Privacy Policy
Last updated: May 19, 2026
1. Who We Are
Replyly AI ("Replyly", "we", "us") is a Gmail email-refinement assistant operated by Shaodong Xu. Our service is accessible at mailreplyly.com and through a Chrome browser extension.
Questions about this policy: support@mailreplyly.com
2. Information We Collect
a. Account Information
When you sign in with Google, we receive your email address and Google account identifier via OAuth. We store these in our database to manage your account and subscription.
b. Email Content
When you click the Replyly button inside Gmail, the text you have typed in the compose window is sent to our server and forwarded to a third-party AI provider for refinement. We do not store your email content. It is processed in memory and discarded immediately after the refined text is returned to you.
c. Device Identifier
The Chrome extension generates a random UUID ("device ID") stored locally in your browser. We use this to track anonymous usage counts (free-tier limit of 5 refinements per day) before you sign in.
d. Usage Data
We record the number of refinements you perform each day, the length of input and output text, the AI model used, and request latency. This data is used to enforce usage limits and improve the service.
e. Payment Information
Subscription payments are processed by Stripe. We do not store your card number, CVV, or any raw payment credentials. We receive and store your Stripe customer ID and subscription status.
3. How We Use Your Information
- To refine your emails using AI.
- To enforce the free-tier daily limit (5 refinements/day).
- To manage your Pro subscription and billing.
- To communicate service-related updates to your registered email address.
- To monitor service performance and diagnose errors.
We do not sell your personal information to any third party.
4. Third-Party Services
To operate Replyly, we share data with the following trusted service providers:
| Provider | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication & database | Email, user ID, usage counts |
| Stripe | Payment processing | Email, subscription details |
| DeepSeek / OpenAI / Google Gemini | AI email refinement | Email content (not stored by us) |
| Google OAuth | Sign-in | Google account email & ID |
Each provider operates under its own privacy policy and is bound by data processing agreements where applicable.
5. Data Retention
- Email content: never stored; discarded after processing.
- Account & subscription data: retained while your account is active and for up to 90 days after deletion.
- Usage logs: retained for 12 months for analytics and troubleshooting.
- Device ID: stored locally in your Chrome extension; cleared when you uninstall the extension.
6. Cookies and Local Storage
Replyly does not use advertising cookies. We use:
- Chrome extension local storage — to remember your device ID, authentication token, and Pro status so you stay logged in across Gmail sessions.
- Browser localStorage on mailreplyly.com — to maintain your Supabase authentication session.
7. Your Rights
You may at any time:
- Access or correct your account data by contacting us.
- Delete your account by emailing us; we will remove your profile and associated data within 30 days.
- Withdraw consent by uninstalling the Chrome extension and deleting your account. This does not affect processing already performed.
To exercise any right, email support@mailreplyly.com.
8. Security
We use HTTPS for all data in transit. Database access is restricted via row-level security policies. API endpoints verify your identity using cryptographically signed JSON Web Tokens issued by Supabase.
9. Children
Replyly is not directed at children under 13. We do not knowingly collect personal information from anyone under 13.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last updated" date. Your continued use of Replyly after changes constitutes acceptance.
11. Contact
Replyly AI, operated by Shaodong Xu
Email: support@mailreplyly.com
12. India — Digital Personal Data Protection Act 2023 (DPDP Act)
Replyly complies with India's Digital Personal Data Protection Act, 2023 ("DPDP Act"). As a Data Fiduciary, we collect and process personal data only for the purposes described in this policy and with your implicit or explicit consent.
Your rights under the DPDP Act
- Right to access information — You may request a summary of the personal data we hold about you and how it is being processed.
- Right to correction and erasure — You may request that we correct inaccurate data or erase your data where we are no longer required to retain it.
- Right to grievance redressal — You may raise a grievance with us and we will respond within a reasonable timeframe.
- Right to withdraw consent — You may withdraw your consent at any time by deleting your account. Withdrawal does not affect processing already performed.
Grievance Officer
For any privacy-related grievance or request under the DPDP Act, contact our designated point of contact:
Email: support@mailreplyly.com
We aim to acknowledge all grievances within 48 hours and resolve them within 30 days.
Data localisation
Your account and usage data is stored on servers operated by Supabase (US-based). Email content sent for AI refinement is processed by our AI provider and is immediately discarded — it is not stored in any jurisdiction.
© 2026 Replyly AI, operated by Shaodong Xu. All rights reserved.