Privacy Policy

What we collect

• Account data: Supabase user ID, email address, and account creation time.
• Usage data: server-side generation counters used to enforce the free trial.
• Abuse prevention metadata: minimal technical signals such as timestamps, endpoint counts, and IP-derived signals.
• Subscription data: Stripe customer ID, Stripe subscription ID, status, price ID, and billing period end date.
• Billing-related metadata from Stripe needed to verify and maintain subscription status.

We store minimal account data, usage counts, and subscription status.

We apply rate limits and abuse prevention to protect reliability; excessive automated usage may be throttled.

What we do not store

• Inbox email threads you paste into the app
• Generated reply text as persistent server records
• Full payment card numbers

We do not store your emails on our servers. Email content is sent to OpenAI only to generate the reply.

Third-party services

We use trusted third-party providers to operate the service. These may include Vercel (hosting/infrastructure), Supabase (authentication/database), OpenAI (AI response generation), Stripe (billing/subscription processing), and FastComet (email delivery and support communication). These providers process data only as necessary to deliver the service.

Pasted email content, style-training samples, and support-knowledge inputs may be sent to OpenAI only when you run the related feature, only to provide that feature, and are not stored by RepliStack as persistent server records.

We do not use your data to train AI models.

Providers such as Vercel, Supabase, OpenAI, Stripe, Google Analytics, and FastComet may process data outside the EU/EEA. Where applicable, we rely on provider safeguards and contractual protections for those transfers.

OpenAI data handling is governed by OpenAI policies. See OpenAI Privacy Policy.

Stripe data handling is governed by Stripe policies. See Stripe Privacy Policy.

Supabase data handling is governed by Supabase policies. See Supabase Privacy Policy.

Contact and support requests

When you email support@replistack.com or contact us for help, we may process your email address, message content, and any other information you choose to include. We use that information to respond to support, billing, privacy, subscription, product, or bug-report requests, and for any related follow-up needed to handle the request.

We keep related records only as long as needed to handle the request and for necessary follow-up, then retain them only where we need to keep records for security, dispute resolution, tax/accounting, or legal compliance.

Cookies and local storage

• Auth cookies: Supabase auth cookies are used to keep you signed in.
• Browser storage: your app draft state, cookie-consent state, share/debug/telemetry state, post-checkout or session markers, style profile, and support knowledge base may be stored in your browser.

You can remove local browser data from the app using "Clear all local data" or by clearing site data in your browser.

Chrome extension data

If you use the RepliStack Chrome extension, the extension may store data in browser extension storage such as the backend URL, auth email or session token, tone and length defaults, synced style profile, synced knowledge base, captured email draft, reply guidance, and generated reply draft.

That data remains in your browser or extension storage until it is cleared, overwritten, disconnected, removed by you, or removed by your browser or extension environment.

Analytics and cookies

We use Vercel Web Analytics on public marketing pages and CTA clicks to understand aggregated traffic and page performance. It does not use the standard analytics-cookie consent flow on this site.

Google Analytics 4 is optional and loads only after you explicitly accept analytics cookies. We use it to understand usage, performance, and conversion flow in aggregate across the public site and any app surfaces where the analytics component is loaded.

Google Analytics may process page URL, referrer, browser/device details, approximate location, timestamps, and events such as page views and key CTA interactions.

Your analytics choice is stored locally in your browser so we can remember it on later visits.

You can accept or reject analytics cookies and change that choice later from Cookie settings in the footer or on the Cookies page. We do not sell personal data.

Retention and deletion

We keep account, usage, and subscription records while your account is active and for a limited period afterward when needed for security, dispute resolution, tax/accounting, or legal compliance.

You can request account deletion by contacting support. We will delete or anonymize personal data unless retention is legally required.

Your rights (GDPR/EEA)

Depending on your location, you may have rights to:

• Access personal data we hold about you
• Request correction of inaccurate data
• Request deletion of personal data
• Object to or restrict certain processing
• Request data portability where applicable

To exercise these rights, contact support@replistack.com.

Operator and controller details

RepliStack is operated by KAIZEN EVO SRL, which acts as the data controller for the personal data described in this policy.