Privacy Policy

Last Updated: December 5, 2025

Effective Date: December 5, 2025

Back to HomeTerms of Service

Your Privacy Matters

ReplyWise AI ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services. We comply with GDPR, CCPA, and other applicable privacy regulations.

GDPR Compliant

We comply with the EU General Data Protection Regulation (GDPR) for all European users.

CCPA Compliant

We comply with the California Consumer Privacy Act (CCPA) for all California residents.

Table of Contents

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you provide to us directly when you:

  • Create an Account: Name, email address, password, phone number, business name, business address
  • Use the Services: Business information, Google Business Profile data, review content, response templates, brand voice preferences
  • Make Payments: Billing information (processed securely by Stripe; we do not store full credit card numbers)
  • Contact Us: Support inquiries, feedback, correspondence
  • Participate in Surveys: Optional feedback and survey responses

1.2 Information Collected Automatically

When you use our Services, we automatically collect:

  • Usage Data: Pages viewed, features used, time spent, click patterns, search queries
  • Device Information: IP address, browser type, operating system, device identifiers, screen resolution
  • Log Data: Access times, error logs, performance data, API requests
  • Cookies and Tracking: Session cookies, preference cookies, analytics cookies (see our Cookies Policy)

1.3 Information from Third Parties

We receive information from third-party services you connect to ReplyWise AI:

  • Google Business Profile: Business location data, reviews, ratings, customer information, review responses
  • OAuth Providers: Profile information when you sign in with Google or other providers
  • Payment Processors: Payment confirmation and billing information from Stripe

1.4 Sensitive Personal Information

We do not intentionally collect sensitive personal information such as racial or ethnic origin, political opinions, religious beliefs, genetic data, or health information. If you include such information in review responses or communications, you do so at your own discretion.

2. How We Use Your Information

We use the information we collect for the following purposes:

🎯 Provide and Improve Services

  • Operate and maintain the platform
  • Generate AI-powered review responses
  • Sync reviews from Google Business Profile
  • Send notifications about new reviews
  • Provide analytics and insights
  • Improve AI models and response quality

💳 Process Transactions

  • Process subscription payments
  • Send invoices and receipts
  • Manage billing and account changes
  • Prevent fraud and unauthorized transactions

📧 Communication

  • Send service updates and announcements
  • Respond to support requests
  • Send marketing communications (with your consent)
  • Notify you of new features

🔒 Security and Compliance

  • Detect and prevent fraud, abuse, and security threats
  • Enforce our Terms of Service
  • Comply with legal obligations
  • Protect rights and safety of users

📊 Analytics and Research

  • Analyze usage patterns and trends
  • Conduct research to improve our Services
  • Create aggregated, anonymized statistics
  • Develop new features and products

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

4.1 Service Providers

We share data with trusted third-party service providers who help us operate our Services:

  • OpenAI: AI language model processing for response generation
  • Pinecone: Vector database storage for brand voice learning
  • Stripe: Payment processing and billing
  • Supabase: Database hosting and authentication
  • Resend: Email delivery services
  • Cloud Infrastructure: Hosting and storage providers (AWS, Vercel, Railway)

These providers are contractually required to protect your data and use it only for the specified purposes.

4.2 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change and your choices.

4.3 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal processes (subpoenas, court orders, search warrants)
  • Government or regulatory requests
  • Protection of our legal rights or property
  • Prevention of fraud, security threats, or illegal activity
  • Protection of safety of users or the public

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

4.5 Aggregated Data

We may share aggregated, anonymized data that cannot identify you personally for research, marketing, or other business purposes.

5. International Data Transfers

ReplyWise AI is based in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries.

5.1 EU-U.S. Data Transfers

For users in the European Economic Area, UK, and Switzerland, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Your explicit consent for specific transfers

5.2 Safeguards

We implement appropriate safeguards to ensure your data receives adequate protection regardless of where it is processed, including encryption, access controls, and contractual protections.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Services while your account is active
  • Comply with legal obligations (e.g., tax records: 7 years)
  • Resolve disputes and enforce our agreements
  • Prevent fraud and abuse

Retention Periods

  • Account Data: Duration of account + 30 days after deletion
  • Review Data: Duration of account + 90 days
  • Billing Records: 7 years (legal requirement)
  • Support Tickets: 3 years after resolution
  • Marketing Data: Until consent is withdrawn + 30 days
  • Log Data: 90 days

After these periods, we will securely delete or anonymize your data unless we are legally required to retain it longer.

