RepStar

Legal

Privacy Policy

How Maiden Labs LLC collects, uses, and protects the information you trust us with when you use RepStar.

Last updated April 15, 2026

At RepStar, our job is to help creators close more deals — on better terms, in less time — and to give brands a fast, trustworthy way to work with them. To do that, we handle information about you and about the deals you run. This Privacy Policy explains what we collect, why we collect it, and the choices you have. We wrote it to be readable; where we had to use precise language, we did.

At a glance

The short version, before the details below:

  • We collect the information you give us, the information your devices share with us, and — with your permission — data from services you connect.
  • We use it to run the AI Rep, negotiate and close deals, process payments, prevent fraud, comply with the law, and improve the Service.
  • We do not sell your personal information, and we do not share creator rate data with brands or third parties outside a specific deal.
  • You can access, correct, export, or delete your information any time — from your dashboard or by emailing privacy@repstar.ai.

1. Scope of this Policy

This Policy applies to personal information we collect in connection with the RepStar websites, apps, APIs, and related services (the "Service"), operated by Maiden Labs LLC ("RepStar," "we," "us," or "our"). It does not apply to the practices of brands, creators, or third-party services that you engage with through the Service; those are governed by their own policies.

2. Information We Collect

2.1 Information You Provide

  • Account & profile data: name, email address, phone number, password (stored only as a hash), date of birth (for age verification), role (creator or brand), company name, photo or avatar, and creator categories.
  • Creator profile & rates: biography, social handles, audience demographics (if you share them), content categories, rate cards, deliverable formats, usage preferences, and negotiation guardrails.
  • Brand profile: company name, brand website, category, billing contact, authorized users, and campaign briefs.
  • Deal & conversation content: messages sent through the Service, AI-generated drafts and replies, proposed and executed contracts, deliverables you submit, notes, and revision requests.
  • Payment data: we do not store full card or bank numbers. Payment processing is handled by Stripe, which collects payment credentials directly. We receive limited tokens, last-four digits, and transaction metadata.
  • Identity & tax data: for payouts, Stripe may collect government-issued ID, date of birth, and tax forms (W-9 or W-8BEN). Some of this is shared with us for compliance reporting.
  • Support & feedback: messages you send to our team, survey responses, and beta-program feedback.

2.2 Information Collected Automatically

  • Device & usage: IP address, device model, operating system, browser type, language, referring URL, pages viewed, actions taken, and approximate location derived from IP.
  • Logs & diagnostics: error traces, API latency, feature-flag evaluations, and performance metrics that help us debug and scale the Service.
  • Cookies & similar technologies: see Section 6.

2.3 Information from Third Parties

  • Social and platform APIs you connect (e.g., Instagram, TikTok, YouTube) — only the scopes you authorize.
  • Payment and identity processors (Stripe) — to confirm the status of payouts, chargebacks, and KYC.
  • Analytics and attribution providers — Google Analytics and similar tools, as described in Section 6.
  • Public sources — information you or your team have made publicly available, used only to populate and verify profiles.

3. How We Use Information

We use personal information to:

  • Provide the Service — run the AI Rep, route brand inquiries, draft and negotiate terms, generate contracts, track deliverables, and administer payouts.
  • Maintain and improve the Service — monitor performance, diagnose bugs, evaluate product changes, and build new features.
  • Personalize the AI Rep's behavior based on your profile, preferences, and historical deals.
  • Secure the Service — detect fraud, abuse, unauthorized access, account takeover, and violations of these Terms.
  • Communicate with you about account, transaction, security, and product updates. We only send marketing messages with your consent where required, and you can opt out at any time.
  • Comply with law — respond to lawful requests, enforce contracts, and meet tax, sanctions, and anti-money- laundering obligations.

4. AI Processing & Training

The AI Rep relies on large language models provided by Anthropic PBC and, in some cases, other model providers. When you exchange messages through the Service, the content of those messages, together with contextual information (your profile, preferences, and rate parameters), is sent to our model providers for inference. Our providers are contractually prohibited from using your content to train their models.

We may use aggregated and de-identified data derived from Service activity to evaluate and improve our own systems — for example, to measure how often the AI Rep closes deals within a target price band, or to identify prompts that produce poor outcomes. We never use identifiable creator rate data or contract terms to train third-party models, and we never sell this data.

You can request that we exclude your data from our internal evaluation datasets by emailing privacy@repstar.ai. This does not affect real-time inference, which is necessary to run the Service.

5. How We Share Information

We share personal information only as described below:

  • With the counterparty to a deal. Creator profile details and negotiated terms are shared with the brand on the other side of a conversation — that's how the product works. We don't share creator rate cards with anyone other than the brand actively negotiating that specific deal.
  • With service providers who process data on our behalf — hosting (AWS), payment processing (Stripe), AI infrastructure (Anthropic), analytics, error monitoring, email delivery, and customer support — under contracts that restrict their use of the data to the services they provide.
  • With your authorized team — for example, a manager, agency, or brand co-worker you've invited to your account.
  • For legal reasons — if we receive a valid legal process or have a good-faith belief that disclosure is required to comply with law, protect the safety of any person, or defend our rights.
  • In a business transition — if RepStar is involved in a merger, acquisition, financing, or sale of assets, your information may be transferred as part of that transaction, subject to notice of any material changes.

