Privacy Policy
Last updated: [Date]
1. Data Controller
Replai.cc — DS Holding Ltd.
[Street, Number]
[Postcode, City], Cyprus
Email: Contact form
Phone: [+357 XX XXX XXXX]
2. Data We Collect
2.1 When you visit our website
When you visit our website, your browser automatically transmits the following data:
- IP address of the requesting device
- Date and time of access
- Name and URL of the requested file
- Referring website (referrer)
- Browser type and operating system
This data is processed to ensure smooth operation and improve our website (Art. 6(1)(f) GDPR).
2.2 When using our service (SaaS)
When you register for Replai, we process the following data:
- Name and email address
- Business details (name, website, industry)
- Payment data (processed by Stripe — we do not store card details)
- Content you upload (FAQs, documents, texts)
- Chat logs from your bot (conversations between your bot and website visitors)
Legal basis: Art. 6(1)(b) GDPR (performance of contract).
2.3 Your website visitors' chatbot data
When your website visitors use the Replai chatbot, the following data is processed:
- Message content (stored for 90 days)
- Contact details voluntarily provided (name, email, phone)
- Session ID (anonymised, no personal reference)
As a Replai customer, you are responsible for the GDPR-compliant integration of the chatbot on your website. We provide a Data Processing Agreement (DPA) on request.
3. Data Sharing
We only share your data with third parties where necessary for service delivery:
- Supabase Inc. (USA) — Database hosting. Adequate protection via EU Standard Contractual Clauses.
- Vercel Inc. (USA) — Web application hosting. Adequate protection via EU Standard Contractual Clauses.
- Anthropic PBC (USA) — AI processing of chat messages. Adequate protection via EU Standard Contractual Clauses.
- Resend Inc. (USA) — Email delivery. Adequate protection via EU Standard Contractual Clauses.
- Stripe Inc. (USA) — Payment processing. Adequate protection via EU Standard Contractual Clauses.
4. Retention Periods
- Customer data: for the duration of the contract + 30 days after cancellation
- Chat logs: 90 days
- Invoice data: 7 years (statutory retention requirement)
- Server logs: 30 days
5. Your Rights
Under GDPR, you have the following rights:
- Access (Art. 15) — What data we hold about you
- Rectification (Art. 16) — Correction of inaccurate data
- Erasure (Art. 17) — "Right to be forgotten"
- Restriction (Art. 18) — Restriction of processing
- Portability (Art. 20) — Your data in machine-readable format
- Objection (Art. 21) — Object to processing
To exercise your rights, use our contact form
You also have the right to lodge a complaint with a data protection supervisory authority.
6. Cookies
Our website uses only technically necessary cookies (session token for login). No tracking or marketing cookies are used.
7. Changes to this Policy
We reserve the right to update this privacy policy when our service changes or legal requirements demand it. The current version is always available on this page.