Privacy Policy
Effective Date: June 24, 2026
ReplyMart ("we", "our", or "us") respects your privacy and is committed to protecting your information.
1. Information We Collect
Account Information
- Your name (optional)
- Email address
- Password (stored only as a bcrypt hash, never in plain text)
- The subscription plan you select
Security & Anti-Abuse Information
- Login activity and failed login attempts (used to lock accounts on suspected brute-force attacks)
- IP address at the moment of a request (used for rate limiting and abuse detection - we do not retain a long-term log per user)
- One-time verification codes sent to your email during sign-up and password reset (deleted after use or expiry)
Payment Information
We do not store full credit/debit card or bank account details. All subscription payments are processed by Razorpay, which collects and holds the payment instrument under its own policies. We retain only the resulting order ID, plan, amount, and status for invoicing.
Uploaded Content
You may upload:
- PDF, DOCX, and TXT documents
- Website URLs (and, optionally, login credentials for protected pages)
- Knowledge base FAQs
- Other business information used to train your assistant
This information is processed solely to provide assistant functionality.
Conversation Data
When end customers chat with your assistant via the web widget or WhatsApp, we store the conversation messages, channel, confidence scores, and any rating left on a reply. This data is shown to you, the business owner, in the dashboard.
2. AI Processing
Uploaded content and end-customer messages may be processed by AI models to generate assistant responses. ReplyMart uses Groq Llama-3.1-8b for chat generation and a semantic embedding model for search over your knowledge base. Content is transmitted securely to these AI services solely for the purpose of generating answers, in accordance with the provider's API terms. We do not claim ownership of your uploaded content and do not use it to train any third-party model.
3. Cookies & Local Storage
We use cookies and browser local storage to:
- Maintain login sessions (NextAuth secure session cookie)
- Improve performance
- Analyze usage
- Remember preferences such as sidebar state
- Enhance security
The end-customer chat widget stores a session ID in browser local storage so the customer can continue a conversation across page loads. You may disable cookies through your browser settings, although some features may not function properly.
4. How We Use Information
We use collected information to:
- Operate the platform
- Improve our services
- Process subscriptions
- Respond to support requests
- Send email notifications you have opted into (new conversations, low-confidence alerts, daily digest)
- Prevent fraud
- Maintain security
- Comply with legal obligations
5. Information Sharing
We do not sell your personal information. Information may be shared only with:
- Payment processors (Razorpay) for subscription billing
- Cloud hosting providers that run our infrastructure
- AI service providers (Groq Llama-3.1-8b for response generation and embeddings)
- Messaging providers (Meta WhatsApp Business Cloud API) when you enable the WhatsApp channel
- Email delivery infrastructure for transactional notifications, OTP codes, and invoices
- Legal authorities when compelled by valid legal process
Each provider is required to protect your information appropriately.
6. Data Security
We implement reasonable administrative, technical, and organizational measures to safeguard your information, including:
- Passwords hashed with bcrypt (12 salt rounds)
- Website login credentials encrypted with AES-256-GCM before storage
- All traffic served over HTTPS
- Rate limiting on authentication and chat endpoints
- Brute-force protection with progressive account lockouts
- Separate session namespaces for users and platform administrators
However, no internet-based service can guarantee absolute security.
7. Data Retention
We retain your information only as long as necessary to:
- Provide services
- Meet legal obligations
- Resolve disputes
- Enforce agreements
You may delete any assistant, knowledge item, conversation, or your entire account at any time from the dashboard. Deletion is immediate and cascades to all associated data, except where retention is required by law.
8. Your Rights
Subject to applicable laws, you may request to:
- Access your information
- Correct inaccurate information
- Delete your data
- Export your data
- Withdraw consent where applicable
Requests may be submitted through our support email.
9. Children's Privacy
ReplyMart is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.
10. International Users
If you access ReplyMart outside India, you acknowledge that your information may be processed in jurisdictions where our infrastructure or service providers operate.
11. Third-Party Links
Our platform may contain links to third-party websites. We are not responsible for their privacy practices or content.
12. Changes To This Policy
We may update this Privacy Policy periodically. Updated versions become effective upon publication on our website.
13. Contact Us
For any privacy-related inquiries:
Email: support@replymart.com
Website: https://replymart.com
