Privacy Policy

Effective date: July 16, 2026

Replyo is a mobile app made by mcode ("we", "us") that helps business owners monitor and reply to their Google reviews. This policy explains, in plain English, what data we collect, why we collect it, and what we will never do with it. It applies to the Replyo mobile app and this website.

The short version: we collect only what the app needs to work, we never sell your data, and we never post anything to your Google profile without you tapping Approve. You can delete your account and data at any time.

1. Who we are

Replyo is developed and operated by mcode, based in Croatia (European Union). For anything related to this policy or your data, contact us at support@replyo.app.

2. What we collect and why

Google account authorization (OAuth token)

To connect your Google Business Profile, you sign in with Google using Google's official OAuth flow. We never see or store your Google password. What we receive and store is an authorization token that allows Replyo to access your Business Profile data — specifically your business listings and reviews — on your behalf. You can revoke this access at any time in the app or from your Google account's security settings, and the token becomes useless immediately.

Business and review data

Using that authorization, we fetch your business profile information (business name, address, locations) and your Google reviews (reviewer name, star rating, review text, dates, and any existing replies). We store this data so the app can show your review inbox, sort reviews by urgency, notify you of new ones, and generate reply drafts. This data is fetched and processed solely on your behalf and only for these purposes.

Account information

Your email address and name as provided by Google sign-in, so we can create and manage your Replyo account.

Device push token

A push notification token issued by Apple or Google for your device, so we can send you a notification when a new review arrives. This token identifies your device for notifications only — it does not give us access to anything else on your phone.

Subscription status

If you subscribe to Replyo Pro, Apple or Google processes the payment. We never see your card number or payment details. We receive only your subscription status (active, expired, cancelled) from the App Store or Google Play so we can unlock Pro features for you.

Basic analytics and diagnostics

We collect basic, aggregated usage analytics (for example, which screens are used and whether the app crashed) so we can fix bugs and improve the app. This data is not used for advertising and is not tied to the content of your reviews or replies.

3. What we do NOT do

4. AI-generated reply drafts

When Replyo drafts a reply, the review text and relevant business context (such as your business name and your preferred tone) are processed by an AI service to generate the draft. This processing happens only to serve you the draft. Drafts are suggestions: they are shown to you for review, and nothing is published until you approve it.

5. How your data is stored and secured

Your data is stored with reputable cloud infrastructure providers, encrypted in transit and at rest. Access tokens are stored securely and are used only to perform the actions you have requested. We limit internal access to personal data to what is strictly necessary to operate and support the service.

6. Data sharing

We share data only with the service providers necessary to run Replyo: cloud hosting and database infrastructure, push notification delivery (Apple and Google), the AI service used to generate drafts, and the app stores for subscription management. Each of these processes data only on our instructions and for the purposes described in this policy. We may also disclose data if required by law.

7. Data retention and deletion

We keep your data for as long as your account is active. If you delete your account (available in the app's settings, or by emailing us), we delete your personal data, stored review data, and OAuth tokens within 30 days, except for minimal records we are legally required to keep (for example, billing records). Disconnecting your Google account from Replyo also revokes our access immediately and stops all further data fetching.

8. Your rights (GDPR and CCPA)

If you are in the European Economic Area or the United Kingdom, you have rights under the GDPR, including the right to access, correct, export, delete, and restrict the processing of your personal data, and the right to lodge a complaint with your local data protection authority. Our legal bases for processing are the performance of our contract with you (providing the app) and our legitimate interest in keeping the service secure and improving it.

If you are a California resident, you have rights under the CCPA/CPRA, including the right to know what personal information we collect, the right to delete it, and the right to opt out of its sale — noting that we do not sell personal information.

To exercise any of these rights, email support@replyo.app. We respond to all requests within 30 days.

9. International data transfers

Replyo is operated from the European Union. Where data is processed outside the EEA (for example, by cloud or AI providers), we rely on appropriate safeguards such as Standard Contractual Clauses.

10. Children

Replyo is a tool for business owners and is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, contact us and we will delete it.

11. Changes to this policy

If we make material changes to this policy, we will notify you in the app or by email before the changes take effect, and we will update the effective date above.

12. Contact

Questions, concerns, or requests: support@replyo.app.