Legal

Privacy Policy

Last updated: April 21, 2025

ReplyPilot ("we", "our", or "us") operates the ReplyPilot service at reply-pilot.net. This Privacy Policy explains what information we collect, how we use it, and your rights around it. By using ReplyPilot, you agree to this policy.

What We Collect

Account information: When you register, we collect your name, email address, business name, business type, and a hashed (encrypted) version of your password.

Review data: Reviews you add manually or sync from Google Business Profile — including reviewer name, rating, review text, and date. This data belongs to you and is only used to power the ReplyPilot dashboard.

Google account data: If you connect Google Business Profile, we store an OAuth access token and refresh token to sync reviews and (on the Business plan) post responses on your behalf. We access only the minimum required scopes.

Subscription data: If you subscribe, Stripe processes your payment. We store a Stripe customer ID and subscription ID but never your full card details.

Usage data: We log server-side errors and aggregate usage metrics (e.g., number of AI responses generated per month) to enforce plan limits and improve the product. We do not use third-party analytics trackers.

How We Use Your Data

• To operate and deliver the ReplyPilot service
• To generate AI responses to your reviews using the Anthropic Claude API
• To enforce plan limits (free: 5 reviews, 3 AI responses/month)
• To send transactional emails (welcome, password reset, subscription confirmation)
• To sync and post to Google Business Profile when you authorise it
• To process payments via Stripe

We do not sell your data. We do not use your review content to train AI models. We do not send marketing emails unless you explicitly opt in.

Third-Party Services

We use the following third-party services to operate ReplyPilot:

• Anthropic — AI response generation. Review text is sent to Anthropic's API to generate responses. Anthropic's data use policy applies.
• Google — OAuth authentication and Google Business Profile API for review sync and response posting.
• Stripe — Subscription billing and payment processing.
• Railway — Cloud hosting and PostgreSQL database.
• Resend — Transactional email delivery.

Data Retention

We retain your data for as long as your account is active. When you delete your account, all your reviews, profile data, and associated records are permanently deleted from our database within 24 hours. Google OAuth tokens are also revoked on deletion.

Your Rights

You have the right to:

• Access the data we hold about you (email us at RPCS@reply-pilot.net)
• Delete your account and all associated data at any time from the Settings tab in your dashboard
• Disconnect your Google account at any time from the Platforms tab in your dashboard
• Export your review data (contact us and we'll provide a CSV)

Security

Passwords are hashed using bcrypt. All data is transmitted over HTTPS. Database access is restricted to our application server. OAuth tokens are stored encrypted at rest. We follow industry-standard security practices and review them regularly.

Children

ReplyPilot is not intended for users under 16 years of age. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy as the product evolves. We'll notify registered users by email of any material changes. The "Last updated" date at the top of this page reflects the most recent revision.

Contact

Questions about this policy? Email us at RPCS@reply-pilot.net. We aim to respond within 2 business days.