ReplyForMeGet Started

Privacy Policy

Last updated: April 16, 2026

Overview

ReplyForMe (“we”, “our”, “us”) operates replyforme.ai. This policy explains how we collect, use, and protect your information when you use our service.

What We Collect

When you connect your Google Business Profile, we access and store:

  • Google account email address — to identify your account
  • OAuth tokens — to maintain your connection to Google Business Profile (stored server-side, never exposed to the browser)
  • Business location data — names and addresses of your Google Business Profile locations
  • Google reviews — review content, ratings, and reviewer display names for your connected locations
  • Review replies — replies we generate and post on your behalf
  • Billing information — your Stripe customer ID and subscription status (payment card details are stored by Stripe, not by us)
  • Settings and preferences — your tone selection, autopilot configuration, and notification preferences

We do NOT collect:

  • Passwords
  • Payment card numbers (payments processed by Stripe)
  • Personal data about your customers beyond what appears in public Google reviews

How We Use Your Data

We use your data solely to:

  • Read new Google reviews for your connected locations
  • Send review text to an AI language model to generate personalized reply drafts based on your tone settings
  • Post approved replies to your Google Business Profile via the official API
  • Send you email notifications about new reviews and replies
  • Provide monthly insight reports on review trends
  • Process your subscription payments via Stripe

We do NOT:

  • Sell your data to third parties
  • Use your data for advertising
  • Train AI models on your review data or business information
  • Share your data with anyone except as needed to provide the service (see Third-Party Services below)

AI Processing Disclosure

To generate review replies, we send the following data to a third-party AI language model:

  • The review text and star rating
  • The reviewer's display name (as shown publicly on Google)
  • Your business name and selected tone preference

We do not send your OAuth tokens, email address, payment information, or any private business data to AI providers. The AI provider does not store your data beyond the duration of each request.

Google API Scopes

We request the business.manage scope, which allows us to:

  • Read your business locations
  • Read reviews on your locations
  • Post replies to reviews on your behalf
  • Delete review replies (for the undo feature)

You can revoke access at any time through your Google Account settings at https://myaccount.google.com/permissions.

Data Storage & Security

  • Data is stored in secure, encrypted databases (Supabase/PostgreSQL)
  • OAuth tokens are stored server-side and never exposed to the browser
  • Session cookies are encrypted using AES-256-GCM
  • We use HTTPS for all data transmission
  • Access to production systems is restricted to authorized personnel

Data Retention

  • We retain your data for as long as your account is active
  • If you disconnect your Google account or cancel your subscription, we delete your stored OAuth tokens within 30 days
  • Review data and reply history are retained for up to 90 days after account closure for record-keeping, then permanently deleted
  • Billing records (Stripe customer ID, subscription history) may be retained as required for tax and accounting purposes
  • You can request immediate deletion of all your data at any time by emailing us

Third-Party Services

We use the following third-party services to operate ReplyForMe. Data shared with each is limited to what is necessary for their function:

  • Google Business Profile API — to read reviews and post replies
  • Google Gemini — AI language model used to generate review reply drafts (receives review text, star rating, reviewer name, business name, and tone preference)
  • Stripe — for payment processing (receives your email and payment information)
  • Supabase — for database hosting (stores all application data)
  • Resend — for transactional and notification email delivery (receives your email address and email content)
  • Vercel — for application hosting

Each service has its own privacy policy governing its handling of data.

Your Rights

You can:

  • Request a copy of your stored data
  • Request deletion of your data
  • Disconnect your Google account at any time
  • Cancel your subscription at any time

For any privacy-related requests, email us at support@replyforme.ai.

Children's Privacy

ReplyForMe is a business tool and is not intended for use by anyone under 18.

Changes to This Policy

We may update this policy from time to time. We will notify active users of material changes via email.

Contact

For questions about this privacy policy, email us at support@replyforme.ai.