AI Reply Pro

Privacy Policy

Last updated: June 8, 2026

1. Who We Are

AI Reply Pro ("we", "us", "the Service") is an AI-powered customer messaging automation platform operated at aireplypro.online. We help businesses ("Customers") connect their Facebook Messenger, Instagram Direct, WhatsApp Business, and Telegram accounts to automate replies to their own end-users ("End Users"). This policy explains how we collect, use, store, share, and protect data — including data received from Meta Platforms (Facebook, Instagram, WhatsApp) and Telegram.

2. Data We Collect

From Customers (account holders): email, display name, business name, password hash (via Supabase Auth), Google OAuth profile (if used), subscription/payment status, ZiniPay transaction IDs.

From connected platforms: page/account ID, page/account name, long-lived access tokens, webhook subscriptions, phone number IDs (WhatsApp), bot tokens (Telegram). Tokens are stored encrypted at rest.

From End Users (your customers): messages (text, images, voice, attachments) sent to your connected page, sender platform ID (PSID/IGSID/wa_id/chat_id), display name and profile picture as provided by the platform, message timestamps, conversation history.

Business knowledge: products, prices, FAQs, training documents, photos, voice samples that the Customer uploads to train the AI on their business.

3. How We Use Data

  • Generate AI replies to End User messages on the Customer's behalf.
  • Detect leads, extract order details, and create order records for the Customer.
  • Train Customer-specific AI context (knowledge base, tone, FAQs) — never shared across Customers.
  • Send/receive messages via Meta Graph API and Telegram Bot API.
  • Operate billing, subscription gating, and paid plan access.
  • Detect abuse, fraud, and dispute payments.

4. Meta Platform Data (Facebook, Instagram, WhatsApp)

When a Customer connects a Facebook Page, Instagram Business account, or WhatsApp Business number, we receive data via the Meta Graph API and Webhooks under the Customer's authorization. We use this data solely to deliver the messaging automation service the Customer signed up for, in line with the Meta Platform Terms and Developer Policies.

We do not: sell or rent Meta platform data; use it for advertising, profiling outside the Customer's workspace, or training cross-customer models; transfer it to data brokers; or use it for any purpose not disclosed here.

Tokens are scoped to the minimum permissions required (pages_messaging, instagram_manage_messages, whatsapp_business_messaging, etc.) and revoked immediately when a Customer disconnects a channel or deletes their account.

5. Data Sharing & Sub-processors

We share data only with sub-processors required to run the Service:

  • Supabase (database, auth, storage) — hosts all account and message data.
  • Google Gemini / Lovable AI Gateway — processes message content to generate replies. AI providers do not retain content for training under our terms.
  • Cloudflare — edge hosting and DDoS protection.
  • ZiniPay — payment processing for Bangladesh-issued cards/wallets.
  • Meta Platforms & Telegram — message delivery to the respective platform.

We never sell personal data. We disclose data to law enforcement only when legally compelled.

6. Data Retention & Deletion

Customer account data is retained while the account is active. Conversation and message data is retained for up to 90 days for service operation and analytics, then auto-purged unless the Customer explicitly archives it.

Customer-initiated deletion: Customers can disconnect any channel from the dashboard at any time, which revokes tokens and stops further data collection. Customers can request full account deletion by contacting support@aireplypro.online — all account data, training data, and connected platform data is purged within 30 days.

End User data deletion: Meta and Telegram End Users may request deletion of their messaging data by contacting the Customer (business) operating the workspace, or by emailing support@aireplypro.online with the platform ID. We will purge matching records within 30 days and confirm completion.

7. Data Deletion Callback URL

For Meta App Review compliance, our data deletion request endpoint is: https://aireplypro.online/api/public/meta/data-deletion. Meta will receive a confirmation code and status URL for each deletion request.

8. Security

All data is transmitted over TLS 1.2+. Tokens and secrets are encrypted at rest. Database access is restricted by Row-Level Security policies scoped to the authenticated user. Admin operations are audited. We perform routine security scans and do not store payment card details on our servers (handled entirely by ZiniPay).

9. Your Rights

You may access, correct, export, or delete your data at any time. Customers based in the EU/UK have GDPR rights (access, rectification, erasure, portability, restriction, objection); residents of California have CCPA rights. To exercise any right, email support@aireplypro.online.

10. Children

The Service is not directed to children under 13 (or 16 in the EU). We do not knowingly collect data from children.

11. International Transfers

Data may be processed in the United States, the European Union, and Bangladesh. Transfers rely on Standard Contractual Clauses where required.

12. Changes to This Policy

We may update this policy. Material changes will be announced in-app and via email at least 14 days before taking effect. The "Last updated" date above always reflects the current version.

13. Contact

Privacy questions, deletion requests, or App Review inquiries: support@aireplypro.online.