Privacy Policy

ReplyMint ("ReplyMint," "we," "us," or "our") is a software service that helps sellers manage buyer comments and direct messages on Instagram and Facebook and close sales more efficiently. Our registered address is in India.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the ReplyMint platform, including our website at replymint.app and the ReplyMint application.

We use your data only to provide and improve the ReplyMint service:

We use your data to operate ReplyMint—not to sell it to advertisers or share it with third parties for their own marketing. AI processing through Google is subject to Google's applicable API and privacy terms for the services we use.

ReplyMint is built on Meta's official APIs and is subject to Meta's Platform Terms. In compliance with these terms:

• We only request the minimum permissions necessary to operate the service (for example, permissions related to comments, messaging, and Page or account metadata, as applicable to your connection)
• Data from Instagram and Facebook is used solely to provide the ReplyMint service to you — not for any secondary purpose
• We do not transfer Meta platform user data to data brokers, advertisers, or any marketing-related third parties
• Message authors' data (for example username or user ID) is stored only to display who sent each message in your inbox — we do not build profiles of your followers for advertising
• You can disconnect your accounts and request deletion of associated platform data at any time (see Section 8)
• We comply with Meta's data deletion requirements and will delete associated platform data within 30 days of account disconnection where applicable

For Meta's own data practices, see Meta's Privacy Policy.

We share your data with a small number of trusted service providers who help us operate ReplyMint:

• Supabase (database, authentication, and realtime): Stores your account data and message data from connected platforms. ReplyMint does not operate its own data centers; Supabase provides managed cloud infrastructure for our database and auth with encryption in transit and at rest as described in Supabase's security documentation and privacy policy. Their subprocessors and regions are determined by Supabase, not by a separate contract between you and us for raw infrastructure.
• Google (Gemini API): Receives message text and your business profile (and related context we send in the prompt) to classify intent, run safety checks in our production pipeline, and generate reply suggestions. Processing is governed by Google's Privacy Policy and applicable Google AI / API terms. We configure the service for our use case; we do not use your data to train unrelated products.
• Resend (transactional email): Sends account-related emails (password reset, billing notifications). Does not receive your Instagram or Facebook message thread content for that purpose.
• Dodo Payments: Processes subscription payments as merchant-of-record for paid plans. Receives payment method and billing details you provide at checkout, plus metadata needed to link payment to your workspace. Does not receive Instagram or Facebook message content from us for payment processing.
• Vercel (hosting and infrastructure): Hosts the ReplyMint web application and serverless functions. Receives request-level data (for example IP address and HTTP headers) needed to deliver the site.
• Google Analytics 4: Processes usage and behavior data to help us understand product usage. See Google's Privacy Policy.
• Microsoft Clarity: Processes session replay and heatmap data for user experience analysis. See Microsoft's Privacy Statement.
• Meta (platform APIs): ReplyMint connects to Instagram and Facebook through Meta's APIs under Meta's Platform Terms. Meta's own data practices are described in Meta's policies.

We do not sell your personal data. We do not share it with advertisers. We will disclose data if legally required (e.g., a valid court order) and will notify you when legally permitted.

We retain your data for as long as your account is active, plus a reasonable period after:

• Message data (comments and DMs): Retained for 12 months from the date of the message, then automatically deleted
• Generated reply suggestions: Not stored — generated on-demand and returned to your browser only
• Business profile data: Retained until you delete it or close your account
• Sale and revenue records: Retained for 24 months for your own reference, then deleted
• Account data (email, authentication): Retained until account deletion, then removed within 30 days
• Usage logs: Retained for 90 days for billing accuracy and support, then deleted

We take the security of your data seriously:

• All data is encrypted in transit using TLS 1.2+
• Database data is encrypted at rest (AES-256)
• Meta webhook signatures are verified with HMAC-SHA256 to prevent spoofing
• Authentication tokens are short-lived and rotated
• Access to production systems is limited to the ReplyMint engineering team
• We conduct regular security reviews and dependency audits

In the event of a data breach that affects your personal data, we will notify you via email within 72 hours of discovery, where legally required.

You have the following rights regarding your data:

• Access: Request a copy of all data we hold about you
• Correction: Update your account data at any time from Settings
• Deletion: Delete your account (and all associated data) from Settings → Account → Delete Account. We will erase all your data within 30 days.
• Portability: Request an export of your account data and sale history in JSON format
• Platform data deletion: Disconnect Instagram or Facebook from Settings → Channels to stop new data ingestion. Email us to request deletion of historical message data.
• Opt-out of automated processing: Contact us if you wish to opt out of intent classification or suggestion generation

To exercise any of these rights, email us at privacy@replymint.app. We will respond within 7 business days.

Meta data deletion: If you connected ReplyMint to Instagram or Facebook and later want to remove your data from our servers, you can submit a data deletion request via Meta app settings or by emailing us directly. Step-by-step instructions: Data deletion. We will process all deletion requests within 30 days.

ReplyMint uses cookies and similar technologies to operate the service and improve the product:

• Essential cookies: Session tokens to keep you logged in (cleared when you log out or they expire)
• Preference cookies: Stores your light/dark mode preference in localStorage
• Analytics cookies: Google Analytics and Microsoft Clarity set cookies to track usage patterns, session behavior, and product performance. These help us understand how the product is used and where to improve.

We do not use advertising cookies or tracking pixels for ad targeting. Analytics cookies are used solely for product improvement. You can opt out of analytics via browser settings or the opt-out links in Section 2.5.

ReplyMint is not intended for children under 16 years of age. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a child, contact us immediately at privacy@replymint.app and we will delete it promptly.

We may update this Privacy Policy as the product evolves or legal requirements change. We will notify you of material changes via email (at the address on your account) at least 14 days before they take effect. The "Last updated" date at the top of this page always reflects the most recent version.

Continued use of ReplyMint after a policy update takes effect constitutes your acceptance of the new terms.

If you have questions, complaints, or requests regarding this Privacy Policy:

• Email: privacy@replymint.app
• Company: ReplyMint, India
• Response time: We aim to respond to all privacy requests within 7 business days