Privacy Policy
Last updated: February 28, 2026
ReplyFlow ("we," "us," or "our") operates the website https://tryreplyflow.com and the ReplyFlow platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our Service.
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access the Service.
1. Information We Collect
1.1 Personal Information You Provide
When you register for an account, subscribe to a plan, or contact us, we may collect the following personal information:
- Account Information: Name, email address, password (hashed), and business name.
- Billing Information: Payment details processed securely through our payment processor, Paystack. We do not store your full credit card number on our servers.
- Business Information: Business name, business category, business address, website URL, and platform connection credentials (e.g., API tokens for Google, Facebook, Yelp, and other integrated platforms).
- Communications: Any information you provide when contacting our support team, submitting feedback, or participating in surveys.
1.2 Information Collected Automatically
When you access our Service, we automatically collect certain information, including:
- Usage Data: Pages visited, features used, click patterns, time spent on pages, referring URLs, and interaction data.
- Device Information: Browser type and version, operating system, device type, screen resolution, and language preferences.
- Log Data: IP address, access times, error logs, and server response data.
- Location Data: Approximate geographic location based on your IP address.
1.3 Information from Third-Party Platforms
When you connect third-party platforms (such as Google Business Profile, Facebook, Yelp, Instagram, TikTok, Amazon, or other supported platforms) to ReplyFlow, we collect:
- Reviews, ratings, and feedback posted by your customers on those platforms.
- Social media comments, mentions, and interactions relevant to your connected accounts.
- Marketplace product listings, reviews, and seller feedback.
- Profile information and access tokens necessary to maintain the connection.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service, including syncing reviews, generating AI-powered responses, and delivering analytics.
- Process your subscription payments and manage your account.
- Generate AI-powered review responses, social media replies, and marketplace feedback in your brand voice.
- Provide AI-driven lead scoring, content generation, and business insights.
- Send you transactional emails (e.g., account confirmations, billing receipts, security alerts).
- Send you marketing communications, product updates, and tips (only with your consent; you may opt out at any time).
- Analyze usage patterns to improve the Service, fix bugs, and develop new features.
- Conduct A/B testing and experiments to optimize the user experience.
- Detect, prevent, and address fraud, abuse, and security issues.
- Comply with legal obligations and enforce our Terms of Service.
3. AI-Generated Content
ReplyFlow uses artificial intelligence to generate review responses, social media replies, content, and business insights. When you use these features:
- Your review data, business information, and brand voice settings are processed by our AI systems to generate contextually relevant responses.
- We do not use your data to train general-purpose AI models. Your data is used solely to provide the Service to you.
- AI-generated content is provided as suggestions. You retain full control over whether to publish, edit, or discard any AI-generated response.
- We may anonymize and aggregate usage patterns to improve our AI systems' overall quality, but individual customer data is never shared or used to benefit other customers.
4. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect and track information about your use of the Service. The types of cookies we use include:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Authentication, session management, security tokens. Required for the Service to function. | Session / 30 days |
| Analytics | Google Analytics 4 (GA4) to understand how visitors use the site, measure traffic, and improve the Service. | Up to 2 years |
| Marketing | Facebook Pixel to measure advertising effectiveness and deliver relevant ads. | Up to 180 days |
| Experiment | A/B testing cookies to deliver optimized experiences and track which variations perform best. | 30 days |
You can control cookies through your browser settings. Most browsers allow you to refuse cookies or alert you when a cookie is being sent. Note that disabling essential cookies may impair the functionality of the Service.
5. Data Sharing and Disclosure
We do not sell your personal information. We may share your information in the following limited circumstances:
- Service Providers: We share data with trusted third-party providers who assist us in operating the Service, including:
- Supabase (cloud database and authentication)
- Paystack (payment processing)
- Resend (transactional and marketing emails)
- Cloudflare (hosting, CDN, and security)
- Google Analytics and Facebook (analytics and advertising)
- Platform Integrations: When you post AI-generated responses through ReplyFlow, the response content is transmitted to the respective platform (e.g., Google, Facebook, Yelp) on your behalf.
- Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
- Protection of Rights: We may disclose information to protect the rights, property, or safety of ReplyFlow, our users, or others.
6. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:
- Account Data: Retained for the duration of your subscription plus 90 days after account closure to allow for reactivation.
- Review and Response Data: Retained for the duration of your subscription. Upon account deletion, review data is permanently removed within 30 days.
- Billing Records: Retained for up to 7 years as required by applicable tax and financial regulations.
- Usage and Analytics Data: Retained in anonymized or aggregated form for up to 24 months for service improvement purposes.
- Support Communications: Retained for up to 3 years for quality assurance and dispute resolution.
You may request deletion of your data at any time by contacting us at mdlulipenuel@gmail.com.
7. Data Security
We implement industry-standard security measures to protect your personal information, including:
- Encryption of data in transit using TLS/SSL.
- Encryption of sensitive data at rest.
- Secure password hashing using modern cryptographic algorithms.
- Row-level security policies on our database to ensure data isolation between customers.
- Regular security audits and vulnerability assessments.
- Access controls limiting employee access to personal data on a need-to-know basis.
While we strive to use commercially acceptable means to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal information:
8.1 General Rights (All Users)
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete personal information.
- Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Data Portability: Request your data in a structured, commonly used, machine-readable format.
- Withdraw Consent: Withdraw consent for marketing communications at any time.
- Object: Object to processing of your personal information for certain purposes.
8.2 European Economic Area (GDPR)
If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR), including the right to lodge a complaint with your local data protection authority. Our legal bases for processing your information include: performance of a contract (providing the Service), legitimate interests (improving the Service, preventing fraud), consent (marketing communications), and legal obligations.
8.3 South Africa (POPIA)
If you are located in South Africa, you have rights under the Protection of Personal Information Act (POPIA), including the right to:
- Be notified that your personal information is being collected.
- Request access to your personal information.
- Request correction or deletion of your personal information.
- Object to the processing of your personal information.
- Lodge a complaint with the Information Regulator of South Africa.
8.4 California (CCPA/CPRA)
If you are a California resident, you have the right to:
- Know what personal information is collected and how it is used.
- Request deletion of your personal information.
- Opt out of the sale or sharing of your personal information. Note: we do not sell personal information.
- Non-discrimination for exercising your privacy rights.
- Correct inaccurate personal information.
- Limit the use of sensitive personal information.
To exercise any of these rights, please contact us at mdlulipenuel@gmail.com. We will respond to your request within 30 days (or sooner if required by applicable law).
9. International Data Transfers
ReplyFlow is operated from South Africa, and our Service infrastructure is hosted globally through Cloudflare and Supabase. Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction.
Where we transfer personal information internationally, we ensure appropriate safeguards are in place, including standard contractual clauses, data processing agreements, and compliance with applicable data transfer mechanisms.
10. Third-Party Links and Services
Our Service may contain links to third-party websites, platforms, and services that are not operated by us. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services. We encourage you to review the privacy policies of any third-party service you access through our platform.
11. Children's Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly. If you believe a child has provided us with personal information, please contact us at mdlulipenuel@gmail.com.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on this page and updating the "Last updated" date at the top. For significant changes, we may also send you an email notification.
Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: