ReplyMint

Legal

Privacy Policy

Last updated: March 31, 2026

Summary: ReplyMint connects to your Instagram and/or Facebook account through Meta's official API to help you manage buyer comments and DMs. We only process messages to deliver the service. Your data is never sold or shared for ads.

1. Who We Are

ReplyMint ("ReplyMint," "we," "us," or "our") is a software service that helps sellers manage buyer comments and direct messages on Instagram and Facebook and close sales more efficiently. Our registered address is in India.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the ReplyMint platform, including our website at replymint.app and the ReplyMint application.

2. Data We Collect

2.1 Account and Identity Data

When you create a ReplyMint account, we collect:

  • Your email address and password (hashed — we never store plain-text passwords)
  • Your business name, category, and description (entered during onboarding)
  • Your product catalog, pricing, and FAQs (entered during onboarding, used to power reply suggestions)
  • Your preferred communication tone and style settings

2.2 Instagram, Facebook, and Meta platform data

ReplyMint integrates with Meta's APIs under Meta's Platform Terms. When you authorize ReplyMint to connect to your Instagram Business or Creator account and/or your Facebook Page, we access and store only what is needed to run the service:

  • Comment data: Text content, timestamp, and author of comments on your posts (Instagram and/or Facebook, as connected) — received in real time where available
  • Direct message data: Content and metadata for buyer-related messages you receive through your connected accounts, as permitted by the permissions you grant
  • Author metadata: Public usernames and user or page identifiers needed to display who sent each message in your inbox
  • Post and conversation identifiers: IDs that associate each message with your content or conversation thread
  • Connected account details: Account and Page IDs and display names — used only for routing events to your workspace

We do not access data beyond what you authorize for ReplyMint. We do not use your data to build advertising profiles, sell follower lists, or market to your audience.

2.3 Usage and Activity Data

We collect data about how you use ReplyMint to improve the product:

  • Which features you use and how frequently
  • Reply actions you take (replied, sale confirmed, message dismissed)
  • Monthly message volume (used for usage billing)
  • Error logs and performance metrics (anonymized)

2.4 Automatically Collected Technical Data

  • IP address (used for security and rate limiting only — not for profiling)
  • Browser type and operating system
  • Session tokens (for authentication)

We do not use tracking pixels, advertising cookies, or third-party analytics that track you across other websites.

3. How We Use Your Data

We use your data only to provide and improve the ReplyMint service:

PurposeData Used
Classify buyer intent in messagesMessage text + your business profile
Generate reply suggestionsMessage text + business profile + products + tone
Display the smart inboxMessage data + intent classification
Track sales and revenueYour confirmed sale actions (not customer data)
Authenticate your accountEmail + session tokens
Enforce usage limitsMonthly message count
Send transactional emailsEmail address (account events only — no marketing spam)
Provide customer supportAccount data + your support messages

We do not use your data to train models for unrelated products, sell it to advertisers, or share it with any third party for marketing purposes.

4. Meta platform data — compliance

ReplyMint is built on Meta's official APIs and is subject to Meta's Platform Terms. In compliance with these terms:

  • We only request the minimum permissions necessary to operate the service (for example, permissions related to comments, messaging, and Page or account metadata, as applicable to your connection)
  • Data from Instagram and Facebook is used solely to provide the ReplyMint service to you — not for any secondary purpose
  • We do not transfer Meta platform user data to data brokers, advertisers, or any marketing-related third parties
  • Message authors' data (for example username or user ID) is stored only to display who sent each message in your inbox — we do not build profiles of your followers for advertising
  • You can disconnect your accounts and request deletion of associated platform data at any time (see Section 8)
  • We comply with Meta's data deletion requirements and will delete associated platform data within 30 days of account disconnection where applicable

For Meta's own data practices, see Meta's Privacy Policy.

5. Data Sharing and Third Parties

We share your data with a small number of trusted service providers who help us operate ReplyMint:

  • Supabase (database and authentication): Stores your account data and message data from connected platforms. Hosted on AWS with encryption at rest and in transit.
  • Language processing provider: Receives message text and your business profile to generate reply suggestions. Provider terms prohibit using your content to train unrelated models.
  • Resend (transactional email): Sends account-related emails (password reset, billing notifications). Does not receive your social message content.
  • Vercel (hosting and infrastructure): Hosts the ReplyMint application. Receives request-level data (IP, headers) for serving the app.
  • Meta (platform APIs): ReplyMint operates in accordance with Meta's Platform Terms.

We do not sell your personal data. We do not share it with advertisers. We will disclose data if legally required (e.g., a valid court order) and will notify you when legally permitted.

6. Data Retention

We retain your data for as long as your account is active, plus a reasonable period after:

  • Message data (comments and DMs): Retained for 12 months from the date of the message, then automatically deleted
  • Generated reply suggestions: Not stored — generated on-demand and returned to your browser only
  • Business profile data: Retained until you delete it or close your account
  • Sale and revenue records: Retained for 24 months for your own reference, then deleted
  • Account data (email, authentication): Retained until account deletion, then removed within 30 days
  • Usage logs: Retained for 90 days for billing accuracy and support, then deleted

7. Security

We take the security of your data seriously:

  • All data is encrypted in transit using TLS 1.2+
  • Database data is encrypted at rest (AES-256)
  • Meta webhook signatures are verified with HMAC-SHA256 to prevent spoofing
  • Authentication tokens are short-lived and rotated
  • Access to production systems is limited to the ReplyMint engineering team
  • We conduct regular security reviews and dependency audits

In the event of a data breach that affects your personal data, we will notify you via email within 72 hours of discovery, where legally required.

8. Your Rights and Data Deletion

You have the following rights regarding your data:

  • Access: Request a copy of all data we hold about you
  • Correction: Update your account data at any time from Settings
  • Deletion: Delete your account (and all associated data) from Settings → Account → Delete Account. We will erase all your data within 30 days.
  • Portability: Request an export of your account data and sale history in JSON format
  • Platform data deletion: Disconnect Instagram or Facebook from Settings → Channels to stop new data ingestion. Email us to request deletion of historical message data.
  • Opt-out of automated processing: Contact us if you wish to opt out of intent classification or suggestion generation

To exercise any of these rights, email us at privacy@replymint.app. We will respond within 7 business days.

Meta data deletion: If you connected ReplyMint to Instagram or Facebook and later want to remove your data from our servers, you can submit a data deletion request via Meta app settings or by emailing us directly. Step-by-step instructions: Data deletion. We will process all deletion requests within 30 days.

9. Cookies

ReplyMint uses only the cookies necessary to operate the service:

  • Authentication cookies: Session tokens to keep you logged in (cleared when you log out or they expire)
  • Theme preference: Stores your light/dark mode preference in localStorage (not a tracking cookie)

We do not use advertising cookies, tracking pixels, or analytics cookies that follow you across other websites.

10. Children's Privacy

ReplyMint is not intended for children under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a child, contact us immediately at privacy@replymint.app and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy as the product evolves or legal requirements change. We will notify you of material changes via email (at the address on your account) at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the most recent version.

Continued use of ReplyMint after a policy update takes effect constitutes your acceptance of the new terms.

12. Contact Us

If you have questions, complaints, or requests regarding this Privacy Policy:

  • Email: privacy@replymint.app
  • Company: ReplyMint, India
  • Response time: We aim to respond to all privacy requests within 7 business days

Questions about this policy?

We're a small team and we take privacy seriously. Reach out directly:

privacy@replymint.app