Privacy Policy

Effective Date: 01/01/2026

Last Updated: 01/01/2026

Rephly ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding that information. By using Rephly, you agree to the practices described in this policy.

1. Information We Collect

1.1 Information You Provide Directly

  • Account information: Your email address when you sign up or sign in
  • Messages you submit: Text you paste or type into Rephly to generate replies. These are sent to our AI backend for processing only and are not stored on our servers after your reply is returned
  • Screenshots and photos: Images you capture or upload for AI text extraction (Pro feature). These are processed and discarded immediately — not stored

1.2 Information Collected Automatically

  • Usage data: Features used, screens viewed, and reply generation events — collected in anonymized form
  • Device information: Device type, operating system version, and app version for troubleshooting
  • Push notification token: Used to deliver notifications you have opted into
  • Subscription status: Your current plan and entitlements via RevenueCat

1.3 Information from Third Parties

  • Google Sign-In: If you sign in with Google, we receive your email address from Google as part of the OAuth flow
  • RevenueCat: Subscription status and purchase history to gate Pro features

2. How We Use Your Information

We use the information we collect to:

  • Provide and manage your account
  • Generate AI reply suggestions via our secure backend (messages are never stored after processing)
  • Enforce daily reply limits for free tier users
  • Manage your subscription via RevenueCat
  • Send notifications you have enabled
  • Improve the Service using anonymized usage data
  • Respond to your support requests at support@rephly.app
  • Comply with applicable laws and enforce our Terms of Use

3. How We Share Your Information

We do not sell your personal information. We share data only with the following service providers who process it on our behalf:

Supabase

Purpose: Authentication and database storage

Data shared: Email address, reply history, daily counter data

Google Gemini (via our backend only)

Purpose: AI reply generation and screenshot text extraction

Data shared: Message text or screenshot image submitted for processing. Never sent directly from the app — always via our secure Edge Functions. Not stored after processing.

RevenueCat

Purpose: Subscription management

Data shared: User ID, subscription events

Expo / Firebase

Purpose: Push notification delivery

Data shared: Device push token, notification payload

We may also disclose your information if required by law, court order, or to protect our rights or the safety of others.

4. AI Processing and Your Data

When you submit a message or screenshot to Rephly:

  • Your text or image is transmitted over an encrypted connection to our secure backend (Supabase Edge Functions)
  • Our backend forwards it to Google Gemini AI to generate reply suggestions
  • The reply is returned to your device
  • Your message and any screenshot are not stored on our servers after the reply is returned
  • We do not use your messages to train AI models

5. Data Storage and Security

  • Your account data and reply history are stored on Supabase infrastructure (AWS, SOC 2 Type II)
  • All data in transit is encrypted using TLS
  • Database records are protected by Row Level Security — only you can access your own data
  • We do not store passwords — authentication uses email OTP or Google OAuth
  • Some data (subscription status, daily counter) is cached locally on your device using encrypted MMKV storage

6. Data Retention

  • Account and reply history data: Retained while your account is active
  • Message text and screenshots submitted for AI processing: Not retained — discarded after your reply is returned
  • Free tier reply history: Automatically expires after 24 hours
  • Pro reply history: Retained until you delete it or delete your account
  • Deleted accounts: All data permanently removed from our database upon deletion. Encrypted backups purged within 30 days.

7. Your Rights and Choices

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Delete your account via Settings → Delete Account, or contact support@rephly.app
  • Notifications: Manage preferences in Settings or at the OS level at any time
  • Opt-out of analytics: Contact us to opt out of usage data collection

8. Children's Privacy

Rephly is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us their information, contact us at support@rephly.app and we will delete it promptly.

9. California Privacy Rights (CCPA)

California residents have the right to know what personal information we collect, request deletion, and opt out of sale. We do not sell personal information. Contact support@rephly.app to exercise your rights.

10. International Users

Rephly is operated from the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States. By using Rephly, you consent to this transfer.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last Updated" date and notify you of material changes via in-app notification or email. Continued use after changes take effect constitutes acceptance.

12. Contact Us

Email: support@rephly.app

Website: https://rephly.app/support