Privacy Policy

This Privacy Policy describes how Replora AI ("Replora", "we", "us") collects, uses, and shares information when you use our review management platform at reploraai.com and related services (the "Service").

1. Information We Collect

Account information: When you create an account, we collect your name, email address, business name, industry, and payment information (processed by Paddle — we do not store card numbers).

Google Business Profile data: When you connect your Google Business Profile, we access the following data via the Google My Business API:

• Your business location name and place ID
• Customer reviews — text, star rating, reviewer display name, and review date
• Your replies to reviews (both existing and those we post on your behalf)
• OAuth tokens required to authenticate with Google on your behalf

Usage data: We collect data about how you use the Service, including pages visited, features used, and errors encountered.

Device data: IP address, browser type, device type, and operating system for security and analytics purposes.

2. How We Use Google API Data

Replora AI's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we use Google Business Profile data only to:

• Display your reviews in the Replora dashboard
• Generate AI-powered reply suggestions using your review content
• Post replies to Google on your behalf when you authorise auto-reply
• Provide analytics on your review performance

We do not use Google API data for advertising, selling to third parties, or any purpose beyond providing the Service to you.

3. How We Share Your Information

We do not sell your personal data. We share data only with:

• Google LLC — to post replies and read reviews via the Google My Business API
• Supabase — our database provider (data stored in your selected region)
• Google Vertex AI (Gemini) — to generate AI reply text via Google Cloud. Only review content is sent — no personal identifiers, no reviewer data
• Paddle.com — payment processing. We do not receive or store your card details
• Resend — transactional email delivery
• Law enforcement when required by law

4. Data Retention

We retain your data for as long as your account is active. Review data synced from Google is retained for 12 months after disconnecting a location. You may request deletion at any time (see Section 7).

5. Security

We use industry-standard security: TLS 1.3 encryption in transit, AES-256 encryption for stored OAuth tokens, row-level security in our database, and SOC 2-compliant infrastructure providers. We do not store Google account passwords.

6. Cookies

We use only essential cookies required for authentication (session tokens stored in localStorage). We do not use advertising or tracking cookies.

7. Your Rights & Data Deletion

You have the right to access, correct, export, or delete your data at any time. To delete your account and all associated data, go to Dashboard → Settings → Account → Delete account, or visit our Data Deletion page, or email privacy@reploraai.com.

Upon account deletion we will permanently remove: your profile, connected locations, review data, AI-generated replies, usage logs, and OAuth tokens within 30 days.

8. Children's Privacy

Replora AI is not directed at children under 13. We do not knowingly collect data from children.

9. Changes to This Policy

We will notify you by email of material changes to this policy at least 14 days before they take effect.

10. Contact

Privacy questions: privacy@reploraai.com