Privacy Policy

Last Updated: July 3, 2026

1. Overview.

ReplyApp Inc. (“Reply,” “we,” “us,” or “our”) provides sales engagement, communication automation, AI-powered workflow, mailbox infrastructure, and related software and services (collectively, the “Services”). This Privacy Policy describes how Reply collects, uses, discloses, stores, transfers, and otherwise processes personal information in connection with the Services, our websites, integrations, applications, communications, and business operations.

Your data belongs to you. Reply’s infrastructure and Services are designed to give you control over your information and to protect its security and privacy. We seek to limit collection of personal information to what is reasonably necessary to provide, secure, maintain, and improve the Services, and we seek to process personal information proportionate to the purposes described in this Policy. We do not sell your personal information, and we do not use it to serve advertising.

This Privacy Policy applies to personal information processed by Reply in its capacity as a controller, business, or equivalent role under applicable privacy law. In circumstances where Reply processes personal information solely on behalf of a customer in connection with customer-controlled communications, campaigns, contact databases, CRM records, mailbox content, or similar customer data, Reply generally acts as a processor, service provider, or equivalent role under applicable law. In those circumstances, our processing is governed by our agreements with the customer, including any applicable Data Processing Agreement (“DPA”).

Capitalized terms not defined in this Privacy Policy have the meanings given to them in the Terms of Service.

2. Personal Information We Collect.

We may collect personal information directly from You, automatically through Your use of the Services, from integrations and connected accounts, from customers and users of the Services, from publicly available sources, from third-party service providers and data providers, and from other parties You authorize to share information with us.

The personal information we collect depends on how You interact with the Services, but generally includes account registration information, business contact information, billing and subscription information, communications content, customer relationship management data, authentication credentials, device and browser information, IP address, usage and activity information, support communications, event and webinar participation information, AI Inputs and AI-Generated Content, mailbox and infrastructure information, and information relating to integrations with third-party services.

Where permitted by applicable law, Reply may also collect or receive publicly available professional information and business contact information from professional networking platforms, company websites, publicly available databases, customer contributions, surveys, interviews, licensed data providers, and other lawful business sources.

Reply does not intentionally collect highly sensitive personal information such as Social Security numbers, government-issued identification numbers, financial account credentials, payment card authentication values, or special category personal data unless specifically required to provide the Services and expressly authorized under applicable agreements.

3. How We Use Personal Information.

Reply uses personal information to provide, operate, maintain, support, secure, improve, and develop the Services and related business operations. This includes authenticating users and administering accounts; processing transactions and managing subscriptions; providing customer support and troubleshooting; operating communication workflows and campaign functionality; enabling mailbox infrastructure and integrations; providing AI-powered features and automation; monitoring deliverability and platform abuse; detecting spam, fraud, security incidents, and unlawful activity; enforcing our agreements and policies; personalizing user experience and product functionality; conducting analytics, research, testing, and product improvement; communicating with customers and users; administering events, webinars, surveys, and marketing activities; complying with legal obligations; and protecting the rights, safety, and security of Reply, our users, customers, service providers, and third parties.

Reply may also use aggregated, de-identified, or anonymized information for lawful business purposes, including analytics, benchmarking, research, and product improvement.

4. Lawful Bases for Processing.

Where required by applicable law, including GDPR and UK GDPR, Reply processes personal information pursuant to one or more lawful bases. Depending on the nature of the processing activity and the applicable jurisdiction, these bases may include performance of a contract with You or the relevant customer; compliance with a legal obligation; legitimate interests pursued by Reply or a third party, where those interests are not overridden by Your rights and interests; consent, where obtained; protection of vital interests; and other lawful bases permitted under applicable law.

Where Reply relies on legitimate interests as a lawful basis, we take into account the rights and interests of affected individuals and process personal information only to the extent those interests are not overridden by applicable privacy rights.

Where Reply processes personal information as a processor on behalf of a customer, the customer is responsible for determining and documenting the applicable lawful basis for processing.

5. Our Role as Controller and Processor.

Reply processes personal information in different capacities depending on the nature of the Services and the relationship with the individual whose information is involved.

Reply generally acts as a controller, business, or equivalent role with respect to account registration information, subscription and billing information, website usage data, customer support communications, marketing and sales activities, event participation, Reply Database information, business contact information collected for Reply’s own business purposes, and information relating to the operation, security, and improvement of the Services.

Reply generally acts as a processor, service provider, or equivalent role when processing customer-controlled information through the Services, including prospect and contact records uploaded by customers, communications sent through customer campaigns, customer CRM information, mailbox data processed through Infrastructure Services, customer AI Inputs, and related customer content processed on behalf of customers.

