Back to home

Privacy Policy

Last updated: May 2026

1. Who we are

Replyfier is a software service that generates AI-powered replies to Google Business reviews. Replyfier acts as the data controller for personal data processed in connection with your account and use of the service. For any privacy-related enquiries, contact us at support@replyfier.com.

2. Data we collect

  • Account data: your name and email address, collected when you sign up.
  • Payment data: billing details processed by Stripe. We do not store card numbers.
  • Review text: the text of reviews you paste or import into Replyfier in order to generate replies. This may include personal data contained in customer reviews. This data is sent to Anthropic to produce AI responses.
  • Usage data: server logs including IP addresses, request timestamps, and error events, retained for security and debugging purposes.

3. Cookies

We use cookies and similar technologies necessary for authentication, payment processing, and security. See Section 4 for details on which cookies each third-party service sets.

4. Third-party services

We use the following sub-processors to deliver the service:

Clerk (authentication)

Handles account creation, login, and session management. Clerk sets session cookies named __session and __client_uat in your browser. Clerk servers are located in the United States and are covered by Standard Contractual Clauses.

Stripe (payments)

Processes subscription payments. Stripe is a PCI-DSS Level 1 certified sub-processor. The Stripe.js library sets cookies named __stripe_mid and __stripe_sid for fraud prevention. Stripe's privacy policy is available at stripe.com/privacy.

Anthropic (AI)

Receives the review text you submit in order to generate reply suggestions. Anthropic acts as a data sub-processor. Their servers are located in the United States and transfers are covered by Standard Contractual Clauses. Anthropic does not use your data to train models via the API.

Google OAuth (Google Business Profile access)

When you connect your Google Business account, the OAuth authorisation flow passes through Google's servers. Google may set its own cookies during this redirect. We store only the OAuth access token, encrypted at rest, and use it solely to read and respond to your reviews.

5. Legal basis (GDPR)

  • Contract (Art. 6(1)(b)): processing your account data and payment data is necessary to provide the service you signed up for.
  • Legitimate interest (Art. 6(1)(f)): server logs and security monitoring are necessary to protect the integrity of the service and prevent abuse.

6. Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erasure ("right to be forgotten") — see Section 7.
  • Data portability — receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interest.

You also have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, email support@replyfier.com. We will respond within 30 days.

7. Data retention

We retain your data for as long as your account is active. When you delete your account, all personal data is permanently deleted within 30 days. Payment records may be retained for longer where required by tax law.

8. International transfers

Clerk and Anthropic operate servers in the United States. Transfers of personal data to these providers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

9. Contact

For any questions about this policy or your personal data, contact us at support@replyfier.com.