Privacy Policy
Last Updated: December 2024
Introduction
Replyo ("we", "our", or "us") provides an AI-powered customer support platform for e-commerce stores. This Privacy Policy explains how we collect, use, and protect data when you use the Replyo platform and Shopify App.
Data We Collect
When you create a Replyo account:
- Email address
- Name (optional)
- Company name (optional)
- Payment information (processed securely by Stripe)
When you install the Replyo Shopify App:
We access the following data from your Shopify store with read-only permissions:
Store Data
- Store name and domain
- Store owner email (for account linking)
Product Data
- Product titles, descriptions, and variants
- Product prices and inventory status
- Product images and tags
Order Data
- Order numbers and status
- Shipping and tracking information
- Order line items and fulfillment status
Customer Data
- Customer names and email addresses
- Order history per customer
We do NOT access:
- Payment information or credit card details
- Store financial data or revenue
- Staff account credentials
- Shopify Payments data
How We Use Your Data
We use your data exclusively to:
- Provide AI Customer Support: Your product and order data enables our AI to answer customer questions accurately about order status, product information, and shipping updates.
- Identify Customers: We use customer email addresses to match support inquiries with their order history for personalized responses.
- Track Support Requests: We store customer inquiries and AI responses for quality assurance and your review in the dashboard.
- Display Analytics: We aggregate ticket data to show you support performance metrics.
- Improve Our Service: We analyze usage patterns to improve the Replyo platform (never selling data to third parties).
Data Storage and Security
- All data is encrypted at rest using AES-256 encryption
- All data transfers use TLS 1.3 encryption (HTTPS)
- We use Supabase (PostgreSQL) with row-level security policies
- Access tokens are encrypted and stored securely
- Regular security audits and penetration testing
- We do not sell or share your data with third parties for marketing
Data Retention
- Active Accounts: We retain your data while your account is active
- After Account Deletion: We delete all account data within 30 days
- After App Uninstall: We delete all Shopify store data within 48 hours
- Support Tickets: Retained for 2 years for quality assurance, then anonymized
- GDPR Requests: Processed within 30 days
GDPR & CCPA Compliance
We comply with GDPR (EU), CCPA (California), and other applicable privacy regulations.
Your Rights
You have the right to:
- Access: Request a copy of all data we hold about you
- Rectification: Request correction of inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Portability: Export your data in a machine-readable format
- Objection: Object to certain types of data processing
- Withdraw Consent: Withdraw consent at any time
Customer Data Requests
If an end customer (your customer) requests their data, we will compile and provide all data within 30 days. We will delete their data upon request within 30 days.
Store Data Deletion
When you uninstall the Shopify app, all store data is automatically queued for deletion within 48 hours. You will receive confirmation via email.
Third-Party Services
We use the following third-party services to operate Replyo:
| Service | Purpose | Data Processed |
|---|---|---|
| Supabase | Database hosting | All app data (EU servers available) |
| Anthropic/OpenAI | AI responses | Customer messages (not used for training) |
| Stripe | Payment processing | Payment details (PCI compliant) |
| Vercel | Web hosting | Application logs |
| Fly.io | Shopify app hosting | Session data |
AI Data Usage
Customer messages sent to AI providers are not used for model training, not stored beyond the request, and processed under data processing agreements.
Cookies
We use essential cookies for:
- Session management
- Authentication
- Security (CSRF protection)
We do not use tracking or advertising cookies.
Children's Privacy
Replyo is not intended for use by children under 16. We do not knowingly collect data from children.
International Data Transfers
If you are located outside the Netherlands, your data may be transferred to and processed in the Netherlands or other countries where our service providers operate. We ensure appropriate safeguards are in place (Standard Contractual Clauses).
Contact Us
For privacy-related inquiries:
- Email: privacy@usereplyo.com
- Support: support@usereplyo.com
To exercise your rights, email us with "Privacy Request" in the subject line.
Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes via email notification, in-app notification, or notice on our website. Continued use of Replyo after changes constitutes acceptance of the updated policy.