Customers are generally responsible for determining the lawful basis for processing personal information submitted to the Services and for ensuring that their use of the Services complies with applicable law.

6. AI Features and AI Processing.

Reply offers AI-powered features that may use third-party AI providers and models to generate content, automate workflows, classify responses, summarize information, personalize communications, and perform related functions.

Customers may submit prompts, instructions, templates, communications, contact information, and other content (“AI Inputs”) to AI-powered features. AI-powered features may generate responses, drafts, summaries, recommendations, classifications, or other outputs (“AI-Generated Content”).

Reply may use third-party AI providers to process AI Inputs and generate AI-Generated Content. Reply requires third-party AI providers, through applicable agreements and provider settings, not to use customer AI Inputs for generalized model training except where expressly authorized by the customer.

AI-Generated Content may be inaccurate, incomplete, misleading, offensive, non-unique, or unsuitable for particular purposes. Customers are responsible for reviewing and validating AI-Generated Content before use, including before sending communications or relying on AI-Generated Content recommendations.

Reply does not use AI Features to make legally significant decisions about individuals without meaningful human involvement.

Additional terms governing AI-powered features are set forth in the AI Features Terms.

7. Google Workspace and Third-Party Integrations.

If You connect a Google Workspace, Gmail, Microsoft 365, CRM, social networking platform, or other third-party account or integration to the Services, Reply may access and process information from those integrations as reasonably necessary to provide the Services and related functionality requested by You.

For Gmail and Google Workspace integrations, Reply’s use and transfer of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use Requirements. Reply does not use data obtained from Google APIs for advertising purposes, including personalized, re-targeted, or interest-based advertising.

When You connect a Gmail account, Reply accesses Your inbox to detect and classify replies to emails sent through the Services and to provide related functionality requested by the customer. Our servers store only the emails You have sent via Reply and any responses You received to those emails — not Your broader mailbox content. Reply also stores Your authentication token and account email address, which are secured and used only to provide the Services, including logging into Your account, sending emails through the platform, and accessing emails You sent and replies You received.

Reply’s employees, contractors, and other personnel are not permitted to access Your personal information, including data obtained through Google APIs, except with Your affirmative agreement. We may access user data solely to resolve a support issue, provide usage guidance, or address a security investigation, or as required by applicable law. Reply does not voluntarily disclose such data to third parties except as authorized by the customer, required by applicable law, necessary to provide the Services, or otherwise permitted under applicable agreements.

If You disconnect a third-party integration or close Your account, Reply will delete or de-identify associated integration data within commercially reasonable timeframes, generally within 60 days, unless retention is required by law, reasonably necessary for security, fraud prevention, backup integrity, dispute resolution, or otherwise permitted under applicable agreements.

8. Reply Database and Business Contact Information.

Reply maintains business contact databases and enrichment systems used in connection with the Services. Information maintained in the Reply Database may include names, employer information, business contact details such as business telephone numbers and business email addresses, job titles, office locations, professional social media information, and publicly available professional information.

Reply collects this information from publicly available sources including business and employment-oriented social networks, recruitment websites, and company websites, as well as from customer contributions, licensed data providers, surveys, interviews, and other lawful business sources. Where permitted by applicable law, Reply may infer a likely business email address format based on the email address structure understood to be used by the employer company where a direct business email address is not available.

Reply does not seek to collect personal email accounts, home addresses, government identifiers, payment card information, or special category personal data for the Reply Database. Individuals may request correction, deletion, suppression, or removal of business contact information by contacting us at [email protected].

9. How We Share Personal Information.

Reply may disclose personal information to service providers, sub-processors, infrastructure providers, hosting providers, AI providers, analytics providers, payment processors, authentication providers, customer-requested integrations, professional advisors, affiliates, regulators, law enforcement authorities, courts, counterparties in corporate transactions, and other parties where required by law or authorized by You. Additional information regarding Reply’s sub-processors and infrastructure providers may be available through Reply’s DPA, Trust Center, or sub-processor disclosures.

Reply may also disclose personal information where reasonably necessary to comply with applicable law or legal process; enforce our agreements and policies; investigate fraud, abuse, spam, security incidents, or unlawful activity; protect the rights, property, safety, and security of Reply, our customers, users, service providers, or third parties; or support mergers, acquisitions, financings, reorganizations, or asset transfers.

Reply does not sell personal information in exchange for monetary compensation and does not knowingly share personal information for cross-context behavioral advertising purposes. Where Reply shares personal information with third parties for purposes materially different from those for which it was originally collected, Reply provides the opportunity to opt out. For sensitive personal information, Reply will obtain affirmative express consent (opt-in) before any such disclosure.

