Privacy Policy
Last updated: May 10, 2026
This Privacy Policy explains how 1stReply Ltd ("1stReply", "we", "us", or "our") collects, uses, shares, stores, protects, and otherwise processes personal information when you access or use 1stReply websites, dashboards, bots, APIs, monitoring tools, notification channels, AI reply features, billing pages, and related services (collectively, the "Service").
1. Scope and controller
1stReply Ltd is the controller responsible for the personal information described in this Privacy Policy unless we state otherwise. This policy applies to visitors, account holders, workspace members, trial users, paid customers, and people who interact with our bots, integrations, or notification flows. If you use the Service on behalf of an organization, that organization may also be a controller for information it chooses to submit to the Service.
2. Contact
For privacy questions, rights requests, complaints, or data protection enquiries, contact us at [email protected]. Please include enough information for us to identify your account and understand your request. We may need to verify your identity or authority before acting on certain requests.
3. Information you provide
We collect information you provide directly, including name, email address, authentication profile data, account settings, preferred language, time zone, plan selection, billing details handled by our payment provider, monitor configuration, creator handles, keywords, connected channel settings, webhook URLs, Telegram or Discord identifiers, support messages, feedback, and any text, account handle, or profile sample you submit for AI reply style or personalization features.
4. Account, authentication, and security data
We process authentication identifiers, session information, login timestamps, device and browser details, IP addresses, approximate location derived from IP, security events, and audit logs to create accounts, keep sessions secure, detect suspicious activity, prevent unauthorized access, and maintain the integrity of the Service.
5. Information generated by your use of the Service
We collect operational and usage data such as pages viewed, features used, monitors created, plan limits, AI credit usage, notification delivery status, channel verification status, queue events, API request metadata, error logs, webhook delivery responses, and system telemetry needed to operate, debug, secure, and improve the Service.
6. Information from third-party platforms
When you configure creator monitoring, we may process publicly available or platform-provided creator profile data, post metadata, post text, media links, timestamps, follower counts, usernames, platform identifiers, repost indicators, and engagement-related metadata. We may also receive information from services you connect, such as Telegram, Discord, Feishu/Lark, DingTalk, authentication providers, payment providers, and AI infrastructure providers.
7. Cookies and similar technologies
We use cookies, local storage, and similar technologies to keep you signed in, remember preferences, protect sessions, measure performance, debug issues, and improve the Service. Some cookies are essential for authentication and security. Browser settings may allow you to block or delete cookies, but parts of the Service may not work correctly without them.
8. How we use information
We use information to create and secure accounts, provide dashboards, monitor creators, detect new posts, distinguish original posts from reposts where technically possible, deduplicate events, send notifications, generate AI reply suggestions, manage AI credits, verify channels, process payments, enforce plan limits, provide support, improve reliability, prevent abuse, comply with legal obligations, and develop new features.
9. Legal bases where required
Where applicable law requires a legal basis, we process personal information because it is necessary to perform a contract with you, because we have legitimate interests in operating, securing, improving, measuring, and preventing abuse of the Service, because you consented to specific processing, or because we must comply with legal obligations. You may withdraw consent where processing is based on consent, although this will not affect processing already carried out.
10. AI features and model providers
When you request AI reply suggestions, we may send relevant post text, creator handle, post link, context, language settings, reply style, and optional writing style samples to AI model providers for generation. AI outputs may be inaccurate, incomplete, offensive, outdated, or unsuitable for your purpose. You are responsible for reviewing, editing, and deciding whether to publish any output.
11. Custom reply style and personalization data
If you enable custom reply style learning or similar features, we may collect public posts, writing samples, account handles, tone preferences, style labels, and generated summaries to help customize reply suggestions. You can update or remove these settings in the product where available. Deleting a source does not necessarily remove replies or notifications already generated from it unless you separately request deletion where available.
12. Connected notification channels
If you connect Telegram, Discord, Feishu/Lark, DingTalk, or similar channels, we store configuration needed to deliver notifications, such as chat IDs, channel IDs, usernames, webhook URLs, verification status, delivery status, and encrypted secrets where applicable. Channel providers process messages according to their own terms and privacy policies, and messages may be visible to other people in channels or servers you choose.
13. Payments and billing
Paid plans and credit purchases may be processed by third-party payment providers. We do not store full payment card numbers. We may receive billing status, plan name, invoice metadata, payment confirmation, subscription status, cancellation status, tax information, and limited customer billing details needed to operate paid plans, provide receipts, prevent fraud, and comply with financial obligations.
14. Sharing of information
We may share information with service providers that help us operate the Service, including hosting, database, queue, authentication, payment, analytics, security, email, notification, customer support, AI, and infrastructure providers. We may also share information if required by law, to protect rights and safety, to investigate abuse, to enforce our terms, in connection with a merger, acquisition, financing, restructuring, or sale of assets, or with your direction or consent.
15. International transfers
The Service may be operated from, and information may be processed in, countries other than where you live. These countries may have different data protection laws. Where required, we use appropriate safeguards for international transfers, such as contractual protections, adequacy mechanisms, transfer assessments, or other legally recognized safeguards.
16. Data retention
We retain information for as long as needed to provide the Service, maintain security, comply with legal obligations, resolve disputes, enforce agreements, support billing records, and keep reasonable business records. Monitor data, notifications, AI suggestions, channel settings, audit logs, and security logs may have different retention periods. When information is no longer needed, we delete, de-identify, or aggregate it where practical.
17. Security
We use reasonable technical and organizational safeguards designed to protect information, including access controls, encryption of sensitive channel secrets where applicable, least-privilege operational practices, monitoring, backups, and incident response procedures. No system is perfectly secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials and connected channel permissions secure.
18. Your privacy rights
Depending on your location, you may have rights to access, correct, delete, export, restrict, object to, or withdraw consent for certain processing of personal information. You may also have the right to complain to a data protection authority. To exercise rights, contact [email protected]. We may decline or limit requests where permitted by law, for example where we must retain information for security, legal, or billing reasons.
19. EEA, UK, and similar jurisdiction disclosures
If you are located in the EEA, UK, or a similar jurisdiction, you may have additional rights under applicable data protection law. Our lawful bases include contract, legitimate interests, consent, and legal obligations. Our legitimate interests include providing and improving the Service, securing systems, preventing abuse, measuring performance, supporting customers, and operating a sustainable business.
20. California and similar privacy disclosures
We do not sell personal information in the conventional sense. We do not knowingly sell or share personal information of minors. If we add advertising or cross-context behavioral advertising technologies in the future, we will update this policy and provide any required choices. Users in jurisdictions with specific privacy rights may contact us to request access, deletion, correction, portability, or information about categories of data processed.
21. Marketing communications
We may send service-related messages, security notices, billing notices, product updates, and, where permitted, marketing communications. You can unsubscribe from non-essential marketing emails using the instructions in the message. You cannot opt out of transactional or security messages that are necessary to provide the Service.
22. Children
The Service is not intended for children under 13, or a higher age where required by local law. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact us and we will take appropriate steps.
23. Third-party links and platforms
The Service may link to third-party websites, social platforms, payment pages, bot platforms, or external content. We do not control and are not responsible for third-party privacy practices, content, availability, or security. Your use of third-party platforms is governed by their own terms and policies.
24. Changes to this policy
We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new effective date. If changes are material, we may provide additional notice through the Service, email, or other reasonable means. Continued use of the Service after an update means the updated policy applies.