Privacy Policy

Last updated: February 28, 2026

1. Who we are

Reploi (“we”, “us”, “our”) is an AI-powered Google Review reply tool operated by Reploi. Our website is reploi.com.

2. What data we collect

  • Account data: Your email address and name when you sign up.
  • Google Business data: When you connect your Google Business Profile, we store OAuth tokens (access + refresh) to fetch your reviews and post replies on your behalf. We do not store review author personal data beyond what Google provides.
  • Usage data: Number of AI replies generated, credits used, and subscription plan.
  • Payment data: Processed entirely by Stripe. We never store full card numbers.
  • Log data: Standard server logs (IP address, browser type, pages visited) for security and analytics.

3. How we use your data

  • To provide the Reploi service (fetch reviews, generate AI replies, post to Google)
  • To manage your subscription and process payments
  • To send product-related emails (trial reminders, receipts)
  • To improve our AI reply quality (aggregated, anonymized)
  • To comply with legal obligations

4. AI reply generation

Your Google review text is sent to OpenAI's API to generate reply suggestions. OpenAI's data processing is governed by their own privacy policy. We do not use your review content to train our models.

5. Data sharing

We share data only with:

  • Google: To post replies via the Business Profile API (on your explicit instruction)
  • OpenAI: To generate AI replies (review content only)
  • Stripe: For payment processing
  • Supabase: Our database provider (data stored in EU)
  • Resend: For transactional email delivery

We never sell your data to third parties.

6. Data retention

We retain your data for as long as your account is active. If you delete your account, we delete all personal data within 30 days, except where required by law (e.g. financial records for 7 years).

7. Your rights (GDPR)

If you are in the EU/EEA, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data (“right to be forgotten”)
  • Export your data in a portable format
  • Object to processing or withdraw consent

To exercise these rights, email us at privacy@reploi.com.

8. Cookies

We use only essential cookies required for authentication (Supabase session cookies). We do not use tracking or advertising cookies.

9. Security

We use industry-standard security measures including TLS encryption in transit, encrypted storage for OAuth tokens, and row-level security in our database. We never store Google OAuth tokens unencrypted.

10. Changes to this policy

We may update this policy. If changes are material, we will notify you by email. Continued use of Reploi after changes constitutes acceptance.

11. Contact

Questions? Email privacy@reploi.com.