

  • Supabase, Inc. — Database hosting and user authentication. Data is stored in secure, encrypted cloud infrastructure in the United States.
  • Vercel Inc. — Application hosting and content delivery. The Service is hosted on Vercel's infrastructure in the United States.
  • Modal Labs, Inc. — Serverless compute for webhook processing, scheduled jobs, and integration handlers.
  • Twilio Inc. — SMS and messaging services for opt-in capture, payment-link delivery, and rep notifications (where enabled).
  • Google LLC — Mapping, geocoding, and address-autocomplete services for service-address validation.
  • Payment-processor partner — PCI-compliant tokenization and payment-method capture. Card details are encrypted in transit and at rest; the customer organization processes the actual charge.

We do not sell, rent, or trade your personal information to third parties. Our service providers are used solely to operate and deliver the Service.

4. Data Retention

We retain data for as long as the customer organization maintains an active subscription to the Service. Specific retention periods include:

  • Account and profile data: Retained for the duration of the subscription.
  • Work-order and consent data: Retained for the duration of the subscription and for any longer period required by law (TCPA consent records may be retained for several years).
  • Audit logs: Retained for up to two (2) years for compliance and security purposes.
  • Encrypted card data: Purged within 72 hours of submission or immediately after the charge is processed, whichever is sooner. Only the last four digits, card brand, and processing timestamp are retained for record-keeping.
  • SMS and messaging logs: Retained for up to one (1) year for compliance and operational review.

Upon termination of the customer organization's subscription, data will be available for export for thirty (30) days. After this period, data will be permanently deleted within ninety (90) days unless a longer retention period is required by law.

5. Data Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS 1.2 or higher
  • Sensitive data (card details, PII) is encrypted at rest with AES-256-GCM, with encryption keys stored in a managed secrets vault separate from the data
  • Database access is controlled by row-level security policies that restrict data visibility based on user roles
  • Authentication is managed through secure token-based sessions
  • Role-based access controls ensure users can only access data relevant to their role; every reveal of encrypted data is audit-logged with the user's identity, time, and IP
  • No public-facing data endpoints exist — all data access requires authentication

While we take reasonable measures to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

6. Your Rights

Subject to applicable law, you may:

  • Access: request a copy of the personal information we hold about you.
  • Correction: update or correct inaccurate information through the platform or by contacting us.
  • Deletion: request deletion of your account and associated personal data, subject to any legal retention requirements.

To exercise any of these rights, please contact your organization's administrator or reach out to us directly at the contact information below.

7. Consumer Data and the Customer Relationship

Consumer-facing transactions executed through the Service — payment authorizations, recurring-charge consents, TCPA opt-ins, and service-activation agreements — are between the consumer and the customer organization. Provider holds the underlying records on behalf of the customer organization but is not a party to those transactions. Consumers should consult the customer organization's separately published consumer-facing privacy notice for the terms governing those records.

8. Children

The Service is not directed at children under 13 and we do not knowingly collect their information.

9. Cookies and Tracking

The Service uses only the cookies and local-storage entries required to keep your session secure, remember your authentication state, and provide core platform functionality. We do not use third-party advertising cookies, analytics SDKs, or behavioral tracking on rep-facing pages.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify users of material changes by posting the updated policy with a revised "Last updated" date. Continued use of the Service after changes are posted constitutes acceptance of the updated policy.

Contact

If you have questions about this Privacy Policy or our data practices, please contact us at: privacy@blackwolfai.com

Blackwolf AI USA, LLC

RepConnect is a Blackwolf AI USA product