ReplyFlow is a software-as-a-service platform that allows businesses ("Customers") to embed an AI-powered chat widget on their websites. Visitors to those websites can interact with the widget to get answers, submit contact information, and request support. This Privacy Policy explains how ReplyFlow collects, uses, and protects data in connection with the ReplyFlow platform, dashboard, and chat widget.
Account Data — When a Customer registers for ReplyFlow, we collect the company name, email address, and a securely hashed password. We do not store plain-text passwords.
Chat Data — When a visitor uses a ReplyFlow-powered widget, we store the messages exchanged, timestamps, session identifiers, and associated metadata. This data is stored under the Customer's account and is only accessible to that Customer's authorised staff.
Lead Data — If a visitor submits their contact information through the pre-chat form (name, email address, phone number, and/or a message), that information is stored as a lead record linked to the Customer's account.
Technical Data — Our hosting infrastructure (Railway) may log IP addresses and user-agent strings as part of standard server operations. We do not use these for tracking or profiling beyond operational purposes.
Subscription payments are processed by Stripe. ReplyFlow does not store credit card numbers or full payment details on its own servers. Please review Stripe's Privacy Policy for information on how payment data is handled.
Visitor messages may be sent to a third-party AI provider to generate responses. Messages are used solely to produce a reply in context; they are not used to train external AI models on your behalf. The AI provider processes data in accordance with their own privacy policies and data processing agreements.
We do not sell personal data to third parties. We do not use visitor chat data for advertising.
Customer account data is retained for as long as the account is active. Chat sessions, leads, and associated data are retained to provide the service and may be deleted at the Customer's request. Technical log data is retained for a limited period for security and debugging purposes.
To request deletion of your account data or the data collected through your widget, please email us at lukoai1337@gmail.com. We will process reasonable requests within a reasonable timeframe.
We use industry-standard measures including password hashing (bcrypt), HTTPS, and access controls to protect stored data. No system is perfectly secure; we encourage Customers to use strong, unique passwords and to keep their login credentials confidential.
We may update this policy from time to time. Continued use of the service after changes are posted constitutes acceptance of the updated policy. Material changes will be communicated via email to registered accounts.
Questions about this policy? Email lukoai1337@gmail.com.