Privacy Policy

1. Introduction

ReplyBoss ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Data Controller: ReplyBoss
Contact: support@replyboss.ai
Jurisdiction: Switzerland

This Privacy Policy complies with the Swiss Federal Act on Data Protection (FADP), the EU General Data Protection Regulation (GDPR), and other applicable data protection laws.

2. Information We Collect

2.1 Information You Provide Directly

• Account Information: Name, email address, password (encrypted)
• Profile Information: Display name, profile picture, bio, preferences
• Billing Information: Payment method, billing address (processed by Stripe - we do not store credit card details)
• Communication: Messages you send to support, feedback, survey responses

2.2 Social Media Account Data

When you connect your Twitter/X account via OAuth, we collect:

• Twitter/X username and user ID
• Profile information (name, bio, profile picture URL)
• OAuth access tokens (encrypted and securely stored)
• Tweet data from accounts you choose to monitor
• Follower lists and engagement metrics (when you initiate analysis)

Important: We only access data you explicitly authorize. We do not access your direct messages, private information, or perform actions without your consent.

2.3 Usage Data

• Features used and frequency of use
• Search queries and filter settings
• Generated AI content and prompts
• Saved handles, lists, and communities
• Engagement history (posts, interactions)
• Performance metrics and analytics

2.4 Technical Data

• IP address
• Browser type and version
• Device information (type, operating system)
• Log data (access times, pages viewed, errors)
• Cookies and similar tracking technologies (see Cookie Policy)

3. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

4. How We Use Your Information

We use collected information for the following purposes:

4.1 Service Delivery

• Provide access to ReplyBoss features
• Connect and manage your Twitter/X accounts
• Monitor tweets and generate AI-powered content
• Store your preferences, settings, and saved data
• Process team collaboration features

4.2 Billing and Payments

• Process subscription payments via Stripe
• Manage billing cycles, invoices, and refunds
• Detect and prevent payment fraud

4.3 Communication

• Send transactional emails (password resets, billing notifications)
• Respond to support inquiries
• Send product updates and important service announcements
• Marketing emails (only with your consent - opt-out anytime)

4.4 Analytics and Improvement

• Analyze usage patterns to improve features
• Monitor performance and fix bugs
• Develop new features based on user behavior
• Generate aggregated, anonymized statistics

4.5 Security and Fraud Prevention

• Detect and prevent unauthorized access
• Investigate security incidents and abuse
• Enforce Terms of Service
• Comply with legal obligations

5. Data Sharing and Disclosure

We do not sell your personal data. We only share data in the following limited circumstances:

5.1 Third-Party Service Providers

5.2 Legal Obligations

We may disclose your information if required by law, court order, or government request, or to:

• Comply with legal processes
• Protect our rights, property, or safety
• Prevent fraud or security threats
• Enforce our Terms of Service

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

5.4 Aggregated Data

We may share aggregated, anonymized data that cannot identify you (e.g., "80% of users use feature X") for analytics, research, or marketing purposes.

6. International Data Transfers

ReplyBoss is based in Switzerland. Some of our service providers are located in the United States and other countries. When we transfer your data outside Switzerland/EEA, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs): EU-approved data transfer agreements
• Privacy Shield/Data Privacy Framework: For US-based providers certified under applicable frameworks
• Adequacy Decisions: Transfers to countries recognized by the EU/Switzerland as providing adequate data protection

By using the Service, you consent to the transfer of your data to these countries. You can request information about specific safeguards by contacting support@replyboss.ai.

7. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:

8. Your Privacy Rights

Under GDPR and Swiss data protection law, you have the following rights:

How to Exercise Your Rights:

• Most rights can be exercised directly in your account settings
• For other requests, email support@replyboss.ai with subject "Privacy Request"
• We will respond within 30 days (as required by GDPR)
• Verification may be required to protect your data

9. Data Security

We implement industry-standard security measures to protect your data:

Technical Measures

• Encryption in Transit: All data transmitted via HTTPS/TLS 1.3
• Encryption at Rest: Database encryption using AES-256
• Password Protection: Passwords hashed using bcrypt with salt
• OAuth Tokens: Encrypted and stored securely, never logged
• API Security: Rate limiting, authentication, and authorization controls

Organizational Measures

• Access controls and least-privilege principles
• Regular security audits and vulnerability assessments
• Employee training on data protection
• Incident response plan for data breaches

Data Breach Notification: In the event of a data breach affecting your personal data, we will notify you and relevant authorities within 72 hours as required by GDPR.

10. Children's Privacy

ReplyBoss is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child under 18, contact us immediately at support@replyboss.ai and we will delete it promptly.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to provide and improve the Service. For detailed information about our use of cookies, including types of cookies, purposes, and how to manage them, please see our Cookie Policy.

Quick Summary:

• Essential Cookies: Required for authentication and security (no consent needed)
• Functional Cookies: Remember your preferences (implied consent by using service)
• Analytics Cookies: Help us improve the service (you can opt-out)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service features. Material changes will be notified via:

• Email notification to registered users
• Prominent notice on our website and within the Service
• In-app notification

Changes take effect 30 days after notification (or immediately if required by law). Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

Previous versions of this Privacy Policy are available upon request by emailing support@replyboss.ai.

13. Contact Us and Data Protection Officer

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

We will respond to all requests within 30 days as required by GDPR.

14. Supervisory Authority

If you believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with a supervisory authority: