Privacy policy

The data controller for personal data collected through the www.replybot.org platform is ReplyBot.

For any question regarding the processing of your data, you can contact us through the dedicated form on the platform.

As part of using our service, we collect the following categories of data:

• Identification data: first name, last name, email address, account ID.
• Connection data: IP address, date and time of connection, browser type.
• Usage data: connected WhatsApp numbers, sending statistics, AI configurations.
• Payment data: handled exclusively by our payment provider LemonSqueezy (no banking data is stored).
• WhatsApp conversation content: incoming and outgoing messages required for the bot to operate.

Your data is processed for the following purposes:

• Provide and maintain the service (account creation, WhatsApp session management, AI reply generation).
• Handle billing and subscription tracking.
• Improve the service and detect technical issues.
• Notify you of incidents (session disconnection, QR code expiration).
• Comply with our legal and regulatory obligations.

Processing is mainly based on the performance of the contract concluded between the user and ReplyBot, as well as on our legitimate interest in improving the service and ensuring its security. Some processing may also rely on user consent (non-essential cookies).

To provide our service, we rely on technical processors that may access some of your data strictly within their mission scope:

• Supabase (Singapore): database hosting and authentication.
• Vercel (United States): web application hosting.
• OpenAI (United States): AI reply generation.
• Mistral AI (France): text-to-speech (TTS) for voice messages.
• LemonSqueezy (United States): payment processing and billing.

Account data is kept for the entire duration of service use, then deleted within 12 months after account closure.

WhatsApp messages and event logs are kept for a rolling 90 days, unless a specific legal obligation applies.

Billing data is kept for 10 years in accordance with French accounting obligations.

Some of our processors are located outside the European Union, so your data may be transferred to those countries. Such transfers are governed by Standard Contractual Clauses adopted by the European Commission or by other mechanisms ensuring an adequate level of protection.

Under the GDPR, you have the following rights regarding your personal data:

• Right of access to your personal data.
• Right to rectification of inaccurate data.
• Right to erasure (right to be forgotten).
• Right to restriction of processing.
• Right to data portability.
• Right to object to processing.
• Right to withdraw your consent at any time.
• Right to lodge a complaint with the CNIL (www.cnil.fr) or your local data protection authority.

The site uses cookies strictly necessary for the platform to operate (authentication, session). No third-party advertising or profiling cookies are placed without your explicit consent.

ReplyBot implements appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction: encryption of data in transit (TLS), strict access control, logging of sensitive actions, and regular backups.

This policy may be updated at any time to reflect changes in our services or the legal framework. Any substantial change will be notified to you by email or through the platform.

To exercise your rights or for any question regarding this policy, you can contact us through the dedicated form on www.replybot.org.