Privacy policy
Replyful AB · Last updated: January 2026
Who we are
Replyful AB (org.nr 559554-2035) is a Swedish company providing AI-powered customer support tools. We are the data controller for data collected through our website and services.
Contact: [email protected]
What data we collect
When you sign up as a customer
| Data | Purpose | Stored with |
|---|---|---|
| Name, email | Account & login | WorkOS (US) |
| Payment details | Billing | Stripe |
When your customers use Replyful (end-user data)
We process this data on your behalf as a data processor:
Chat conversations:
- IP address and preferred language
- Email address (only if conversation is transferred to a human agent)
- Chat messages
Email support:
- Name and email address
- Email contents
How we use data
- To provide the service – handling support conversations, routing, AI responses
- To improve reliability – error tracking via Sentry (no personal data stored)
- To send important updates – service announcements, security notices
We do NOT:
- Sell your data
- Share data with third parties for marketing
Where data is stored
All infrastructure is located in the EU:
| Service | Location | Purpose |
|---|---|---|
| Railway | Amsterdam, EU | Database & servers |
| AWS SES | Frankfurt, EU | Sending emails |
| Google Cloud | Frankfurt & Finland, EU | AI processing |
Exceptions:
- WorkOS (US) – handles login authentication
- Stripe (US) – handles payments
Both have Data Processing Agreements and appropriate safeguards for EU data transfers.
How long we keep data
- Conversations: You control this. Configure your own retention period in settings – conversations are automatically deleted after your chosen number of days.
- Account data: Kept while your account is active. Deleted 30 days after you cancel.
- Invoices: 7 years (Swedish accounting law).
Cookies
We don't use cookies on our website.
Our admin panel (app.replyful.com) uses a login cookie set by WorkOS – this is necessary to keep you logged in. No tracking or analytics cookies.
Your rights
Under GDPR, you have the right to:
- Access – request a copy of your data
- Correct – fix inaccurate data
- Delete – request deletion of your data
- Export – receive your data in a portable format
- Object – to certain processing
- Complain – to the Swedish Authority for Privacy Protection (IMY)
To exercise these rights, email [email protected].
For your customers (end-users)
We process end-user data on your behalf as a data processor. You remain the data controller and are responsible for:
- Having a legal basis to collect their data
- Informing them about data processing (your own privacy policy)
- Responding to their data requests
We'll help you fulfill data requests – just email us.
Data Processing Agreement
Our Data Processing Agreement applies automatically when we process personal data on your behalf and supplements these terms.
Changes to this policy
We'll notify you by email if we make significant changes. Minor updates will be posted here with an updated date.
Questions?
Email us at [email protected] – we're happy to help.