Privacy Policy

Last updated: June 2, 2026

1. Introduction

ReplyOnTheFly ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered review response service ("Service"). Please read this policy carefully.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, and password when you create an account
  • Business Information: Business name, address, and contact details
  • Payment Information: Billing address and payment method details (processed securely by our payment provider)
  • Communications: Any information you provide when contacting our support team

2.2 Information from Google APIs

When you connect your Google Business Profile, we access the following information through Google APIs:

  • Google Business Profile Information: Business name, location, and profile details
  • Reviews: Customer reviews, ratings, reviewer names, and review dates
  • Review Responses: Existing responses to reviews
  • Account Information: Google account email and name for authentication

2.3 Automatically Collected Information

  • Usage Data: How you interact with our Service, features used, and actions taken
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP address, access times, and pages viewed
  • Cookies: Session and preference cookies to enhance your experience

2.4 Information from Instagram (Meta)

If you use our Instagram sync feature and connect an Instagram professional (Business or Creator) account via Instagram Login, we access the following through the Meta/Instagram API using the instagram_business_basic permission:

  • Instagram Account Profile: Instagram account ID, username, and account type
  • Instagram Media: Your photos and videos, and their captions, permalinks, thumbnails, and timestamps
  • Access Token: A long-lived Instagram access token, stored encrypted, used solely to read the above on your behalf

We use this data only to copy your selected Instagram photos and videos to the Photos gallery of your own Google Business Profile. We do not access your Instagram comments, direct messages, or insights, and we do not request those permissions.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Provide the Service: Display your reviews, generate AI responses, and post replies to Google
  • Instagram Sync: Read your connected Instagram account's profile and media to publish your selected photos and videos to your Google Business Profile
  • Send Notifications: Alert you to new reviews via email
  • Process Payments: Handle subscription billing and transactions
  • Improve the Service: Analyze usage patterns to enhance features and user experience
  • Customer Support: Respond to your inquiries and provide assistance
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with applicable laws and regulations

4. Google API Services User Data Policy

ReplyOnTheFly's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we:

  • Only use Google user data for providing and improving user-facing features
  • Do not transfer Google user data to third parties except as necessary to provide the Service, comply with laws, or with your explicit consent
  • Do not use Google user data for advertising purposes
  • Do not allow humans to read Google user data unless required for security purposes, legal compliance, or with your explicit consent

5. Meta Platform Terms (Instagram Data)

Our access to and use of Instagram data obtained through the Meta Platform complies with the Meta Platform Terms and Developer Policies. Specifically, we:

  • Only use Instagram data to provide the user-facing Instagram-to-Google sync feature you enable
  • Do not sell Instagram data and do not use it for advertising
  • Share it only with the service providers needed to deliver the feature (see Section 6) and with Google, at your direction, to publish your media to your own Google Business Profile
  • Let you disconnect at any time and honor Meta deauthorization and data-deletion callbacks (see Sections 7 and 9)

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Service Providers: Third-party vendors who help us operate the Service, including cloud hosting and storage (Supabase, Vercel), payment processing, and email delivery
  • Google: When you post a review response, or sync an Instagram photo or video, we transmit it to Google on your behalf to publish to your Google Business Profile
  • AI Processing: Review content and Instagram post images/thumbnails are processed by AI services (OpenAI) to generate responses and to assess whether a photo or video is appropriate for your Google profile, subject to their privacy policies
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share information

7. Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. When you delete your account, we will delete or anonymize your personal information within 30 days, except where we are required to retain it for legal, tax, or regulatory purposes. Review data synced from Google is retained only while your account is active and is deleted upon account deletion or disconnection of your Google account. Instagram data is retained only while your Instagram account is connected: your encrypted Instagram access token and the record of synced media are deleted when you disconnect Instagram, when Meta sends us a deauthorization or data-deletion request, or when you delete your account. Temporary copies of media created to transfer a photo or video to Google are deleted immediately after the transfer completes. Photos and videos already published to your Google Business Profile remain there until you remove them from Google.

8. Data Security

We implement industry-standard security measures to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security assessments and monitoring
  • Limited employee access to personal data

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

9. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your account and personal information
  • Revoke Google Access: Disconnect your Google Business Profile at any time through your account settings or through your Google Account permissions
  • Revoke Instagram Access: Disconnect Instagram anytime from the Instagram Sync page in your account, or remove our app from your Instagram apps and websites settings. You may also request deletion of your Instagram data by emailing privacy@replyonthefly.com; automated Meta deauthorization and data-deletion requests are honored.
  • Email Preferences: Unsubscribe from marketing emails using the link in any email
  • Data Portability: Request your data in a portable format

To exercise these rights, contact us at privacy@replyonthefly.com.

10. Cookies and Tracking

We use cookies and similar tracking technologies to enhance your experience. You can control cookies through your browser settings. Disabling cookies may affect some features of the Service.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will delete it promptly.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

13. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, request deletion, and opt out of the sale of personal information. We do not sell personal information.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

15. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

ReplyOnTheFly

Email: privacy@replyonthefly.com

Support: support@replyonthefly.com