Privacy Policy

Effective date: July 15, 2026

1. Scope

Scout Mesh is a product and service operated by Reppls, Inc., 1111B S Governors Ave, STE 21573, Dover, Delaware 19904, USA. This Privacy Policy applies to Scout Mesh websites, accounts, MCP gateway, billing, support, and related services (the “Services”). “Reppls,” “we,” “us,” and “our” mean Reppls, Inc.

Scout Mesh is a gateway that connects a customer's AI client or other MCP client to independent professional-data, company-data, public-web, and verification sources. Those clients and sources are third-party services with their own privacy practices, which we do not control.

2. Our role

We control account, billing, security, analytics, and service-administration information. Customers control why they submit a request, which tools they call, and how they use, retain, combine, disclose, or act on returned information. Depending on the processing and applicable law, Reppls may act as a controller, business, processor, or service provider. Contact us before use if your organization requires a data processing agreement.

3. Information we process

  • Account and organization data: name, email, profile image, organization, membership, roles, permissions, authentication events, sessions, API-key identifiers, security signals, and records of legal acceptance.
  • Billing data: billing contacts, payment-provider identifiers, payment status, credit balance, auto-top-up settings, refunds, promotions, and transaction history. Stripe processes payment-card details; we do not receive complete card numbers.
  • Usage and device data: source and tool called, time, units, record count, price, errors, client and session identifiers, user or organization attribution, IP address, browser and device information, page activity, diagnostics, and support or feedback messages.
  • Gateway traffic and Source Data: requests and provider responses transmitted through Scout Mesh. Depending on the source and request, responses may contain names, professional profiles, employment or education history, skills, location, public work, company information, job postings, contact details, verification results, or provider-supplied scores or inferences.

Scout Mesh transmits gateway traffic to authenticate and route a call, enforce limits, meter usage, return the provider response, secure the Services, and diagnose failures. Scout Mesh does not independently rank, score, evaluate, or recommend people. The connected client may transform or evaluate returned information under the customer's and client provider's controls.

The Scout Mesh account database is not designed to store complete Source Data. Gateway traffic may nevertheless be processed in transit and may appear temporarily in memory, operational or security logs, backups, or incident records. The selected source and connected client may separately retain it. Do not submit sensitive personal information, information about minors, secrets, or information you are not authorized to process.

4. Sources and purposes

We obtain information from customers and users; connected clients; identity, payment, analytics, support, and infrastructure providers; independent data providers; public websites and datasets; and use of the Services.

We use information to provide, meter, bill for, secure, maintain, analyze, and develop the Services; administer accounts and credits; communicate about the Services; respond to support; detect abuse; comply with law; enforce agreements; and conduct audits, claims, financing, or corporate transactions.

Where applicable law requires a legal basis, we may rely on performance of a contract, compliance with law, consent, and our legitimate interests in operating, securing, administering, and developing a business service. Consent may be withdrawn where applicable without affecting earlier processing.

5. Disclosures

We may disclose information to:

  • the independent source requested through the connected client;
  • the customer's connected client, which receives the provider response;
  • providers supporting identity, hosting, infrastructure, analytics, payments, security, support, and professional advice;
  • the customer's organization administrators;
  • authorities or other parties where required by law or reasonably necessary to protect rights, safety, security, or the Services; and
  • participants in a financing, merger, reorganization, sale, or similar transaction.

These parties may process information under their own agreements and privacy practices. Independent sources and connected clients are not our agents merely because they interoperate with Scout Mesh.

6. Professional data and U.S. state disclosures

We do not sell customer account information for money or share personal information for cross-context behavioral advertising. Scout Mesh does provide paid access to third-party professional and business information. Some laws may treat transmitting that Source Data to a customer as a “sale,” even though Scout Mesh acts as a gateway.

During the 12 months before this Policy's effective date, the statutory categories we may have processed were identifiers; customer-record information; commercial and transaction information; internet or electronic activity; approximate location; professional or employment information; education information; provider-supplied inferences; and account-authentication information. We collected these categories from the sources in Section 4 for the purposes in Section 4. We disclosed them to the categories in Section 5 for those purposes. The categories potentially sold were identifiers, customer-record information, internet activity, approximate location, professional or employment information, education information, and provider-supplied inferences; recipients were customers and their authorized users. We do not knowingly sell or share personal information of anyone under 16.

Subject to applicable law, verification, and exceptions, a person may request access, correction, deletion, or portability; object to or restrict processing; opt out of a covered sale, sharing, targeted advertising, or profiling; limit certain uses of sensitive information; withdraw consent; or appeal a decision. We may retain a suppression record where needed to honor a request or establish compliance. Independent sources control their own records, so a request may also need to be submitted directly to the relevant source. We will not unlawfully discriminate for exercising a privacy right.

7. Cookies and analytics

We use cookies or similar technologies for authentication, security, preferences, performance, analytics, diagnostics, and, where enabled, session replay. Browser or product controls may limit them, but blocking necessary storage may prevent features from working. We seek consent for non-essential technologies where required.

8. Retention, transfers, and security

We retain information for as long as reasonably necessary for the purposes described in this Policy, considering account status, information type and sensitivity, security, billing, tax, audit, disputes, backups, and legal requirements. Deletion from active systems may not immediately remove backups or records we must retain.

Information may be processed in the United States, European Union, and other countries with different laws. Where required, transfer mechanisms may include an adequacy decision or contractual safeguards.

We use administrative, technical, and organizational measures designed to protect information. No system is completely secure. Customers are responsible for their accounts, credentials, connected clients, exports, and copies of Source Data.

9. Children

The Services are a business tool, are not directed to anyone under 18, and may not be used intentionally to search for, enrich, or contact minors. Contact us if you believe we processed a child's information.

10. Changes and contact

We may update this Policy prospectively by posting a new version and effective date. We will give any additional notice required by law.

Email questions and privacy requests to contact@reppls.com, or write to Reppls, Inc., Attn: Privacy, 1111B S Governors Ave, STE 21573, Dover, DE 19904, USA. Identify whether the request concerns an account or a professional-data result and provide enough information for us to locate the record without sending unnecessary sensitive information. We may verify identity and authority and limit a request where permitted by law. You may also complain to an applicable data protection authority.