We do not sell personal information, and we do not share it for cross-context behavioral advertising.

6. Cookies & Tracking

We use cookies and similar technologies to keep you signed in, remember your preferences, understand how the Service is used, and keep the Service secure. We categorize them as follows:

  • Strictly necessary — required for the Service to function (authentication, load balancing, CSRF protection).
  • Analytics — let us measure usage and improve the Service. We currently use Google Analytics (property G-NZNSJSY6TN) with IP anonymization enabled.
  • Preferences — remember settings such as your display preferences.

You can control non-essential cookies through your browser settings or, where we offer it, through our in-app cookie banner. Blocking strictly-necessary cookies may cause parts of the Service to stop functioning.

7. Data Retention

We keep personal information for as long as it is needed to provide the Service and for legitimate business purposes (including dispute resolution, fraud prevention, and legal compliance). Specifically:

  • Account & profile data — while your account is active, and for up to 24 months after closure, unless a longer period is required by law.
  • Deal & contract data — for at least 7 years after the deal closes, to satisfy tax, accounting, and contract-administration requirements.
  • Messaging & AI logs — for 24 months after the conversation ends, or longer if tied to an open dispute.
  • Payment records — retained per Stripe's terms and applicable financial-recordkeeping laws.

After the retention period expires, we delete or anonymize the data so it can no longer be linked back to you.

8. Security

We take data security seriously. Our controls include TLS 1.2+ encryption in transit, AES-256 encryption at rest, role-based access controls, SSO and multi-factor authentication for employees, continuous monitoring, formal code review, periodic penetration testing, and an incident-response process. We align our program to SOC 2 Trust Services Criteria and are pursuing SOC 2 Type II attestation.

No system is perfectly secure. If we become aware of a security incident that materially affects your personal information, we will notify you consistent with applicable law. You can report suspected vulnerabilities to security@repstar.ai.

9. Your Rights & Choices

Regardless of where you live, you can always:

  • Access and correct your profile information from the dashboard.
  • Export the data you have provided to us by emailing privacy@repstar.ai.
  • Delete your account from Settings. Some records (for example, executed contracts and tax documents) will be retained for the periods described in Section 7.
  • Opt out of marketing emails using the unsubscribe link, or by writing to us. Transactional messages (deal updates, payment receipts, security alerts) will continue.

10. U.S. State Privacy Rights

If you live in California, Colorado, Connecticut, Utah, Virginia, Texas, Oregon, or another U.S. state with a comprehensive privacy law, you have additional rights, including the right to know, access, correct, delete, and port your personal information, and the right to opt out of targeted advertising, sale of personal information, or certain profiling. Because we do not sell personal information and do not use it for cross-context behavioral advertising, there is no opt-out to exercise in that respect. You may submit other requests through privacy@repstar.ai. We will verify your identity before responding. You may authorize an agent to submit a request on your behalf; the agent must present written permission.

11. European Privacy Rights

If you are in the European Economic Area, United Kingdom, or Switzerland, Maiden Labs LLC is the controller of your personal information. Our legal bases for processing are:

  • Performance of a contract (Art. 6(1)(b) GDPR) — to deliver the Service to you.
  • Legitimate interests (Art. 6(1)(f) GDPR) — for security, fraud prevention, and service improvement, balanced against your rights.
  • Legal obligation (Art. 6(1)(c) GDPR) — for tax, accounting, and regulatory requirements.
  • Consent (Art. 6(1)(a) GDPR) — for optional processing, such as non-essential cookies or marketing email; you can withdraw consent at any time.

You have the right to access, rectify, erase, restrict, object to, and port your personal data, and to lodge a complaint with your local supervisory authority. You can contact our EU representative at eu-rep@repstar.ai or our UK representative at uk-rep@repstar.ai.

12. International Transfers

RepStar is based in the United States, and the Service is operated from the U.S. Your data may be transferred to, stored, and processed in the U.S. and other countries where our service providers operate. Where we transfer personal data out of the EEA, UK, or Switzerland, we rely on European Commission adequacy decisions, Standard Contractual Clauses, or other legally recognized transfer mechanisms.

13. Children's Privacy

The Service is not directed to individuals under the age of 18, and we do not knowingly collect personal information from them. If you believe a child has provided personal information to us, write to privacy@repstar.ai and we will delete it.

14. Changes to this Policy

We may update this Policy from time to time. When we make material changes, we will notify you through the Service or by email at least fourteen (14) days before the changes take effect, except where a shorter period is required by law or where a change is favorable to you. The "Last updated" date at the top of this page reflects the most recent revision.

15. Contact

To exercise a privacy right, ask a question, or escalate a concern, write to us at privacy@repstar.ai or by post:

Maiden Labs LLC
Attn: Privacy
30 N Gould St STE R
Sheridan, WY 82801
United States

Questions?

We're happy to walk you through anything in this document. Reach our legal team at legal@repstar.ai.

Maiden Labs LLC · 30 N Gould St STE R, Sheridan, WY 82801 USA