1. Information We Collect

Account Information

When you create an account with Replyit.ai, we collect:

• Email address and name
• Account preferences and settings
• Billing information (processed securely through third-party payment processors)

Platform Integration Data

To provide our AI automation services, we process:

• WhatsApp Business API: Business phone number, WhatsApp Business Account ID (WABA ID), phone number ID, message content, media files, customer phone numbers, conversation metadata, webhook events, and API access tokens (encrypted)
• Instagram Business API: Instagram Business Account ID, Instagram user ID, username, profile information, Facebook Page ID and name, direct messages and their content, media files shared in messages, sender information, API access tokens and refresh tokens (encrypted), and webhook events from Meta
• Google Calendar API: When you connect Google Calendar, we access your calendar events (title, description, start time, end time, location, attendees) and calendar metadata. We only read calendar data to enable appointment scheduling features within our AI agents. We never modify, delete, or share your calendar data with third parties
• Telegram: Phone number, user ID, message content, media files, contact information, and session authentication data
• Email (IMAP/SMTP): Email address, email content, attachments, sender/recipient information, and account credentials (stored securely with encryption)
• Agent configurations: Custom AI instructions, personality settings, language preferences, and knowledge base documents you upload
• Conversation logs: Complete interaction history, timestamps, message types, and AI-generated responses
• Meta Business Integration: We use Meta's official APIs (WhatsApp Business API and Instagram Messaging API) and comply with Meta's Platform Terms and Data Policy
• landing.privacy.information_collect.platform_integration.instagram

Usage Data

We automatically collect certain information about your use of our service:

• Log data (IP address, browser type, pages visited)
• Device information and operating system
• Performance metrics and error reports
• Feature usage statistics

2. How We Use Your Information

We use the collected information to:

• Provide AI Services: Process messages and generate intelligent responses through our AI agents using OpenAI's Assistant API and GPT models. Message content is sent to OpenAI for natural language processing and response generation
• Google Calendar Integration: Access your Google Calendar data solely to enable appointment scheduling and availability checking features within our AI agents. Your calendar data is used exclusively for displaying your schedule to the AI agent and is NEVER transferred to third parties, used for advertising, or used for any purpose other than providing the appointment booking functionality you explicitly requested. We comply with Google API Services User Data Policy, including the Limited Use requirements
• Meta Platform Integration: Connect and synchronize data with Meta's platforms (WhatsApp Business API and Instagram Messaging API) to send and receive messages, manage conversations, and handle webhook events in compliance with Meta's Platform Terms
• Platform Integration: Connect and synchronize data across Telegram and Email platforms
• Message Processing: Analyze message content to understand context, extract information for tools and data collectors, search knowledge base documents, and generate contextually relevant responses
• Token Management: Securely store and manage API access tokens (encrypted) for WhatsApp Business API, Instagram Business API, Google Calendar API, and other integrated platforms. Automatically refresh tokens when needed to maintain service continuity
• Account Management: Maintain your account, process payments, and provide customer support
• Service Improvement: Analyze usage patterns to enhance our features and user experience
• Security: Detect and prevent fraud, abuse, and security threats. Encrypt sensitive data including API tokens and authentication credentials
• Communications: Send important updates, security alerts, and service notifications

3. Data Sharing and Disclosure

Third-Party Services

We work with trusted third-party providers to deliver our services:

• Google Calendar API: We use Google Calendar API solely to access your calendar data for appointment scheduling features. Your Google Calendar data is NOT shared with any other third parties and is NOT used for any purpose beyond providing the calendar integration functionality. Replyit.ai's use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements. We only request the minimum necessary calendar scopes (read-only access to calendar events) and use the data exclusively within our application to enable AI-powered appointment booking
• Meta Platforms (WhatsApp & Instagram): We use Meta's official WhatsApp Business API and Instagram Messaging API to send and receive messages on your behalf. Message content is processed through Meta's systems according to their Platform Terms and Data Policy. Meta may collect and process data according to their own privacy policies
• OpenAI: We use OpenAI's Assistant API and GPT models for AI-powered message processing and response generation. Your message content, knowledge base documents, and conversation context are sent to OpenAI for processing. OpenAI processes this data according to their API Data Usage Policies and does not use API data to train their models
• Cloud Infrastructure: We use secure cloud hosting providers (AWS, DigitalOcean, or similar) for data storage, processing, and application hosting. All data is encrypted in transit and at rest
• Payment Processing: Stripe and other payment processors for billing. They handle payment data separately according to PCI-DSS standards and their own privacy policies
• Analytics: Privacy-focused analytics tools to understand service usage and improve our platform

