Privacy policy

Replyful AB · Last updated: May 2026

Who we are

Replyful AB (org.nr 559554-2035) is a Swedish company providing AI-powered customer support tools. We are the data controller for data collected through our website and services.

Contact: [email protected]

What data we collect

When you sign up as a customer

DataPurposeStored with
Name, emailAccount & loginWorkOS (US)
Payment detailsBillingStripe

When your customers use Replyful (end-user data)

We process this data on your behalf as a data processor:

Chat conversations:

  • IP address and preferred language
  • Email address (only if conversation is transferred to a human agent)
  • Chat messages

Email support:

  • Name and email address
  • Email contents

How we use data

  • To provide the service – handling support conversations, routing, AI responses
  • To improve reliability – error tracking via Sentry (no personal data stored)
  • To send important updates – service announcements, security notices

We do NOT:

  • Sell your data
  • Share data with third parties for marketing

Where data is stored

All long-term storage of customer data is in the EU (database, backups, email delivery, AI processing, error reports). A small number of sub-processors are based in the US — WorkOS (login), Stripe (billing), and Cloudflare's global edge (which only handles in-transit HTTP traffic and does not store customer data) — and those transfers are covered by EU Standard Contractual Clauses.

The full sub-processor list, with locations and transfer mechanisms, is in our Data Processing Agreement, Section 6.

How long we keep data

  • Conversations: You control this. Configure your own retention period in settings – once the period expires, the personal data in those conversations is permanently and irreversibly removed.
  • Account data: Kept while your account is active. Deleted 30 days after you cancel; ages out of backups within a further 30 days.
  • Invoices: 7 years (Swedish accounting law).

Cookies

We don't use cookies on our website.

Our admin panel (app.replyful.com) uses a login cookie set by WorkOS – this is necessary to keep you logged in. No tracking or analytics cookies.

Your rights

Under GDPR, you have the right to:

  • Access – request a copy of your data
  • Correct – fix inaccurate data
  • Delete – request deletion of your data
  • Export – receive your data in a portable format
  • Object – to certain processing
  • Complain – to the Swedish Authority for Privacy Protection (IMY)

To exercise these rights, email [email protected].

For your customers (end-users)

We process end-user data on your behalf as a data processor. You remain the data controller and are responsible for:

  • Having a legal basis to collect their data
  • Informing them about data processing (your own privacy policy)
  • Responding to their data requests

We'll help you fulfill data requests – just email us.

Data Processing Agreement

Our Data Processing Agreement applies automatically when we process personal data on your behalf and supplements these terms.

Changes to this policy

We'll notify you by email if we make significant changes. Minor updates will be posted here with an updated date.

Questions?

Email us at [email protected] – we're happy to help.