This Privacy Policy describes how ReplySignal ("we", "us", "our") collects, uses, and discloses information when you use our Service.
1. Information We Collect
Account data
- Email address, full name, and authentication identifiers (when you sign up via email or Google).
- Profile preferences (preferred narratives, default tone & length, style instructions).
Usage data
- Generated replies, saved opportunities, watchlist accounts, and daily usage counters.
- Session metadata (duration, last seen), feature events, and error logs.
Billing data
- Subscription status, plan, and Stripe customer/subscription identifiers. Payment card details are handled directly by Stripe — we never see or store them.
2. How We Use Your Information
- Provide and operate the Service, including AI reply generation.
- Manage subscriptions, billing, and customer support.
- Improve product quality, debug issues, and prevent abuse.
- Send transactional emails (account, billing, security).
3. Legal Basis (GDPR)
We process personal data under the following legal bases: performance of a contract (delivering the Service), legitimate interests (product improvement, fraud prevention), consent (where required), and legal obligation.
4. Sharing
We do not sell your personal data. We share data only with sub-processors that help us run the Service:
- Supabase — database, authentication, hosting.
- OpenAI / Google — large language model inference for reply generation. Prompts and tweets you submit are sent to these providers.
- Stripe — payment processing and subscription management.
- Lovable / Cloudflare — application hosting and CDN.
5. Data Retention
We retain account data for as long as your account is active. Generated replies and opportunities are retained until you delete them or close your account. Billing records may be retained longer where required by law.
6. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict processing. To exercise these rights, contact privacy@replysignal.app. You may also delete your account from the settings page at any time.
7. Security
We use industry-standard measures including TLS encryption in transit, row-level security on our database, and secret management for API keys. No system is perfectly secure; report vulnerabilities to security@replysignal.app.
8. International Transfers
Your data may be processed in countries outside your own. We rely on appropriate safeguards (e.g., Standard Contractual Clauses) where applicable.
9. Children
The Service is not directed to children under 16, and we do not knowingly collect data from them.
10. Changes
We may update this Policy from time to time. Material changes will be notified by email or in-app.
11. Contact
For privacy questions or requests, contact privacy@replysignal.app.