Legal Requirements

We may disclose your information if required by law, legal process, or to:

• Comply with legal obligations or court orders
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Cooperate with law enforcement when legally required

4. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your browser, our servers, Meta's APIs, and OpenAI is encrypted using TLS 1.2 or higher
• Encryption at Rest: All sensitive data stored in our databases is encrypted using AES-256 encryption, including API access tokens, refresh tokens, email credentials, and authentication data
• Token Security: WhatsApp Business API tokens, Instagram API tokens, and all OAuth credentials are stored using Laravel's encrypted casting, ensuring they are never stored in plain text
• Access Controls: Strict access controls, role-based permissions, and multi-factor authentication requirements for our systems and administrative access
• API Security: Secure API endpoints with authentication, rate limiting, and request validation to prevent unauthorized access
• Regular Audits: Regular security audits, penetration testing, and vulnerability assessments
• Secure Infrastructure: Use of secure, SOC 2 compliant cloud providers with firewall protection and DDoS mitigation
• Data Minimization: We only collect and retain data necessary for our services. We do not store unnecessary personal information

5. Data Retention

We retain your data only as long as necessary:

• Account Data: Retained while your account is active and for 30 days after deletion request
• Google Calendar Data: We do NOT store your calendar events on our servers. Calendar data is retrieved in real-time from Google's servers only when needed for appointment scheduling. OAuth tokens for Google Calendar API are stored encrypted and are immediately revoked and deleted when you disconnect Google Calendar or delete your account
• Conversation Data: WhatsApp, Instagram, Telegram, and Email message history is stored for AI processing, conversation context, and service functionality. Can be deleted upon request through our data deletion process
• Meta Platform Data: Messages sent/received through WhatsApp Business API and Instagram Messaging API are stored on our servers for service functionality. Note that Meta also retains data according to their own data policies. Deleting data from our platform does not delete it from Meta's systems
• API Tokens: WhatsApp Business API tokens, Instagram API tokens, and Google Calendar OAuth tokens are retained while the connection is active. Upon disconnection or account deletion, tokens are immediately revoked and deleted
• Knowledge Base: Documents and content you upload are retained until you manually remove them or delete your account
• OpenAI Data: Message content sent to OpenAI for processing is subject to OpenAI's data retention policies. OpenAI retains API data for 30 days for abuse monitoring and then deletes it
• Usage Logs: Server logs, error logs, and analytics data are automatically deleted after 90 days

6. Your Rights and Choices

You have the following rights regarding your personal data:

• Access: Request a copy of the personal data we have about you
• Correction: Update or correct inaccurate personal information
• Deletion: Request deletion of your personal data (subject to legal requirements)
• Portability: Export your data in a machine-readable format
• Opt-out: Unsubscribe from marketing communications at any time

To exercise these rights, contact us at privacy@replyit.ai

7. International Data Transfers

Our services may involve transferring data internationally. We ensure adequate protection through:

• Standard Contractual Clauses approved by regulatory authorities
• Working only with providers that meet international data protection standards
• Implementing additional safeguards for cross-border data transfers

8. Children's Privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Notify you via email or through our service
• Update the "Last Updated" date at the top of this policy
• Provide a summary of key changes

10. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us:

• Email: support@replyit.ai
• Support: Contact Form
• Address: AKARCA MAH. MUSTAFA KEMAL BLV. NO: 173 B, FETHİYE / MUĞLA, TURKEY