Privacy Policy

Effective date: January 1, 2025

ReplyRabbit ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our Service. By using the Service, you consent to the practices described here.

1. Information We Collect

Account Information

When you register, we collect your name, email address, company name, and payment information. Payment data is handled by our third-party payment processor and is not stored on our servers.

Usage Data

We automatically collect information about how you interact with the Service, including IP address, browser type, pages visited, features used, and timestamps.

Message and Customer Data

The Service processes customer messages and contact information on your behalf. This data is processed to deliver the Service and is treated as your data, for which you are the data controller.

Knowledge Base Content

Documents and information you upload to the Knowledge Base are stored and processed to power AI-generated responses.

Cookies and Tracking Technologies

We use cookies and similar technologies to maintain sessions, remember preferences, and analyse usage patterns. See Section 9 for details.

2. How We Use Your Data

  • Providing, maintaining, and improving the Service
  • Processing AI-powered responses to customer messages
  • Sending transactional emails (account, billing, security)
  • Analysing usage to improve features and performance
  • Complying with legal obligations
  • Detecting and preventing fraud and abuse

We do not sell your personal data to third parties.

3. Data Sharing

Service Providers

We share data with trusted third-party vendors who assist in operating the Service (cloud hosting, payment processing, analytics, email delivery). These vendors are contractually bound to protect your data.

Platform Integrations

When you connect third-party channels (Instagram, WhatsApp, Shopify, etc.), data is exchanged with those platforms in accordance with your configuration and their respective privacy policies.

Legal Requirements

We may disclose information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect rights, safety, or property.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will provide notice before your data becomes subject to a different privacy policy.

4. Data Retention

We retain your account data for as long as your account is active or as needed to provide the Service. Message and conversation data is retained for the duration of your subscription plus 90 days after termination, unless you request earlier deletion. You may request deletion of your data at any time (see Section 7).

5. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, access controls, and regular security audits. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

6. AI Processing

The Service uses AI models to generate responses to customer messages. Customer messages and knowledge base content may be processed by AI model providers under data processing agreements. We do not use your data to train third-party AI models without explicit consent.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the data we hold about you
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your personal data
  • Portability: Receive your data in a machine-readable format
  • Restriction: Request that we limit processing of your data
  • Objection: Object to certain types of processing
  • Withdrawal of consent: Withdraw previously given consent

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. GDPR and PDPA Compliance

For users in the European Economic Area (EEA), we process data in accordance with the General Data Protection Regulation (GDPR). For users in Singapore and Southeast Asia, we comply with the Personal Data Protection Act (PDPA). We rely on contractual necessity, legitimate interests, and consent as lawful bases for processing.

9. Cookie Policy

We use the following types of cookies:

  • Essential cookies: Required for the Service to function (authentication, security)
  • Functional cookies: Remember your preferences and settings
  • Analytics cookies: Help us understand how the Service is used (e.g., PostHog)

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

10. Children's Privacy

The Service is not directed to children under 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us and we will delete it promptly.

11. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, such as Standard Contractual Clauses, where required by applicable law.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or prominent notice within the Service. Continued use after changes take effect constitutes acceptance of the updated policy.

13. Contact

For privacy-related questions or to exercise your rights, contact our Data Protection team at [email protected].