1. Introduction
ReplyzeAI ("we", "us") respects your privacy. This policy explains how we handle data for our AI-powered email response and proposal generation service that integrates with your Gmail account.
GDPR/CCPA Compliance
We adhere to global data protection regulations including GDPR and CCPA. EU residents have specific rights outlined in Section 5.
2. Data We Collect
2.1 Account Data
- Name & contact information
- Payment details (processed by Stripe)
- OAuth credentials for Gmail access
- Company information
2.2 Email & Document Content
- Email text, metadata, and attachments
- AI-generated email replies and proposals
- User feedback on AI suggestions
- Extracted text from PDFs and images
- Generated DOCX and PDF documents
2.3 Technical Data
- IP addresses
- Browser/device information
- Usage patterns and feature interactions
- Automation logs (via GitHub Actions)
| Data Type |
Purpose |
Legal Basis |
| Email Content |
AI Processing & Response Generation |
Contractual Necessity |
| Document Content |
Proposal generation and OCR processing |
Contractual Necessity |
| Usage Data |
Analytics |
Legitimate Interest |
| Account Data |
Service Provision & Billing |
Contractual Obligation |
3. Gmail Integration
When you connect your Gmail account:
- We request gmail.compose scope via OAuth 2.0
- We store OAuth tokens to send emails on your behalf
- We only access emails necessary for generating responses
- You can revoke access at any time via Google settings
🔐 Security Note: We never store your Gmail password. All access is token-based and encrypted.
4. AI & Document Processing
Our AI system processes content using Hugging Face models:
- Email content is processed to generate contextual replies
- PDFs/images are extracted using pdf2image and pytesseract
- Proposals are generated using docxtpl templates
- AI models analyze communication patterns
⚠️ Training Data: ReplyzeAI does not use any user email content to train, fine‑tune, or improve any AI or machine‑learning models. All inference is performed on pre‑trained models, and no user messages are ever used for training or analysis beyond the immediate drafting of replies.
5. Data Sharing & Disclosure
We only share data under these circumstances:
5.1 Service Providers
- Hugging Face (AI model processing)
- Google Cloud (Gmail API)
- Supabase (Database storage)
- Render (Application hosting)
- GitHub (Automation workflows)
5.2 Legal Requirements
- When required by law
- To protect our rights
- For fraud prevention
🔒 No Data Selling: We never sell personal data to advertisers or data brokers.
6. Usage Limitations
Our service includes usage limits:
- Free Tier: Limited to 20 AI-generated emails/day
- We track email counts for billing and limits enforcement
- Document processing limits based on subscription level
ℹ️ Transparency: You can view your usage metrics in the Dashboard at any time.
7. Your Rights
For EU/UK Residents (GDPR)
- Right to Access: Request copies of your data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion under certain conditions
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to certain processing
For California Residents (CCPA)
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information
- Right to non-discrimination for exercising CCPA rights
To exercise these rights, please contact us at replyzeai@gmail.com.
8. Security Measures
We implement enterprise-grade security including:
- End-to-end encryption for all communications
- OAuth token encryption at rest
- Regular security audits of our infrastructure
- Role-based access controls
- GDPR-compliant Data Processing Agreements
- Secure credential handling in GitHub Actions
9. Data Retention
We retain data only as long as necessary:
| Data Type |
Retention Period |
| Account Data |
3 years after account closure |
| Email Content |
90 days from processing |
| Document Content |
60 days from generation |
| OAuth Tokens |
Until user revocation |
10. Policy Updates
We may update this policy periodically. Significant changes will be communicated via:
- Email notification to account holders
- In-service announcements
- Updated "Last Updated" date
Your continued use after changes constitutes acceptance.
11. Contact Information
Data Protection Officer
Alexandra Chen
EU Representative
ReplyzeAI EU Ltd.