01
Who we are
ReplyBay ("ReplyBay", "we", "us", or "our") is an AI-assisted customer support platform operated by ReplyBay Ltd., a company established in the European Union. We provide software that reads, organises, and drafts replies to messages arriving across your support inboxes.
For the purposes of the EU General Data Protection Regulation (GDPR), ReplyBay acts as a data controller for the account and usage data you provide directly to us, and as a data processor for the message content we handle on your behalf. Our services are hosted entirely within the European Union.
If you have any questions about this policy or wish to exercise your rights, you can reach our Data Protection contact at privacy@replybay.com.
02
What data we collect
We collect only the data we need to deliver the service:
- Account data. Your name, work email address, organisation name, billing details, and authentication credentials. This is the information you provide when you create and manage your ReplyBay account.
- Inbox message content. When you connect a channel, we process the contents of incoming and outgoing messages...including sender details, subject lines, message bodies, and attachments...so that ReplyBay can read each message and draft a reply.
- Usage analytics. Aggregated, operational data such as feature usage, draft acceptance rates, confidence scores, error logs, and performance metrics. This helps us keep the service reliable and improve it for you.
We do not knowingly collect special-category data, and we ask that you do not deliberately route sensitive personal data through the platform beyond what is inherent to your support conversations.
03
How we use your data
We use your data for the following purposes only:
- Service delivery. Operating your account, authenticating you, routing messages, and providing the core ReplyBay functionality you signed up for.
- AI drafting. Generating reply drafts in your voice using your historical replies, help documentation, and product context. This processing happens within our EU infrastructure.
- Support and billing. Responding to your requests and administering your subscription.
We never use your data to train third-party models. Your message content and account data are never sold, rented, or shared with advertisers, and they are never used to train foundation models operated by other companies. Any model adaptation that personalises drafts to your voice is scoped to your own account and is never pooled across customers for the benefit of third parties.
04
Data storage and security
All personal data is stored and processed on servers located within the European Union. We do not transfer your personal data outside the EU/EEA for primary processing.
We protect your data with industry-standard safeguards, including encryption in transit (TLS 1.2 or higher for all network connections) and encryption at rest for stored data and backups. Access to production systems is restricted to authorised personnel on a least-privilege basis, protected by multi-factor authentication and logged for audit.
While no system can be guaranteed perfectly secure, we maintain organisational and technical measures appropriate to the risk, and we will notify affected users and the relevant supervisory authority of any qualifying personal data breach within the timeframes required by the GDPR.
05
Your GDPR rights
If you are located in the EU/EEA, you have the following rights over your personal data:
- Right of access. You can request a copy of the personal data we hold about you.
- Right to erasure. You can ask us to delete your personal data ("the right to be forgotten"), subject to our legal obligations.
- Right to data portability. You can request your data in a structured, commonly used, machine-readable format.
- Right to rectification. You can ask us to correct inaccurate or incomplete data.
- Right to object and restrict. You can object to, or ask us to restrict, certain processing of your data.
To exercise any of these rights, email privacy@replybay.com. We will respond within one month. You also have the right to lodge a complaint with your local data protection supervisory authority.
06
Data retention
We retain your account data and message content for as long as your account is active and you continue to use the service. When you cancel your subscription, we retain your data for a grace period of 30 days after cancellation to allow for reactivation and export, after which it is permanently deleted from our active systems.
Residual copies may persist in encrypted backups for a limited period before being rotated out. Where we are required to retain certain records to comply with legal, tax, or accounting obligations, we will keep only the minimum data necessary for the period required by law.
07
Third-party integrations
ReplyBay connects to the channels and tools you choose to authorise. When you connect an integration, you grant ReplyBay permission to access the data necessary to operate that channel:
- Gmail / Google Workspace (OAuth). We use Google's OAuth flow to read and send messages on your behalf. We request the minimum scopes required and never use Google user data for purposes outside delivering the ReplyBay service, in line with Google's API Services User Data Policy.
- WhatsApp Business API. Where connected, we process inbound and outbound WhatsApp messages through the official Business API to draft and send replies.
- Other channels and providers. Additional email, helpdesk, and messaging integrations operate on the same principle of least access.
These providers act as independent controllers of the data within their own platforms; their use of your data is governed by their respective privacy policies. You can revoke any integration's access at any time from your account settings or the provider's security dashboard.
09
Contact
For any privacy-related question, request, or complaint, please contact our Data Protection contact:
We will acknowledge your request promptly and respond within the timeframes required by the GDPR.