10. Cookies, Analytics, and Similar Technologies.

Reply uses cookies, pixels, local storage, analytics technologies, and similar technologies to operate the Services, remember user preferences, authenticate users, analyze usage, improve functionality, measure campaign performance, maintain security, and support marketing and advertising activities. Our websites may also include social media features and widgets, such as sharing buttons or embedded content, which may collect Your IP address, the page You are visiting, and set a cookie to enable the feature to function properly. Those features are hosted or operated by third parties and are governed by their own privacy policies, not this one.

Depending on Your jurisdiction, You may be able to control certain cookie and analytics preferences through browser settings, consent tools, or other mechanisms made available through the Services. Some browsers and extensions support Global Privacy Control (“GPC”) or similar preference signals. Reply recognizes such signals where required by applicable law. Except where required by applicable law, the Services do not respond differently to browser “Do Not Track” signals.

11. Data Retention.

Reply retains personal information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, enforce agreements, maintain security and fraud-prevention protections, and support legitimate business operations. Following account cancellation, Reply will delete account data within commercially reasonable timeframes, generally within 60 days, except that Reply may retain limited information for legal compliance, security, fraud prevention, backup integrity, financial recordkeeping, dispute resolution, and enforcement purposes as required or permitted by law. Retention periods otherwise vary depending on the nature of the information, applicable legal requirements, customer instructions, and operational necessity.

12. Security.

Reply uses administrative, technical, physical, and organizational safeguards designed to protect personal information against unauthorized access, disclosure, alteration, destruction, misuse, and loss. These safeguards include access controls, encryption technologies, authentication mechanisms, logging and monitoring tools, contractual confidentiality obligations, infrastructure security measures, and internal security policies and procedures. Connections to the Services are generally protected using encrypted communications technologies such as SSL/TLS, and personal information processed on behalf of customers is encrypted via database encryption.

No method of transmission, storage, or security measure is completely secure, and Reply cannot guarantee absolute security. Questions about the security of Your personal information may be directed to [email protected].

13. International Transfers.

Reply may transfer, process, and store personal information in the United States and other jurisdictions in which Reply, its affiliates, sub-processors, service providers, AI providers, or infrastructure providers operate. Personal information transferred outside its country of origin may be accessible to foreign courts, law enforcement authorities, or regulators under applicable law.

Where required by applicable law, Reply implements appropriate safeguards for international transfers of personal information, including contractual safeguards, Data Privacy Framework participation, and other lawful transfer mechanisms. For personal data transferred from the European Union, the United Kingdom, and Switzerland, Reply relies on the Data Privacy Frameworks as described in Section 14 below.

14. Data Privacy Framework Notice.

We comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as set forth by the U.S. Department of Commerce. We have certified to the U.S. Department of Commerce that it adheres to the applicable Data Privacy Framework Principles regarding the processing of personal data received from the European Union, the United Kingdom (and Gibraltar), and Switzerland in reliance on the applicable Data Privacy Frameworks.

Reply’s commitments under the Data Privacy Frameworks apply to personal data other than human resources data transferred from the European Union, the United Kingdom, and Switzerland.

If there is any conflict between the terms of this Privacy Policy and the applicable Data Privacy Framework Principles, the applicable Principles shall govern. To learn more about the Data Privacy Framework program and to view our certification, please visit https://www.dataprivacyframework.gov/.

ReplyApp Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

Pursuant to the Data Privacy Frameworks, individuals have the right to obtain our confirmation of whether we maintain personal information relating to them in the United States. Upon request, we will provide access to the personal information that we hold about them. Individuals may also correct, amend, or delete the personal information we hold about them. Requests should be submitted to [email protected]. If requested to remove data, we will respond within a reasonable timeframe.

Reply provides individuals with the opportunity to opt out of disclosures of their personal data to third parties or of uses of their personal data for purposes materially different from those for which it was originally collected or subsequently authorized. For sensitive personal information, Reply will obtain affirmative express consent (opt-in) before such disclosure or use. To request to limit the use and disclosure of Your personal information, please contact us at [email protected].

In certain situations, Reply may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

ReplyApp Inc. remains responsible and liable under the Data Privacy Framework Principles if third-party agents that it engages to process personal data on its behalf do so in a manner inconsistent with the Principles, unless ReplyApp Inc. proves that it is not responsible for the event giving rise to the damage.

In compliance with the Data Privacy Framework Principles, ReplyApp Inc. commits to resolve complaints relating to personal information received pursuant to the Data Privacy Frameworks. Individuals with inquiries or complaints regarding Data Privacy Framework compliance should first contact Reply at [email protected].

ReplyApp Inc. has further committed to refer unresolved privacy complaints under the Data Privacy Framework Principles to BBB National Programs, an independent dispute resolution provider located in the United States. If You do not receive timely acknowledgment of Your complaint, or if Your complaint is not satisfactorily addressed, please visit https://www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge.

