Privacy Policy

Last updated: May 2026

1. Data Controller

BROVKO GmbH
Wieselpfad 21
30657 Hannover
Germany
Email: email@replyly.online
Phone: +49 (0) 511 3533 3682
Website: brovko.de

2. What We Collect

2.1 Website Visits

When you visit our website, the following data is automatically collected:

• IP address of the requesting device
• Date and time of access
• Name and URL of the requested file
• Referring website
• Browser and operating system used

This data is used solely to ensure smooth operation of the website and improve our service. It is not linked to specific individuals.

2.2 Account Data (App)

When you sign in with Apple, the following data is processed:

• Apple User ID (unique identifier)
• Email address (optional, only if provided by Apple)
• Name (optional, only at first login)

2.3 Usage Data (App)

While using the Replyly app, the following data is processed:

• Messages you enter — transmitted to the AI service solely to generate reply suggestions, not stored permanently
• Selected tone (friendly, direct, witty, flirty)
• Subscription status and trial period

2.4 Technical Data

• Device type and operating system version
• App version
• Crash data (via Sentry, if enabled)

3. Purpose of Processing

We process personal data for the following purposes:

• Providing the app and its core function (reply generation)
• Authentication and account management via Apple Sign-In
• Processing payments and subscriptions through Apple In-App Purchases
• Error detection and stability improvements

4. AI Processing

To generate reply suggestions, your input messages are transmitted to the Anthropic API (Claude). Only the entered text and selected tone are transmitted — no user data, no email addresses, no Apple IDs. Transmission is encrypted (TLS). Anthropic does not store data from API requests for training purposes.

4a. Screenshot Upload (from Build 12)

When you upload a screenshot of a conversation, the image is transmitted encrypted (TLS) to the Anthropic Claude Vision API. Replyly does not store the image at any time — neither on the server nor in the database. After generating the three reply suggestions, the image is discarded from memory. Anthropic processes the image exclusively for reply generation and does not use it for training purposes.

5. Product Analytics and Session Replay (PostHog)

We use PostHog to improve the app. PostHog captures anonymous usage data (e.g. which features are used, where users drop off). PostHog also records anonymized Session Replays — playback of app interactions that help us identify UX issues.

What we collect: tap interactions, screen transitions, app lifecycle events (e.g. "app opened", "reply generated", "subscription started").

What we do NOT collect: the content of your input messages, generated replies, your email, your name, or any other identifying personal data. All input fields are automatically masked.

Data is stored on EU servers within the European Union (PostHog EU, hosted on AWS Frankfurt). You can disable analytics at any time in the app settings under "Anonymous usage analytics".

6. Third-Party Services

We share personal data with third parties only when necessary to fulfill our contractual obligations:

• Anthropic, PBC (San Francisco, USA) — Processing entered messages for reply generation via the Claude API
• RevenueCat, Inc. (USA) — Subscription and In-App Purchase management
• Apple Inc. (USA) — Apple Sign-In authentication and In-App Purchases
• Hetzner Online GmbH (Germany) — Hosting our servers in German data centers
• PostHog Inc. (USA, EU hosting) — Anonymous product analytics and session replay (EU servers, opt-out available)
• Functional Software, Inc. (Sentry) (USA) — Error detection and crash data (if enabled)

For US-based service providers, the relevant Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework apply.

7. Storage and Deletion

Entered messages are not stored — they are used solely for one-time reply generation and discarded afterwards. Account data is stored as long as your account exists. Upon account deletion, all associated data is deleted within 30 days.

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

• Access (Art. 15) — What data we have stored about you
• Rectification (Art. 16) — Correction of inaccurate data
• Erasure (Art. 17) — Deletion of your data
• Restriction (Art. 18) — Limit processing
• Portability (Art. 20) — Export your data
• Objection (Art. 21) — Object to processing

9. California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you the following rights:

• Right to know — what personal information we collect, how we use it, and whether we share it
• Right to delete — request deletion of personal information we have collected
• Right to correct — request correction of inaccurate personal information
• Right to opt out of sale or sharing — we do not sell or share your personal information for cross-context behavioral advertising
• Right to non-discrimination — you will not receive discriminatory treatment for exercising any of these rights

To exercise any of these rights, contact us at email@replyly.online. We will respond within 45 days as required by law.

10. Children's Privacy

Replyly is not directed to children under 13 (or under 16 in the EU). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Supervisory Authority

The competent supervisory authority is:
Die Landesbeauftragte für den Datenschutz Niedersachsen
Prinzenstraße 5
30159 Hannover, Germany
www.lfd.niedersachsen.de

12. Contact

For privacy questions, contact us at: email@replyly.online

Replyly is a product by Brovko GmbH. Learn more at brovko.de