Privacy policy
Replyful AB · Last updated: January 2026
Who we are
Replyful AB (org.nr 559554-2035) is a Swedish company providing AI-powered customer support tools. We are the data controller for data collected through our website and services.
Contact: [email protected]
What data we collect
When you sign up as a customer
| Data | Purpose | Stored with |
|---|---|---|
| Name, email | Account & login | WorkOS (US) |
| Payment details | Billing | Stripe |
When your customers use Replyful (end-user data)
We process this data on your behalf as a data processor:
Chat conversations:
- IP address and preferred language
- Email address (only if conversation is transferred to a human agent)
- Chat messages
Email support:
- Name and email address
- Email contents
How we use data
- To provide the service – handling support conversations, routing, AI responses
- To improve reliability – error tracking via Sentry (no personal data stored)
- To send important updates – service announcements, security notices
AI training
- Conversations: We do NOT use customer conversations to train our AI models.
- Voluntary feedback: If you submit feedback on AI responses (e.g. "what would have been a better answer"), we may use that feedback to improve our AI. This is optional and only includes data you explicitly submit.
We do NOT:
- Sell your data
- Share data with third parties for marketing
Where data is stored
All infrastructure is located in the EU:
| Service | Location | Purpose |
|---|---|---|
| Railway | Amsterdam, EU | Database & servers |
| AWS SES | Frankfurt, EU | Sending emails |
| Google Cloud | Frankfurt & Finland, EU | AI processing |
Exceptions:
- WorkOS (US) – handles login authentication
- Stripe (US) – handles payments
Both have Data Processing Agreements and appropriate safeguards for EU data transfers.
How long we keep data
- Conversations: You control this. Configure your own retention period in settings – conversations are automatically deleted after your chosen number of days.
- Account data: Kept while your account is active. Deleted 30 days after you cancel.
- Invoices: 7 years (Swedish accounting law).
Cookies
We don't use cookies on our website.
Our admin panel (app.replyful.com) uses a login cookie set by WorkOS – this is necessary to keep you logged in. No tracking or analytics cookies.
Your rights
Under GDPR, you have the right to:
- Access – request a copy of your data
- Correct – fix inaccurate data
- Delete – request deletion of your data
- Export – receive your data in a portable format
- Object – to certain processing
- Complain – to the Swedish Authority for Privacy Protection (IMY)
To exercise these rights, email [email protected].
For your customers (end-users)
We process end-user data on your behalf as a data processor. You remain the data controller and are responsible for:
- Having a legal basis to collect their data
- Informing them about data processing (your own privacy policy)
- Responding to their data requests
We'll help you fulfill data requests – just email us.
Data Processing Agreement
If you need a formal DPA for compliance purposes, contact us at [email protected].
Changes to this policy
We'll notify you by email if we make significant changes. Minor updates will be posted here with an updated date.
Questions?
Email us at [email protected] – we're happy to help.