Privacy Policy

• Email address — used to create your account and send you review notifications. • Google Business Profile data — business name, location, reviews, and your OAuth access token (encrypted at rest). We only request the minimum permissions needed to read reviews and post replies. • Billing data — handled entirely by Lemon Squeezy. We never see or store your credit card details. • Usage data — pages visited, actions taken in the app, error logs (via Sentry). No personal identifiers in logs.

• Send you email notifications with AI-generated review responses for your approval. • Generate personalized replies using Anthropic's Claude API. Your review text is sent to Anthropic's API to generate a response — it is not stored by Anthropic beyond the request. • Send weekly stats emails about your review activity. • Improve the service and debug issues. We do not sell your data. We do not use your data for advertising.

ReplyAce's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. What we access: - Google Business Profile data (business name, location, listings). - Google Business reviews and review metadata. - OAuth 2.0 access and refresh tokens (encrypted at rest using AES-256). How we use this data: - To fetch new reviews from your business listing every hour. - To post replies you have explicitly approved on your behalf. - To display your reviews and our generated responses inside your ReplyAce dashboard. Limited Use commitments: - We do not use Google user data for advertising purposes. - We do not allow humans to read Google user data, except (a) with your explicit consent for a specific support request, (b) for security investigations, or (c) to comply with applicable law. - We do not transfer Google user data to third parties except as necessary to provide the service (specifically: Anthropic API for response generation, where review text is processed but not stored). - We do not sell Google user data under any circumstances. Data storage and security: - Tokens are encrypted at rest using AES-256. - Database access is restricted by Row Level Security (RLS) policies. - Tokens are transmitted only over HTTPS/TLS. Revoking access: - You can revoke ReplyAce's access at any time from your Google Account, Security, Third-party apps. - Revoking access immediately stops all data fetching and stored tokens are deleted within 24 hours. - Deleting your ReplyAce account also revokes all Google data access.

• Your account data is retained as long as your account is active. • If you delete your account, all your data (businesses, reviews, responses, tokens) is permanently deleted within 30 days. • You can request a full export of your data at any time from the dashboard.

We use the following services to operate ReplyAce: • Supabase — database and authentication (EU/US servers) • Anthropic — AI response generation • Lemon Squeezy — payment processing • Resend — transactional emails • Vercel — hosting and infrastructure • Sentry — error tracking Each service operates under its own privacy policy.

We use minimal cookies: • Session cookie — keeps you logged in. Essential, cannot be disabled. • Language preference — remembers your selected language (EN/ES/PT). We do not use advertising cookies or third-party tracking pixels.

Depending on your location, you have the right to: • Access the personal data we hold about you. • Correct inaccurate data. • Delete your account and all associated data. • Export your data in a portable format. • Withdraw consent for data processing. To exercise any of these rights, email us at hello@replyace.app or use the data controls in your dashboard.

• All data is transmitted over HTTPS/TLS. • Google OAuth tokens are encrypted at rest using AES-256. • Access to our database is restricted by Row Level Security (RLS). • We do not log sensitive tokens or credentials.

We may update this policy occasionally. If we make material changes, we will notify you by email. Continued use of the service after changes constitutes acceptance.

Questions? Email us at hello@replyace.app. We typically respond within 24-48 hours.