Privacy Policy

1. Information We Collect

Information you provide directly

• Email address — collected when you sign in via magic link or join our waitlist. Used for authentication and transactional communications.
• Gemini API key — optionally provided for BYOK (Bring Your Own Key) mode. Stored locally in your browser only; never sent to our servers.

Information collected automatically

• Usage data — token consumption counts, generation requests, and feature usage to operate the token system and detect abuse.
• Device and browser data — browser type, extension version, and operating system for debugging and compatibility.
• Social media post content — the text of posts you choose to generate replies for. This content is transmitted to our AI processing provider for real-time processing and is not stored on our servers after the response is returned.

Payment information

All payment processing is handled by our payment provider. We never receive or store your credit card details. Our payment provider may share a customer ID and subscription status with us to provision your account.

2. How We Use Your Information

• Authentication — to verify your identity via email magic links and maintain your session.
• Service delivery — to provide AI reply generation, manage your token balance, and enforce usage limits.
• Payment processing — to provision Pro access after a successful payment.
• Transactional email — to send sign-in links, receipts, and account notices. We do not send marketing emails without consent.
• Security and fraud prevention — to detect and prevent abuse of the trial or token system.
• Service improvement — aggregated, anonymised usage analytics to improve product quality.

3. How We Share Your Information

We do not sell your personal data. We share information only with the following categories of service providers, strictly to operate the Service:

• AI processing providers — receive post content you submit, solely to generate reply suggestions in real-time.
• Database infrastructure providers — store your account data (email, token balance, subscription status) in secure, encrypted storage.
• Email delivery providers — send transactional emails such as sign-in links and account notices.
• Payment processors — handle billing, subscriptions, and applicable tax collection on our behalf.

All service providers are bound by data processing agreements. We may disclose data if required by law, court order, or to protect our rights.

4. Data Retention

• Account data — retained while your account is active, and for up to 90 days after a deletion request to comply with legal obligations.
• Authentication tokens — magic link tokens expire automatically after 15 minutes.
• Post content — not retained after the AI response is returned. We do not build a history of your generated replies.
• Payment records — retained for 7 years as required by financial regulations, managed by our payment processor.

5. Your Rights

Depending on your location, you may have the following rights under GDPR, CCPA, or other applicable laws:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate data.
• Deletion — request deletion of your account and personal data.
• Portability — request your data in a machine-readable format.
• Objection / Restriction — object to or restrict certain processing activities.
• Opt-out of sale — we do not sell your data, so this right is inherently satisfied.

To exercise any of these rights, email support@replygen.app. We will respond within 30 days.

6. Cookies and Local Storage

Our website does not use tracking or advertising cookies. The Chrome extension uses chrome.storage.local to store your preferences, authentication state, and token balance locally on your device. This data never leaves your browser except as part of authenticated API calls to our backend.

7. Children's Privacy

The Service is not directed to children under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at support@replygen.app and we will promptly delete it.

8. International Data Transfers

Our infrastructure is primarily located in the United States and European Union. If you access the Service from outside these regions, your data may be transferred internationally. All transfers are subject to appropriate safeguards including Standard Contractual Clauses where required.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the effective date above and, where appropriate, by email. Continued use of the Service after changes constitutes acceptance.

10. Contact Us

For privacy questions, data requests, or to report a concern:

ReplyGen
India
Email: support@replygen.app