Privacy Policy

Transparency about how we collect, use, and protect your data.

🔒 ReplyBites Privacy Policy

Effective date: 20 Nov 2025

1. Who we are

ReplyBites (“we”, “us”, “our”) provides AI-assisted tools to help Instagram creators and businesses reply to comments and send private replies (DMs) on Instagram.

2. What we collect

We collect information necessary to provide and improve our service.

2.1. Account and Authentication Data

  • Email, name (from your authentication provider, used for account management).
  • Instagram account identifiers and Page access tokens (stored encrypted, used to access your Instagram data).

2.2. Usage and Content Data

  • Comments on your Instagram posts (text, commenter metadata obtained via the Instagram Graph API).
  • AI-generated replies (public comment replies and private replies/DM drafts).
  • Configuration and preferences (tone, emoji level, delays, rules for auto-reply).
  • Basic usage counts (daily auto-replies, tokens used for AI).

2.3. Technical Data

  • Logs and diagnostics (timestamps, endpoint names, non-sensitive metadata for service monitoring).

3. How we use data

We use the data we collect for the following purposes:

  • Provide Core Features: Fetch comments, generate AI replies, and send public replies or private replies (DMs) on your behalf, applying your configured rules and preferences.
  • Improve Reliability and Quality: Monitor errors, performance, and conduct safety checks (e.g., basic profanity filtering).
  • Support, Billing, and Compliance: Handle customer support requests, manage billing (if applicable), and comply with legal obligations.

4. Legal bases for processing

Our legal grounds for processing your data are:

  • Contract: To fulfill the service agreement and provide the features you have requested.
  • Legitimate Interests: For service reliability, security, and non-intrusive service improvement.
  • Consent: Where required by law (e.g., for certain analytics or messaging), we rely on your consent.

5. Sharing with third parties

We share data only as necessary to provide our service. We do not sell personal data.

Third Party Vendor Purpose
OpenAI AI model provider for generating reply text.
Supabase Database and authentication services.
Upstash Rate-limiting queue and caching.
Stripe Payment processing (if/when used for paid services).

6. Security and retention

  • Security: Instagram tokens are encrypted at rest. Access to data is strictly restricted to necessary service operations.
  • Retention: We retain data for as long as you maintain an active account or as required by law.

7. Your rights

Subject to local laws, you have the right to:

  • Access, correction, deletion, and portability of your data.
  • Object to or restrict certain processing activities.

How to exercise your rights:

  • In-product: Go to Settings → Delete Account & Data.
  • Via email: Send a request to replybites@gmail.com.

8. Children

Our service is not directed to children under the minimum digital consent age in your jurisdiction.

9. International transfers

Data may be processed in regions where our vendors operate. We ensure appropriate safeguards are in place for any required international data transfers.

10. Contact information

For questions about this Privacy Policy or your data, please contact us at: replybites@gmail.com

11. Changes to this policy

If we make material changes to this policy, we will update the "Effective date" and provide reasonable notice of the changes.