Your customer data is yours. We protect it like it is.
MyRepDay holds your full customer book — names, contact details, call history, classifications, visit notes. Here's exactly what we do to keep it safe, private, and under your control.
Two-factor authentication — mandatory
Every MyRepDay account requires two-factor authentication via an authenticator app (Google Authenticator, Authy, 1Password, etc.). 2FA is set up on first login and re-verified on every new browser. Trusted-device tokens expire after seven days — there's no way to permanently skip it.
Invite-only access — no public sign-up
Reps cannot create their own accounts. Admins invite team members by email; each person sets their own password via a time-limited single-use link. If someone leaves your team, their access is cut off the moment an Admin deactivates them. No orphaned accounts, no shared logins.
Your data is completely isolated
Every organisation in MyRepDay operates in its own siloed data environment. Your customer records, call history, territory maps, and rep data are never visible to — or queryable by — any other organisation. There is no shared namespace, no leaking of identifiers between tenants.
Role-based access, enforced server-side
Three roles — Rep, Manager, and Admin — each get only the access they need. Access controls are enforced on the server, not just in the UI. A Rep cannot access another rep's data, and non-Admin users cannot reach Admin functions even if they know the URL.
Encrypted in transit — always
All traffic to MyRepDay — both the marketing site and the product app — is served over HTTPS/TLS. Plain HTTP requests are 301-redirected to HTTPS automatically. Credentials, customer records, and all API calls travel encrypted end-to-end.
Session security
Sessions are invalidated immediately on sign-out. Session cookies are flagged Secure and HttpOnly — they can't be read by JavaScript or transmitted over plain HTTP. Stale session records are cleaned up server-side.
Payments handled by Stripe — we never see card data
Subscription billing is processed entirely by Stripe, a PCI DSS Level 1 certified payment processor. Your card details are entered directly into Stripe's secure hosted form and are never transmitted to or stored on MyRepDay's servers. We hold only a Stripe customer ID and subscription status.
Your data, your property
The customer records, call logs, classifications, and notes you enter into MyRepDay belong to your organisation, not us. We don't sell your data, don't use it to train models, and don't share it with third parties except the small number of infrastructure providers required to run the service — listed in our Privacy Policy.
Built and hosted in Australia
MyRepDay is designed, developed, and operated by Stacksy, an Australian software studio. The application is hosted on infrastructure in Australia, and your data does not leave Australian jurisdiction as part of normal operations. We operate in alignment with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).
Data retention and deletion
Your data is retained for the life of your subscription. After cancellation we retain it for 90 days to allow for account recovery — then it is permanently deleted. You can also request early deletion at any time by contacting us.
Backups and availability
Customer data is stored on AWS RDS (Amazon Relational Database Service) with automated daily backups and point-in-time recovery. Database backups are retained for 7 days. Backup restoration is tested as part of our standard operational procedures.
Responsible disclosure
Found a security issue? Email hello@myrepday.com with "Security" in the subject line. We'll acknowledge within one business day and keep you informed as we investigate. We won't take legal action against good-faith security researchers.
Questions about our security posture, data handling, or compliance requirements? Email hello@myrepday.com — we're happy to answer directly.
Ready to get started?
Try MyRepDay free for 14 days. No credit card required until you're ready.