Privacy Policy
Last updated: May 10, 2026
This Privacy Policy explains how 1stReply Ltd ("1stReply", "we", "us", or "our") collects, uses, shares, stores, protects, and otherwise processes personal information when you access or use 1stReply websites, dashboards, bots, APIs, monitoring tools, notification channels, AI reply features, billing pages, and related services (collectively, the "Service").
1. Scope and controller
1stReply Ltd is the controller responsible for the personal information described in this Privacy Policy unless we state otherwise. This policy applies to visitors, account holders, workspace members, trial users, paid customers, and people who interact with our bots, integrations, or notification flows. If you use the Service on behalf of an organization, that organization may also be a controller for information it chooses to submit to the Service.
2. Contact
For privacy questions, rights requests, complaints, or data protection enquiries, contact us at [email protected]. Please include enough information for us to identify your account and understand your request. We may need to verify your identity or authority before acting on certain requests.
3. Information you provide
We collect the following categories of information: Account information: name, email address, authentication identifiers (via Clerk), time zone, language preferences, and profile settings. Monitoring configuration: creator usernames, platforms, keywords, and monitoring frequency settings you configure. Notification channel configuration: Telegram chat IDs, Discord channel IDs, Slack webhook URLs, Feishu webhook URLs, and similar identifiers. Sensitive channel secrets are encrypted at rest where applicable. AI usage: number of AI replies generated, credits consumed, and brand document or writing sample content you submit for reply personalization. Payment information: processed entirely through Stripe. We do not store full card numbers. We retain subscription status, plan name, billing history, and invoice metadata. Usage logs: feature clicks, page visits, API request metadata, and error logs used to operate and improve the Service. We do not collect: third-party platform login passwords or private keys; private messages, private posts, or non-public content; or biometric identifiers.
4. Account, authentication, and security data
We process authentication identifiers, session information, login timestamps, device and browser details, IP addresses, approximate location derived from IP, security events, and audit logs to create accounts, keep sessions secure, detect suspicious activity, prevent unauthorized access, and maintain the integrity of the Service.
5. Information generated by your use of the Service
We collect operational and usage data such as pages viewed, features used, monitors created, plan limits, AI credit usage, notification delivery status, channel verification status, queue events, API request metadata, error logs, webhook delivery responses, and system telemetry needed to operate, debug, secure, and improve the Service.
6. Information from third-party platforms
When you configure creator monitoring, we may process publicly available or platform-provided creator profile data, post metadata, post text, media links, timestamps, follower counts, usernames, platform identifiers, repost indicators, and engagement-related metadata. We may also receive information from services you connect, such as Telegram, Discord, Feishu/Lark, Slack, authentication providers, payment providers, and AI infrastructure providers.
7. Cookies and similar technologies
We use the following categories of cookies and similar technologies: Essential cookies (cannot be disabled): authentication tokens, session management, and CSRF protection. These are required for the Service to function. Functional cookies: language preferences, interface settings, and last-visited dashboard pages. These improve your experience but do not track you across other websites. Analytics cookies: anonymized usage statistics used to understand which features are used and how to improve the Service. If we use a third-party analytics tool, it is configured to minimize personal data collection. Advertising cookies: we do not use advertising cookies, cross-site tracking cookies, or any technology that tracks you across third-party websites for advertising purposes. Browser settings may allow you to block or delete cookies, but essential cookies are required for authentication and security — blocking them may prevent you from using the Service.
8. How we use information
We use information to create and secure accounts, provide dashboards, monitor creators, detect new posts, distinguish original posts from reposts where technically possible, deduplicate events, send notifications, generate AI reply suggestions, manage AI credits, verify channels, process payments, enforce plan limits, provide support, improve reliability, prevent abuse, comply with legal obligations, and develop new features.
9. Legal bases where required
Where applicable law requires a legal basis, we process personal information because it is necessary to perform a contract with you, because we have legitimate interests in operating, securing, improving, measuring, and preventing abuse of the Service, because you consented to specific processing, or because we must comply with legal obligations. You may withdraw consent where processing is based on consent, although this will not affect processing already carried out.
10. AI features and model providers
When you request AI reply suggestions, we send relevant data — including post content, creator handle, post URL, language settings, reply style preferences, and optional brand context or writing samples you have provided — to third-party AI model providers. These providers may include OpenAI, Anthropic, Kimi, and others. Each provider operates under its own terms of service and privacy policy. We select AI providers that have committed to not using customer API inputs to train their models, except as permitted by their enterprise or API-specific policies. You should review the current policies of each provider for the most up-to-date information. AI outputs may be inaccurate, incomplete, offensive, outdated, or unsuitable for your purpose. You are responsible for reviewing, editing, and deciding whether to publish any output.
