Reply Copilot

Privacy Policy

Reply Copilot helps marketplace sellers draft replies to customer messages. To do that, we handle a few specific kinds of data. This page tells you what, why, and what your rights are. Plain English, no legalese.

Last updated: May 4, 2026

What we collect

Account information

  • Your email address and a hashed password (handled by our auth provider, Supabase).
  • Your name and optional avatar, when you provide them.
  • An API token used by the Chrome extension to talk to our backend.

Marketplace data (only when you click Draft)

When you click the Draft button inside a marketplace message thread, our Chrome extension reads:

  • The customer message you're replying to and prior turns in that conversation.
  • Listing/order context the marketplace page exposes — item title, price, shipping status, tracking number, etc.
  • Your seller account handle (so we know which of your stores the draft belongs to).

We never read marketplace data unless you explicitly click Draft on a thread. We do not run in the background. We do not collect data from non-marketplace pages.

Generated drafts

Drafts the AI produces, what got sent (if you marked it sent), and any edits between the two. We use this to show your activity log and to improve future drafts.

Knowledge base + voices you create

Documents and voice configurations you set up inside the dashboard are stored in our database and used as context when generating your drafts.

Extension diagnostics

If the extension can't find a selector on a marketplace page (which happens when marketplaces change their site), it sends us a sanitized DOM snapshot— tag names and structural attributes only, no customer text, no prices, no identifying information. This lets us push a fix quickly when something breaks.

What we don't collect

  • Your marketplace password. Authentication stays inside the marketplace itself.
  • Payment card numbers. Stripe handles billing and we never see them.
  • Anything from pages outside the marketplaces you authorize.
  • Your activity outside of explicit Draft clicks.

How we use it

  • To generate replies in your voice using a large language model.
  • To show you your activity history and tune future drafts based on edits.
  • To bill the right amount via Stripe.
  • To send essential transactional emails (password resets, alerts you opted into).
  • To diagnose extension breakage and ship fixes faster.

We do not sell your data. We do not run advertising. We do not use your customer messages to train shared models — the AI provider we use does not retain prompts for training under our agreement.

Who we share it with

We use the following third parties to run the service:

  • Supabase — database + authentication.
  • OpenAI — large language model for draft generation. Prompts are processed under their zero-data-retention API tier.
  • Vercel — application hosting and edge networking.
  • Stripe — payment processing.
  • Resend — transactional email delivery.

We share the minimum data each provider needs to do their job. Each one has their own privacy practices, linked from their websites.

How long we keep it

  • Account data: as long as you have an account.
  • Drafts and activity history: 12 months by default, extendable per workspace settings. Deleted on request.
  • Extension diagnostic snapshots: 30 days, then automatically purged.

Your rights

You can, at any time:

  • Access and export your data — email us and we'll send a copy within 30 days.
  • Delete your account, which removes your data from our database within 30 days (some backups roll off over 60 days).
  • Correct any inaccurate data via the dashboard.
  • Object to how we use your data — email us and we'll work it out.

Email hi@replycopilot.app for any of the above.

Cookies + storage

We use a session cookie to keep you signed in. The Chrome extension stores your API token and a few preferences in chrome.storage.local. We do not use third-party tracking cookies.

Children

Reply Copilot is not directed at people under 16 and we don't knowingly collect data from them. If you believe a child has signed up, email us and we'll delete the account.

International users

Our infrastructure is hosted in the United States. By using Reply Copilot, you consent to your data being processed there. If you're in the EU/UK, you have additional rights under GDPR — same email address handles those requests.

Changes

If we change this policy in a meaningful way, we'll email account holders at least 14 days before the change takes effect. The "last updated" date at the top of this page reflects the current version.

Contact

Email hi@replycopilot.app for anything privacy-related — data requests, complaints, questions, all of it.