Privacy Policy

Last updated: March 4, 2026

1. Introduction

ReplyBase ("we", "us", "our") operates replybase.xyz. This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service. We are committed to being transparent about what data we collect and why.

2. Information We Collect

We collect the following information:

  • Account information: Email address and password when you register
  • Profile information: Product description, background, communication style, expertise, target audience, and platform usernames you optionally provide
  • Usage data: Keywords you monitor, opportunities you interact with, replies you generate and rate
  • Technical data: IP address, browser type, pages visited, timestamps

We do not collect: your social media passwords, private messages or DMs on any platform, financial card details, biometric data, or precise location data.

3. How We Use Your Information

We use your information to:

  • Provide and operate the Service
  • Personalize AI-generated reply suggestions based on your profile context
  • Process payments through our payment processor
  • Send transactional emails (account updates, billing notifications, new opportunity alerts)
  • Improve the Service based on aggregated usage patterns
  • Comply with legal obligations

4. How Your Profile Context Is Used for AI

When you provide personal or product context in your Settings (such as your product description, communication style, background, or reply guidelines), this information is transmitted to Anthropic's API to generate personalized reply suggestions. This data is processed in accordance with Anthropic's Privacy Policy and API Terms of Use.

We do not use your profile data, keywords, or AI-generated drafts to train any AI models. Your data is processed solely to provide the Service to you.

5. Social Media Data We Access

  • Twitter/X: We use TwitterAPI.io to search public tweets. We store tweet content, author username, and public engagement metrics for opportunities we surface to you. We do not access your Twitter account directly.
  • Reddit: If you connect your Reddit account via OAuth, we store your Reddit access token to verify replies you have posted. We do not store your Reddit password. You can disconnect this at any time from Settings.
  • YouTube, Hacker News, Dev.to, Indie Hackers: We access only publicly available post and comment data through their public APIs. No account credentials are stored.

6. Third-Party Services

We use the following third-party services that may process your data:

VendorPurpose
SupabaseDatabase and authentication (hosted on AWS)
AnthropicAI reply generation (governed by Anthropic's Privacy Policy)
TwitterAPI.ioTwitter/X public content search
Payment ProcessorSubscription billing (we do not store card details)
ResendTransactional email delivery
Netlify / VercelApplication hosting

Each vendor acts as a data processor on our behalf and may only use your data for the stated purpose.

7. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We only share data with the third-party services listed above as strictly necessary to operate the Service.

8. Data Storage

Your data is stored securely using Supabase with row-level security enabled. Data is stored on servers located in the United States. By using the Service, you consent to this transfer.

9. Cookies

We use essential cookies for authentication and session management only. We do not use advertising or tracking cookies, and we do not sell data to ad networks.

10. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data
  • Withdraw consent for optional processing (e.g., marketing emails) at any time

To exercise these rights, contact us at hello@replybase.xyz.

11. India: Digital Personal Data Protection Act (DPDPA) 2023

If you are located in India, your personal data is processed in accordance with India's Digital Personal Data Protection Act, 2023. Under this law, you have the right to access, correct, and erase your personal data, and to raise grievances about how your data is handled. To exercise these rights, contact us at hello@replybase.xyz.

12. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data will be deleted within 30 days, except where we are required by law to retain it. API usage logs are retained for 30 days. Aggregated, anonymized analytics data may be retained indefinitely.

13. Security

We implement industry-standard security measures including encrypted connections (HTTPS), row-level security on our database, and secure authentication. However, no method of transmission over the internet is 100% secure.

14. Children's Privacy

The Service is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided personal data, we will delete it immediately.

15. Changes to This Policy

We will notify you of material changes to this Privacy Policy via email at least 14 days before changes take effect. Your continued use of the Service after the effective date constitutes acceptance.

16. Contact

If you have any questions about this Privacy Policy, please contact us at hello@replybase.xyz.