11. Custom reply style and personalization data
If you enable custom reply style learning or similar features, we may collect public posts, writing samples, account handles, tone preferences, style labels, and generated summaries to help customize reply suggestions. You can update or remove these settings in the product where available. Deleting a source does not necessarily remove replies or notifications already generated from it unless you separately request deletion where available.
12. Connected notification channels
If you connect Telegram, Discord, Feishu/Lark, Slack, or similar channels, we store configuration needed to deliver notifications, such as chat IDs, channel IDs, usernames, webhook URLs, verification status, delivery status, and encrypted secrets where applicable. Channel providers process messages according to their own terms and privacy policies, and messages may be visible to other people in channels or servers you choose.
13. Payments and billing
All payments are processed by Stripe. We do not store full payment card numbers, CVV codes, or raw banking details. We receive and retain: subscription status and plan details, invoice metadata and billing history, payment confirmation references, and limited customer billing identifiers needed to manage your subscription, issue receipts, prevent fraud, and comply with financial and tax obligations. Stripe's privacy policy governs how Stripe processes your payment data. Stripe is PCI DSS compliant. You may view Stripe's privacy policy at stripe.com/privacy.
14. Sharing of information
We may share information with service providers that help us operate the Service, including hosting, database, queue, authentication, payment, analytics, security, email, notification, customer support, AI, and infrastructure providers. We may also share information if required by law, to protect rights and safety, to investigate abuse, to enforce our terms, in connection with a merger, acquisition, financing, restructuring, or sale of assets, or with your direction or consent.
15. International transfers
The Service may be operated from, and information may be processed in, countries other than where you live. These countries may have different data protection laws. Where required, we use appropriate safeguards for international transfers, such as contractual protections, adequacy mechanisms, transfer assessments, or other legally recognized safeguards.
16. Data retention
We retain data for different periods depending on type and purpose: Active account data (monitor configuration, notification history, AI usage records): retained for the duration of your account. Deleted or closed account data: personal identifiers are deleted within 90 days of account closure. Anonymized or aggregated statistical data may be retained for longer. Payment records and billing history: retained for up to 7 years as required by applicable financial and tax law. AI generation logs (post content sent to AI providers, generated replies): retained for 90 days for debugging and quality purposes, then deleted. Security and audit logs: retained for 12 months. Where information is no longer required, we delete, de-identify, or aggregate it.
17. Security
We use reasonable technical and organizational safeguards designed to protect information, including access controls, encryption of sensitive channel secrets where applicable, least-privilege operational practices, monitoring, backups, and incident response procedures. No system is perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials and connected channel permissions secure.
18. Your privacy rights
Depending on your location, you may have the following rights regarding your personal data: Right of access: request a copy of the personal data we hold about you, in JSON format where applicable. Right to deletion: request deletion of your account and associated personal data. We will retain records required by law (e.g., billing history). Right to correction: update inaccurate information directly through your account settings, or contact us. Right to data portability: request an export of your monitor configuration, AI reply history, and related settings. Right to object: object to certain types of processing (e.g., analytics). This may affect some Service functionality. Right to complain: if you believe we have not handled your data correctly, you may lodge a complaint with the relevant data protection authority in your jurisdiction. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing certain requests, and we may decline or limit requests where permitted by applicable law.
19. EEA, UK, and similar jurisdiction disclosures
If you are located in the EEA, UK, or a similar jurisdiction, you may have additional rights under applicable data protection law. Our lawful bases include contract, legitimate interests, consent, and legal obligations. Our legitimate interests include providing and improving the Service, securing systems, preventing abuse, measuring performance, supporting customers, and operating a sustainable business.
20. California and similar privacy disclosures
We do not sell personal information. We do not use advertising networks, cross-site tracking technologies, or behavioral advertising cookies. We do not knowingly sell or share personal information of minors. California residents (CCPA/CPRA) and residents of other US states with applicable privacy laws may have rights to know, access, delete, correct, and opt out of certain processing of personal information. We do not engage in the sale or sharing of personal information for cross-context behavioral advertising, so opt-out rights related to those activities do not apply. To exercise your rights, contact us at [email protected]. We will respond within the timeframe required by applicable law (typically 45 days, with an extension if needed).
21. Marketing communications
We may send service-related messages, security notices, billing notices, product updates, and, where permitted, marketing communications. You can unsubscribe from non-essential marketing emails using the instructions in the message. You cannot opt out of transactional or security messages that are necessary to provide the Service.
22. Children
The Service is not intended for children under 13, or a higher age where required by local law. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us and we will take appropriate steps.
23. Third-party links and platforms
The Service may link to third-party websites, social platforms, payment pages, bot platforms, or external content. We do not control and are not responsible for third-party privacy practices, content, availability, or security. Your use of third-party platforms is governed by their own terms and policies.
24. Changes to this policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new effective date. If changes are material, we may provide additional notice through the Service, email, or other reasonable means. Continued use of the Service after an update means the updated policy applies.