Replypop

Privacy Policy

Last updated: March 2025

At Replypop ("we", "us", or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-channel business messaging platform (including WhatsApp, Instagram, and Facebook Messenger integrations) and related services.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Name and email address
  • Profile picture (if provided)
  • Business name and contact information
  • Payment and billing information
  • Business location details (address, timezone)

1.2 Third-Party Sign-In Data (Google, Apple, Facebook)

If you choose to sign in with Google, Apple, or Facebook, we access the following information from your account:

  • Email address - Used to identify your account and send important notifications
  • Name - Used to personalize your experience
  • Profile picture (Google only) - Displayed in your account settings

Google Sign-In: We only request basic profile information (OpenID, email, and profile scopes). We do NOT access your Gmail, Google Drive, Google Calendar, contacts, or any other Google services.

Apple Sign-In: We only receive your name and email address. Apple may allow you to use a private relay email address to hide your personal email. We do NOT access your iCloud, Apple Pay, or any other Apple services.

Facebook Sign-In: We only receive your name, email address, and profile picture. We do NOT access your Facebook posts, friends list, or any other Facebook data.

Data from third-party sign-in providers is used solely for authentication and account creation purposes.

1.3 Customer Data

When your customers interact with your business through our platform (via WhatsApp, Instagram, or Messenger), we process:

  • Phone numbers and contact information
  • Social media usernames and profile information
  • Message content and conversation history
  • Lead qualification answers and lead scores
  • Sales meeting requests and notes
  • Language preferences
  • Business-assigned tags and notes

1.4 Usage Data

We automatically collect:

  • IP address and device information
  • Browser type and settings
  • Usage patterns and feature interactions
  • Error logs and performance data
  • Session recordings capturing user interactions, including form inputs and page navigation
  • Advertising and conversion tracking data
  • Error reports including stack traces and user context at the time of the error
  • IP addresses and user agent strings recorded in credit audit logs

2. How We Use Your Information

We use the collected information to:

  • Provide and maintain our services
  • Qualify and score inbound leads on your behalf
  • Power AI-assisted responses to lead messages
  • Send high-intent lead alerts and sales meeting reminders
  • Improve and personalize our services
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

3. AI-Powered Features

Our platform uses artificial intelligence to:

  • Generate automated responses to lead inquiries
  • Ask qualification questions and score leads
  • Understand lead intent in multiple languages
  • Analyze images sent by leads (up to 5 images per 24-hour session) to understand visual context
  • Perform actions on behalf of your business, such as capturing lead details, proposing sales meetings, and notifying owners of high-intent leads

AI processing is performed using third-party AI language model providers. Customer messages, and where applicable images, are sent to these providers for processing. Images are resized and metadata (such as EXIF data) is stripped before being sent to AI providers. We retain AI interaction logs to improve service quality and troubleshoot issues. You can request deletion of these logs at any time.

4. Information Sharing

We share your information with:

4.1 Service Providers

  • Messaging platform providers (Meta) — for WhatsApp, Instagram, and Facebook Messenger integrations
  • Payment processing providers (Stripe) — for subscription billing
  • Email delivery providers — for transactional emails such as high-intent lead alerts, sales meeting reminders, and account notifications
  • Product analytics and session recording providers — for understanding usage patterns and improving our Service, including recording user sessions (interactions, form inputs, page navigation)
  • Error monitoring providers — for detecting and resolving technical issues, which may include user context at the time of an error
  • Cloud hosting providers — for data storage, processing, and content delivery across multiple regions
  • AI language model providers — for powering automated responses and image analysis
  • Content delivery and security providers — for performance optimization and bot protection
  • Advertising attribution providers — for measuring marketing effectiveness through conversion tracking
  • Structured logging providers — for service reliability monitoring

4.2 Legal Requirements

We may disclose information when required by law, legal process, or government request, or to protect our rights, privacy, safety, or property.

5. Data Security

We implement industry-standard security measures including:

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security assessments
  • Encrypted storage of messaging credentials

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Message history and conversation data are retained for the duration of your account. AI conversation context is cached for 24 hours for operational purposes and then automatically cleared. After account deletion, we retain certain data as required by law or for legitimate business purposes.

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict certain processing
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time

To exercise these rights, contact us at [email protected].

7.1 Revoking Third-Party Sign-In Access

If you signed up using a third-party provider, you can revoke our access to your account data at any time:

For Google Sign-In:

  1. Go to your Google Account Security Settings
  2. Under "Third-party apps with account access", find Replypop
  3. Click on Replypop and select "Remove Access"

For Apple Sign-In:

  1. On iPhone/iPad: Go to Settings > [Your Name] > Sign-In & Security > Sign in with Apple
  2. On Mac: Go to System Settings > [Your Name] > Sign-In & Security > Sign in with Apple
  3. Or visit appleid.apple.com > Sign-In and Security > Sign in with Apple
  4. Find Replypop and select "Stop Using Apple ID"

Revoking third-party sign-in access will prevent you from signing in with that provider but will not delete your Replypop account or data. To delete your account entirely, please contact us at [email protected].

8. International Data Transfers

Your data may be stored and processed in the United States and Southeast Asia, where our infrastructure is hosted. Third-party service providers may process data in their own jurisdictions. We ensure appropriate safeguards are in place for international transfers, including standard contractual clauses where applicable.

9. Cookies and Tracking

We use cookies and similar technologies for the following purposes:

Essential Cookies

  • Session cookies to keep you signed in (30-day expiry)
  • Language preference cookies
  • Cross-subdomain cookies for seamless navigation across our platform
  • Bot protection cookies

Analytics Cookies

  • Product analytics cookies that track feature usage and session recordings to help us improve the Service

Advertising Cookies

  • Advertising attribution cookies from third-party providers to measure the effectiveness of our marketing campaigns

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Facebook Data Deletion

If you signed up using Facebook, you may request deletion of your data through Facebook's platform. We provide an automated data deletion callback endpoint that processes requests from Facebook. When a deletion request is received, we remove your account data and provide a confirmation code. You can also request data deletion directly by contacting us at [email protected].

12. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions
  • Right to Opt-Out of Sale: We do not sell your personal information. If this changes, we will provide a clear opt-out mechanism
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise these rights, contact us at [email protected]. We will verify your identity before processing your request and respond within 45 days.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date.

15. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: [email protected]

Privacy Policy | Replypop