Privacy Policy

ReplyOps ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Data Controller

The data controller responsible for your personal data is:

2. Data We Collect

Account Information

When you create an account, we collect:

• Email address
• Name (if provided)
• Profile picture (if using social login)

Google Business Profile Data

When you connect your Google Business Profile, we access:

• Business profile information (name, address)
• Reviews and ratings from your Google Business Profile
• OAuth access and refresh tokens (stored encrypted)

Usage Data

We collect data about how you use our service:

• Generated and published review responses
• Brand voice settings and preferences
• Audit logs of actions taken in the platform

3. How We Use Your Data

We use your data to:

• Provide and maintain our service
• Generate AI-powered review responses using your brand voice settings
• Sync reviews from your Google Business Profile
• Provide customer support

4. Third-Party Services

We use the following third-party services to operate our platform:

5. Google API Services User Data Policy

ReplyOps' use of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements:

• We only access Google data necessary to provide our review management service
• Google tokens are stored encrypted and used only to sync reviews and publish responses
• We do not share your Google data with third parties except as necessary to provide the service
• You can revoke access at any time in your Google Account settings or in ReplyOps settings

ReplyOps' use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

6. Cookies

We use cookies to provide our service:

Essential Cookies

Required for the service to function:

• Authentication session cookies (Supabase Auth)
• Cookie consent preferences

Analytics Cookies (Optional)

If you consent, we may use analytics cookies to improve our service. These are only set after you give explicit consent.

7. Data Security

We implement security measures to protect your data:

• All data is encrypted in transit (TLS) and at rest
• Google OAuth tokens are encrypted with AES-256-GCM before storage
• Access to data is restricted based on roles and permissions

8. Data Retention

We retain your data for as long as your account is active. After account deletion, we delete your data within 30 days, except where we are legally required to retain it.

9. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to data portability
• Right to object to processing
• Right to withdraw consent at any time

To exercise these rights, contact us at info@replyops.io.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place through Standard Contractual Clauses with our service providers.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

info@replyops.io