Skip to main content

Privacy Policy

Effective:

1. Introduction

This Privacy Policy describes how Epik LLC, doing business as Anchor Apps ("we," "us," or "our"), collects, uses, and protects your personal information when you use our Repliable service at repliable.io and our review management platform (collectively, the "Service").

If you have any questions about this Privacy Policy, please contact us at privacy@repliable.io.

2. Information We Collect

We collect the following types of information:

  • Email address — provided when you sign up for our waitlist or create an account.
  • Google Business Profile data — when you connect your Google account via OAuth 2.0, we access your business name, locations, reviews, and review metadata to provide our review response service.
  • Usage data — pages visited, browser information, device type, and interaction data collected automatically to improve the Service. We may use cookies or similar technologies to collect this data.

3. How We Use Your Information

We use your information to:

  • Provide and operate the review response service
  • Draft AI-generated responses to your Google reviews
  • Send product updates and announcements (with your consent)
  • Improve the Service, fix bugs, and develop new features
  • Respond to your inquiries and support requests

We do not sell your personal information to third parties.

4. Lawful Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data under the following legal bases:

  • Performance of a contract — to provide the Service you have signed up for, including generating AI-drafted review responses and managing your Google Business Profile integration.
  • Legitimate interests — to improve the Service, ensure security, and prevent fraud, where these interests are not overridden by your data protection rights.
  • Consent — to send you marketing emails and product updates. You can withdraw consent at any time.

5. Google API Services User Data Policy Compliance

Repliable's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Google user data to provide and improve the review response features you have explicitly authorized.
  • We do not use Google user data for advertising purposes.
  • We do not transfer Google user data to third parties except as necessary to provide the Service, comply with applicable laws, or as part of a merger, acquisition, or asset sale with prior notice.
  • We do not use Google user data to develop or improve AI/ML models unrelated to the Service.
  • Humans may read Google user data only with your affirmative consent, for security purposes, to comply with applicable law, or when the data has been aggregated and anonymized for internal operations.

6. Third-Party Services

We use the following third-party services to operate the Service:

  • Google — OAuth 2.0 authentication and Google Business Profile API for review data access.
  • OpenAI — AI response generation. Only review text is sent to OpenAI; no personal data (names, emails, or account information) is included.
  • Supabase — Database hosting and authentication infrastructure.
  • Inngest — Background job orchestration for processing reviews and generating responses.
  • Cloudflare — Website hosting, CDN, and DDoS protection.
  • Buttondown — Email list management for waitlist and product updates.
  • Stripe — Payment processing for subscription billing. We do not store payment card details; all payment data is processed and retained by Stripe in accordance with their privacy policy and PCI-DSS standards.

7. Cookies and Tracking Technologies

We may use cookies, local storage, and similar technologies to collect usage data and improve the Service. These technologies help us understand how you interact with the Service, remember your preferences, and ensure security.

You can control or disable cookies through your browser settings. Disabling cookies may affect the functionality of the Service.

8. Data Retention

  • Waitlist emails are retained until you unsubscribe or request deletion.
  • Account data (email, profile information) is retained for as long as your account is active. Upon account deletion, we remove your account data within 30 days.
  • Google Business data is retained only as long as needed to provide the Service. When you disconnect your Google account or delete your Repliable account, we delete your Google Business data within 30 days.
  • Usage and analytics data is retained in anonymized or aggregated form for up to 12 months.
  • Payment records are retained as required by applicable tax and accounting laws.
  • You can request deletion of your data at any time by emailing privacy@repliable.io.

9. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • 256-bit encryption for data at rest
  • TLS encryption for all data in transit
  • Access controls and authentication for internal systems
  • Ongoing security monitoring for anomalous access

10. Your Rights (GDPR/CCPA)

Depending on your location, you may have the following rights regarding your personal data:

  • Right to access — request a copy of the data we hold about you.
  • Right to correction — request that we correct inaccurate data.
  • Right to deletion — request that we delete your personal data.
  • Right to restrict processing — request that we limit how we process your data in certain circumstances.
  • Right to withdraw consent — withdraw consent for data processing at any time.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to the processing of your personal data.
  • Right to lodge a complaint — you have the right to lodge a complaint with a supervisory authority (Data Protection Authority) in your jurisdiction if you believe your data is being processed unlawfully.

To exercise any of these rights, please contact us at privacy@repliable.io. We will respond within the timeframe required by applicable law (generally 30–45 days).

11. International Data Transfers

Your data is processed in the United States. If you are located outside the United States, your information will be transferred to and processed in the United States. We use Standard Contractual Clauses and other appropriate safeguards where applicable to ensure your data is protected in accordance with this Privacy Policy.

12. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users via email of any material changes before they take effect. The "Effective" date at the top of this page indicates when the policy was last revised.

14. Contact

If you have questions or concerns about this Privacy Policy, please contact us:

Epik LLC, doing business as Anchor Apps
Email: privacy@repliable.io