Under certain circumstances, individuals may also be able to invoke binding arbitration for residual claims not resolved through other redress mechanisms. See https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction.

15. Anti-Spam and Communications Compliance.

Reply is committed to responsible communications practices and actively monitors the Services to detect and prohibit the use of the Services to send unsolicited, deceptive, or unlawful communications. Compliance with Reply’s Terms of Service is a condition of use of the Services.

All customers are required to include a functioning opt-out or unsubscribe mechanism in commercial and promotional messages sent through the Services and to honor applicable unsubscribe and removal requests in accordance with applicable law. Violations of the Terms of Service may result in suspension or termination of access to the Services, with or without advance notice.

Additional communications compliance requirements, prohibited practices, and jurisdiction-specific requirements are set forth in the Terms of Service, Acceptable Use Policy, Mailbox and Domain Services Terms, and Jurisdiction-Specific Terms Appendix.

16. Your Privacy Rights.

Depending on Your jurisdiction and subject to applicable law, You may have rights relating to Your personal information. These include the right to access personal information we hold about You; to correct inaccurate information; to request deletion; to object to or restrict certain processing activities; to withdraw consent; to receive a portable copy of certain information; to appeal certain decisions; and to opt out of certain processing activities. To exercise any of these rights, please contact us at [email protected]. Reply may take reasonable steps to verify requests before responding.

17. U.S. State Privacy Rights.

Residents of certain U.S. states may have additional rights under applicable privacy laws, including the California Consumer Privacy Act (“CCPA”), California Privacy Rights Act (“CPRA”), Virginia Consumer Data Protection Act, Colorado Privacy Act, Connecticut Data Privacy Act, Utah Consumer Privacy Act, and similar laws. Subject to applicable law, residents of these jurisdictions may have rights relating to access, deletion, correction, portability, opt-out rights, appeals, and limitations on certain processing activities. Reply does not sell personal information in exchange for monetary compensation and does not knowingly share personal information for cross-context behavioral advertising purposes.

Where required by applicable law, individuals whose privacy rights requests are denied in whole or in part may appeal the decision by contacting Reply at [email protected].

To exercise applicable privacy rights, please contact us at [email protected].

18. Canadian Privacy Rights.

If You are located in Canada, applicable Canadian privacy laws, including PIPEDA and substantially similar provincial privacy laws, may provide You with rights relating to access, correction, withdrawal of consent, and complaints regarding the handling of Your personal information. Reply may process and store personal information outside Canada, including in the United States and other jurisdictions where Reply or its service providers operate. Personal information transferred outside Canada may be accessible to foreign courts, law enforcement authorities, or regulators under applicable law. Questions or requests relating to Canadian privacy rights may be directed to [email protected].

19. European Privacy Rights.

Individuals located in the European Economic Area, United Kingdom, and Switzerland may have additional rights under GDPR, UK GDPR, and related laws, including rights relating to access, correction, deletion, portability, restriction, objection, withdrawal of consent, and complaints to supervisory authorities. Where Reply processes personal information as a processor on behalf of a customer, individuals should generally direct requests relating to customer-controlled data to the relevant customer.

20. Children’s Privacy.

The Services are intended for business and professional use and are not directed to children under the age of 13 or other minimum age thresholds applicable under local law. Reply does not knowingly collect personal information directly from children in violation of applicable law. If You believe that Reply has collected information about a child under 13, please contact us at [email protected] so that we may delete the information.

21. How to Unsubscribe.

You may unsubscribe from Reply’s own marketing communications by clicking the “unsubscribe” link in any marketing email we send You, or by contacting us at [email protected]. Customers cannot opt out of receiving transactional emails or operational notices related to their accounts or the Services.

If You have received communications sent by a Reply customer through the Services and wish to unsubscribe, You should use the unsubscribe mechanism in those communications, reply requesting removal, or contact the customer directly. Reply customers are required under the Terms of Service and applicable law to honor applicable unsubscribe and removal requests in accordance with applicable law.

22. Third-Party Websites and Services.

The Services may contain links to third-party websites, applications, services, and integrations that are not controlled by Reply. Reply is not responsible for the privacy, security, or data handling practices of third parties. Your use of third-party services is governed by the policies and agreements of those third parties.

23. Changes to this Privacy Policy.

Reply may update this Privacy Policy from time to time to reflect changes in the Services, legal requirements, technology, industry standards, or business operations. If we make material changes, we may provide notice through the Services, by email, or through other reasonable means consistent with applicable law. Your continued use of the Services after any such changes constitutes acceptance of the revised Policy.

24. Contact Information.

Questions, requests, or complaints regarding this Privacy Policy or Reply’s privacy practices may be directed to [email protected].