1. Introduction
ReplyBuddy ("we", "us", "our") respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our service at replybuddy.xyz.
2. Information We Collect
Account information
When you sign in with Google, we receive your name, email address, and profile picture. We do not receive or store your Google password.
Business information
You provide your business name, industry, and location during onboarding. This is used to configure your Brand DNA and tailor AI-generated replies.
Review data
Reviews you import (via CSV, manual entry, or Zapier webhook) are stored to generate replies and provide reputation insights. This includes reviewer names, ratings, review text, dates, and any tags you add.
Generated content
AI-generated reply drafts, Brand DNA profiles, and reputation scores are stored in your account.
Usage data
We collect basic usage metrics including reply generation counts, feature usage, and login timestamps to improve the service and enforce plan limits.
Payment information
Payment processing is handled entirely by LemonSqueezy. We do not store credit card numbers, bank details, or other financial information. We receive only your subscription status and customer ID from LemonSqueezy.
3. How We Use Your Information
- To provide and maintain the Service, including generating AI replies
- To personalise your experience through Brand DNA and voice profiling
- To send transactional emails (welcome, review alerts, weekly digests)
- To enforce plan limits and prevent abuse
- To improve the Service based on usage patterns
- To respond to support requests
We do not sell, rent, or share your personal information with third parties for marketing purposes.
4. Data Storage and Security
Your data is stored on Vercel's infrastructure and Vercel KV (Redis). All data is encrypted in transit using TLS and at rest using AES-256 encryption. Session tokens are stored securely and expire automatically.
We implement security measures including HMAC-verified webhooks, rate limiting, CORS restrictions, prompt injection protection, and security headers (HSTS, CSP, X-Frame-Options).
5. Third-Party Services
We use the following third-party services to operate ReplyBuddy:
- Google OAuth — Authentication (receives name, email, profile picture)
- Anthropic (Claude) — AI reply generation (receives review text, not your personal data)
- LemonSqueezy — Payment processing (receives payment details directly from you)
- Vercel — Hosting and serverless infrastructure
- Resend — Transactional email delivery
Each third-party service operates under its own privacy policy.
6. Data Retention
We retain your data for as long as your account is active. When you delete your account, we remove your personal data, reviews, Brand DNA, and generated replies within 30 days. Aggregated, anonymised data may be retained for analytics purposes.
7. Your Rights
You have the right to:
- Access your data — export your reviews and replies as CSV
- Correct your data — edit your Brand DNA, reviews, and account settings
- Delete your data — delete individual reviews or your entire account
- Unsubscribe from emails — each email includes an unsubscribe link
To exercise any of these rights, use the dashboard controls or email hello@replybuddy.xyz.
8. Cookies
ReplyBuddy uses localStorage (not cookies) to store your session token. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.
9. Children's Privacy
ReplyBuddy is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-app notification. The "Last updated" date at the top indicates the most recent revision.
11. Contact
Questions about this policy? Email us at hello@replybuddy.xyz.