View all features
Works withSHOPIFY

Legal

Privacy Policy

How we collect, use, and protect your information.

Last updated: March 25, 2026

1. Who We Are

Replyo B.V. ("Replyo", "we", "our") operates the Replyo customer support automation platform at usereplyo.com. We are registered in the Netherlands and act as the data controller for personal data collected through the Service.

If you have questions about this Privacy Policy or our data practices, contact us at legal@usereplyo.com.

2. Information We Collect

Account Information: When you create an account, we collect your name, email address, company name, and billing information.

Usage Data: We collect information about how you interact with the Service, including pages visited, features used, and actions taken within the platform.

Customer Support Data: When you connect your Shopify store or email inbox, we process customer messages, order data, and related information solely to provide the Service.

Technical Data: We automatically collect IP addresses, browser type, device identifiers, and log data when you access the Service.

Communications: If you contact us by email or through the platform, we retain records of that correspondence.

3. How We Use Your Information

To provide and maintain the Service, including processing support tickets, running AI agents, and delivering automation.

To manage your account, process payments, and communicate with you about the Service.

To improve and develop the Service by analyzing usage patterns and performance data.

To send you transactional emails and, with your consent, product updates or marketing communications.

To comply with legal obligations and enforce our Terms of Service.

4. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area, our legal basis for processing your personal data is: (a) contract performance — processing necessary to provide the Service you have signed up for; (b) legitimate interests — improving the Service and preventing fraud; (c) legal obligation — compliance with applicable laws; (d) consent — where you have explicitly opted in, such as for marketing emails.

5. Data Sharing and Third Parties

We do not sell your personal data. We share data only with trusted sub-processors necessary to operate the Service, including:

Supabase (database and authentication), Vercel (hosting and edge functions), Anthropic (AI processing), Shopify (e-commerce integration), Resend (transactional email), and Stripe (payment processing).

Each sub-processor is bound by data processing agreements and is required to handle data in accordance with applicable privacy laws. A full list of sub-processors is available on request.

6. Customer Data and End-Customer Privacy

When you connect your store to Replyo, we process data about your customers ("End-Customer Data") on your behalf. You are the data controller for End-Customer Data; we act as a data processor.

We process End-Customer Data solely to provide the Service — specifically to automate support responses. We do not use End-Customer Data to train AI models, sell to third parties, or for any purpose beyond what you have instructed.

7. Data Retention

We retain your account data for as long as your account is active. After account deletion, we retain data for 30 days to allow for recovery, after which it is permanently deleted.

Support ticket data processed through the Service is retained for 12 months by default. You may request earlier deletion at any time.

We retain billing records for 7 years as required by Dutch financial regulations.

8. International Data Transfers

Some of our sub-processors are located outside the EEA. Where we transfer data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

9. Your Rights

Under GDPR and other applicable laws, you have the right to: access the personal data we hold about you; request correction of inaccurate data; request deletion of your data (right to erasure); object to or restrict processing in certain circumstances; data portability — receive your data in a machine-readable format; and withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at legal@usereplyo.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

10. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption at rest and in transit, access controls, and regular security reviews.

Despite our efforts, no security measures are 100% effective. If we become aware of a data breach that affects your rights, we will notify you and the relevant supervisory authority as required by law.

11. Cookies

We use cookies and similar technologies to operate the Service. For details, please see our Cookie Policy at usereplyo.com/cookies.

12. Children

The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service at least 14 days before they take effect. The "Last updated" date at the top of this page reflects the most recent revision.

Questions about this policy? legal@usereplyo.com — Replyo B.V., registered in the Netherlands.