Privacy Policy

1.1 Information You Provide

• Account information: Name, email address, and password when you register.
• Organization name: The workspace name you set during onboarding.
• Payment information: Billing details processed by Stripe. We do not store your full card number — only the last 4 digits and expiry as provided by Stripe.

1.2 Information From Connected Platforms

When you connect a social media account (Facebook, Instagram, TikTok), we receive and store:

• OAuth access tokens necessary to interact with the platform API.
• Your platform account ID and display name.
• Comments posted on your connected pages, posts, or ads — including comment content, author name, author ID, and timestamp.

We do not access your personal messages, follower lists, or any data beyond what is required to provide the moderation service.

1.3 Usage Data

• Log data including IP addresses, browser type, and pages visited.
• Feature usage patterns to improve the Service.

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process comments through our AI sentiment classification system to enable automated moderation.
• Send transactional emails (account confirmation, billing receipts, plan limit alerts).
• Enforce our Terms of Service and detect fraudulent activity.
• Improve and develop new features of the Service.
• Comply with legal obligations.

We do not sell your personal data or the comment data processed through the Service.

Comments collected from your connected platforms are sent to our AI provider (Z.ai / ChatGLM) for sentiment classification. This processing is performed solely to provide the moderation functionality. We do not use your comment data to train AI models.

Comment data is stored in our database for the duration of your subscription plus a retention period of 90 days after account termination, after which it is permanently deleted.

We do not sell, rent, or trade your personal data. We share data only with the following categories of third parties:

4.1 Service Providers

• Supabase — Database hosting (PostgreSQL). Data stored in AWS ap-southeast-1 (Singapore).
• Railway — Application hosting and deployment.
• Stripe — Payment processing. Subject to Stripe's Privacy Policy.
• Z.ai / ChatGLM — AI sentiment classification of comment content.
• Redis (Upstash / Railway) — Job queue processing for real-time comment moderation.

4.2 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to protect our rights or the safety of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

• Account data: Retained while your account is active. Deleted within 30 days of account termination upon request.
• Comment data: Retained for the duration of your subscription plus 90 days. You may request earlier deletion.
• Billing records: Retained for 7 years as required by financial regulations.
• Access tokens: Deleted immediately upon disconnecting a platform account.

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the data we hold about you.
• Correction: Request correction of inaccurate data.
• Deletion:Request deletion of your personal data (“right to be forgotten”).
• Portability: Request your data in a machine-readable format.
• Objection: Object to certain processing activities.
• Withdraw consent: Disconnect a platform at any time from your account settings.

To exercise these rights, contact us at support@repliguard.online. We will respond within 30 days.

We use session cookies required for authentication (via NextAuth.js). We do not use third-party tracking cookies or advertising pixels. You may disable cookies in your browser, but this will prevent you from logging in.

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords (bcrypt), and access-controlled databases. However, no system is 100% secure. Please notify us immediately at support@repliguard.online if you suspect a security breach.

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

Your data may be processed in countries outside of Indonesia, including where our service providers operate. We ensure appropriate safeguards are in place for any such transfers.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via a notice in the Service at least 14 days before the changes take effect. The “Last updated” date at the top of this page reflects the most recent revision.

For any privacy-related questions or requests, contact us at: