Privacy Policy

Last updated: March 2026

Data We Collect

We collect the following categories of information to provide and improve the Replymer service:

  • Account information: Your email address and name, collected during authentication via Google OAuth or email OTP login.
  • Social media data: Public mentions, posts, and conversations fetched from Twitter, Reddit, and HackerNews via their public APIs. We only collect publicly available content relevant to your monitoring tasks.
  • Usage data: Pages visited, features used, actions taken within the dashboard, and interaction patterns to help us understand how the service is used.
  • Payment information: Subscription and billing data processed through Stripe. We do not store your credit card numbers, CVV, or full payment details on our servers — Stripe handles all sensitive payment data directly.

How We Use It

Your data is used solely to operate and improve the Replymer service. We do not sell or share your personal data with third parties for their marketing purposes. Specifically, we use your data to:

  • Provide the monitoring service: Scan social platforms for mentions matching your keywords and criteria.
  • AI scoring and reply generation: Analyze mentions for relevance using AI models and generate contextual reply drafts for your review and approval.
  • Billing and account management: Process subscriptions, track usage-based charges, and maintain your workspace and account settings.
  • Service improvement: Analyze aggregated, anonymized usage patterns to improve features, performance, and reliability.

Data Retention

We retain different types of data for different periods based on operational necessity and legal requirements:

  • Mentions: Stored for 90 days from the date of collection, after which they are automatically deleted.
  • Replies: Stored indefinitely as part of your workspace history and for engagement tracking purposes.
  • Account data: Retained for the duration of your account and deleted upon receiving a valid deletion request.
  • Server logs: Retained for 30 days for debugging and security monitoring, then automatically purged.

GDPR Rights

If you are located in the European Economic Area (EEA), you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
  • Right to data portability: Receive your personal data in a structured, commonly used, machine-readable format.
  • Right to restriction: Request that we limit the processing of your personal data under certain circumstances.
  • Right to object: Object to the processing of your personal data for specific purposes.

To exercise any of these rights, contact us at support@replymer.com. We will respond to your request within 30 days.

CCPA

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you the following rights:

  • Right to know: You may request details about the categories and specific pieces of personal information we have collected about you.
  • Right to delete: You may request the deletion of your personal information, subject to certain exceptions.
  • Right to opt-out of sale: We do not sell your personal information to third parties. No opt-out is necessary, but you may still contact us to confirm.
  • Right to non-discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Cookies

Replymer uses a minimal set of cookies necessary for the service to function:

  • Session cookies: Used for authentication and maintaining your logged-in state. These are essential for the service to work.
  • Analytics: We use DataFast, a privacy-friendly analytics service, to understand usage patterns. DataFast does not use third-party tracking cookies and does not share data with advertisers.
  • Workspace preference cookie: A cookie that stores your active workspace selection for a seamless multi-workspace experience.

We do not use third-party tracking cookies or advertising cookies.

Subprocessors

We use the following third-party services to operate Replymer. Each subprocessor has been evaluated for their data protection practices:

  • Vercel — Application hosting and edge network.
  • Hetzner — Dedicated servers located in the EU for primary data processing and storage.
  • PostgreSQL — Relational database for persistent data storage.
  • OpenAI — AI processing for mention scoring and reply generation (US-based).
  • Stripe — Payment processing and subscription management.
  • Resend — Transactional email delivery (account notifications, OTP codes, digests).
  • Redis / Upstash — In-memory data store for background job queues and caching.

Data Transfers

Your data is primarily processed in the European Union on Hetzner servers. Certain data is also processed in the United States by OpenAI (for AI scoring and reply generation) and Stripe (for payment processing). Where data is transferred outside the EEA, we rely on standard contractual clauses (SCCs) and other appropriate safeguards to ensure an adequate level of data protection.

Security

We take the security of your data seriously and employ industry-standard measures to protect it:

  • Encryption at rest: All stored data is encrypted using AES-256 encryption.
  • Encryption in transit: All data transmitted between your browser and our servers is protected with TLS (HTTPS).
  • API key security: API keys are hashed using SHA-256 before storage — we never store plaintext API keys.
  • Infrastructure: Our hosting providers maintain SOC-2 compliant infrastructure with regular security audits.

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. For material changes, we will notify you via email at the address associated with your account. Your continued use of the service after such notification constitutes acceptance of the updated policy.

Children

Replymer is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly.

Contact

For privacy inquiries, data requests, or any questions about this policy, email support@replymer.com