This Privacy Policy describes how Replio LLC ("Replio," "we," "us," or "our") collects, uses, and protects information when you use our review management platform at app.repliohq.com and our website at repliohq.com (collectively, the "Service").

Replio is a B2B SaaS platform that helps multi-unit franchise restaurant operators manage their Google Business Profile reviews. We provide tools to fetch reviews, generate suggested reply drafts, and post owner replies on behalf of authorized business owners.

1. Information We Collect

1.1 Information You Provide

• Account information: name, email address, business name, business location.
• Authentication: when you sign in with Google, we receive your name, email, and Google account identifier.
• Payment information: processed by Stripe. Replio does not store credit card numbers.
• Team and access controls: emails of team members you invite to your Replio account.

1.2 Google User Data

When you authorize Replio to access your Google Business Profile (GBP), we request the https://www.googleapis.com/auth/business.manage scope. With your authorization, we access:

• The list of business locations you manage on Google
• Customer reviews left for those locations (including reviewer name, rating, review text, timestamp)
• Owner replies you or your team have posted to those reviews
• Basic business profile information (name, address, category)

We use this access to display reviews inside your Replio dashboard, generate AI-suggested reply drafts, and post owner replies you have explicitly approved back to Google on your behalf.

1.3 Usage Information

• Pages viewed, features used, and clicks within the Replio dashboard
• Device information (browser type, operating system)
• IP address and approximate location
• Login times and session activity

2. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Display your Google reviews inside the Replio dashboard
• Generate AI-suggested reply drafts using your business context and review content
• Post owner replies back to Google when you approve them
• Send transactional emails (daily coaching briefs, account notifications, billing)
• Provide customer support and respond to your inquiries
• Improve the Service and develop new features
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

3. Google API Services User Data Policy

Replio's use and transfer of information received from Google APIs adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We use Google user data only to provide and improve features that are user-facing and prominent in the Replio dashboard.
• We do not transfer Google user data to third parties except as necessary to provide the Service, comply with applicable law, or as part of a merger, acquisition, or sale of assets with the user's prior notice.
• We do not use Google user data for serving advertisements, and we do not allow humans to read Google user data unless we have your affirmative agreement, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or our use is limited to internal operations and the data has been aggregated and anonymized.

4. AI Processing

Replio uses Anthropic's Claude API to generate suggested reply drafts based on review content and your business context. When we send review content to Anthropic for draft generation, that content is subject to Anthropic's data handling terms. Anthropic does not train models on Replio API data per Anthropic's stated policy. We do not send personally identifiable customer information beyond what is publicly visible on the Google review itself (reviewer display name, rating, comment).

5. Data Sharing

We do not sell your personal information or your customers' review data. We share information only as follows:

• Service providers: Supabase (database and authentication hosting), Vercel (web hosting), Anthropic (AI processing), Stripe (payment processing), Mailgun (transactional email). Each is bound by data processing agreements.
• Within your organization: team members you have invited to your Replio account can view reviews, drafts, and reply history for the locations you have given them access to.
• Legal compliance: when required by law, court order, or to protect the rights, property, or safety of Replio, our users, or others.
• Business transfers: in the event of a merger, acquisition, or asset sale, with prior notice to affected users.

6. Data Retention

We retain your account information and review data for as long as your account is active. If you cancel your subscription, we retain your data for 90 days to allow reactivation, after which it is deleted from production systems within 30 days. Backups containing your data are retained for up to 12 months for disaster recovery and are then overwritten.

You may request earlier deletion at any time by emailing help@repliohq.com.

7. Your Rights and Choices

• Access and export: you can request a copy of the personal data we hold about you.
• Correction: you can update your account information from within the Replio dashboard or by emailing us.
• Deletion: you can request account and data deletion at any time.
• Revoke Google access: you can revoke Replio's access to your Google account at any time by visiting https://myaccount.google.com/permissions.
• Marketing communications: you can unsubscribe from non-essential emails using the link in each email.

To exercise any of these rights, contact help@repliohq.com.

8. Security

We implement industry-standard security measures including encryption in transit (TLS) and at rest, Row-Level Security on our database, OAuth-based authentication, scoped API tokens per customer, and regular security reviews. No system is perfectly secure. If we become aware of a breach affecting your data, we will notify you in accordance with applicable law.

9. Children

Replio is a B2B service intended for use by business owners and their teams. The Service is not directed to children under 16, and we do not knowingly collect personal information from children.

10. International Users

Replio is operated from the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of this page. For material changes, we will notify you by email or through the Replio dashboard before the change takes effect.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, contact us at:

Replio LLC
Email: help@repliohq.com