7. Data Security

We implement comprehensive security measures to protect your information:

🔐 Encryption

  • TLS/SSL encryption in transit
  • AES-256 encryption at rest
  • Encrypted database backups

🛡️ Access Controls

  • Role-based access control
  • Multi-factor authentication
  • Regular access reviews

🔍 Monitoring

  • 24/7 security monitoring
  • Intrusion detection systems
  • Regular security audits

✅ Compliance

  • SOC 2 Type II (in progress)
  • GDPR compliance
  • Regular penetration testing

Important: While we use industry-standard security measures, no system is 100% secure. You are responsible for maintaining the security of your account credentials.

8. Your Privacy Rights

Depending on your location, you have certain rights regarding your personal information:

Access

Request a copy of the personal information we hold about you

Correction

Request correction of inaccurate or incomplete information

Deletion

Request deletion of your personal information (subject to legal obligations)

Data Portability

Request a copy of your data in a machine-readable format

Object to Processing

Object to processing based on legitimate interests or direct marketing

Restrict Processing

Request restriction of processing in certain circumstances

Withdraw Consent

Withdraw consent for processing based on consent (e.g., marketing emails)

How to Exercise Your Rights

To exercise any of these rights, you can:

  • Email us at: privacy@replywise.ai
  • Use the data controls in your account settings
  • Contact our Data Protection Officer (DPO) for GDPR inquiries

We will respond to your request within 30 days (or as required by applicable law).

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

9.1 Right to Know

You have the right to request that we disclose:

  • Categories of personal information we collected about you
  • Categories of sources from which we collected personal information
  • Business or commercial purpose for collecting personal information
  • Categories of third parties with whom we share personal information
  • Specific pieces of personal information we collected

9.2 Right to Delete

You have the right to request deletion of personal information we collected from you, subject to certain exceptions (e.g., legal obligations, fraud prevention).

9.3 Right to Opt-Out of Sale

We do not sell your personal information. We do not and will not sell your personal information to third parties for monetary or other valuable consideration.

9.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights. We will not:

  • Deny you goods or services
  • Charge different prices or rates
  • Provide different quality of services
  • Suggest you will receive different prices or quality of services

9.5 Authorized Agent

You may designate an authorized agent to make a CCPA request on your behalf. We will require written authorization or a power of attorney to verify the agent's authority.

CCPA Categories Collected

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers (name, email, IP address)
  • Commercial information (subscription data, payment history)
  • Internet activity (usage data, device information)
  • Professional information (business name, industry)
  • Inferences (preferences, characteristics)

10. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

10.1 Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have not complied with GDPR. However, we encourage you to contact us first so we can address your concerns.

10.2 Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer:

Email: dpo@replywise.ai

10.3 Automated Decision-Making

Our AI generates response suggestions, but all final decisions to publish responses are made by you (the user). We do not use automated decision-making that produces legal effects or similarly significant effects without human involvement.

10.4 EU Representative

We have appointed an EU representative in accordance with GDPR Article 27. Contact details available upon request.

11. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience. For detailed information, please see our Cookies Policy.

Types of Cookies We Use

Essential Cookies

Required for the Services to function (e.g., authentication, security)

Analytics Cookies

Help us understand how you use the Services (e.g., Google Analytics)

Preference Cookies

Remember your settings and preferences

You can control cookies through your browser settings. Disabling essential cookies may impact functionality.

12. Children's Privacy

Our Services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

If we discover that we have collected personal information from a child under 18, we will promptly delete that information from our systems.

13. Third-Party Services

Our Services integrate with third-party services that have their own privacy policies:

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Update the "Last Updated" date at the top of this policy
  • Notify you via email of material changes at least 30 days before they take effect
  • Display a prominent notice on our Services
  • Request your consent if required by law

Your continued use of the Services after changes become effective constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

ReplyWise AI - Privacy Team

Privacy Inquiries: privacy@replywise.ai

Data Protection Officer (GDPR): dpo@replywise.ai

General Support: support@replywise.ai

Website: https://replywise.ai

Response Time

We strive to respond to all privacy inquiries within 30 days (or as required by applicable law). For urgent matters, please mark your email as "URGENT - Privacy Request."

Your Privacy Is Important to Us

We are committed to protecting your privacy and handling your data responsibly in compliance with GDPR, CCPA, and other applicable privacy laws. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

Terms of ServiceCookies PolicyContact Us