Privacy Policy

We store the data needed to run your bot — your account, the knowledge base you upload, and the conversations the bot has with your WhatsApp contacts. We never sell that data, never share it with advertisers, and never use it to train AI models. AI inference is done by Anthropic and OpenAI under their commercial API terms, which prohibit them from training on your data.

Replai is operated by Clement Kuek (sole proprietor, Malaysia). Contact for privacy matters: privacy@replai.pm.

Account data

• Your email address (used as login + for service emails)
• Your business name and any branding you set
• Billing identifiers from LemonSqueezy (customer/subscription ids — no card numbers; LS handles those)

Bot data you provide

• Knowledge base content (PDFs, URLs, pasted text)
• System prompts, office hours, escalation rules
• The WhatsApp pairing session credentials

Conversation data

• Inbound messages from your WhatsApp customers
• The bot’s outbound replies
• Voice-note transcripts (we run Whisper, store the text, and discard the audio bytes)
• Image captions (we run vision, store the caption / context, and discard the image bytes)
• Auto-classified flags (e.g., complaint, payment_received) and any operator notes

Operational data

• Token usage and cost per workspace (for billing transparency)
• Error logs (via Sentry) — these may contain stack traces and a limited snippet of the message that triggered the error
• Audit log entries for security-sensitive actions

• To provide the service you signed up for
• To bill you and prevent fraud
• To improve reliability (debugging, error monitoring)
• To meet legal obligations (e.g., responding to lawful government requests)

We do not use your data for advertising, do not sell it, and do not let our AI providers train on it.

We use a small set of vetted sub-processors. Each receives only the data needed to do their job:

• Anthropic — runs the chat model. Receives individual customer messages + relevant KB context for inference. Does not train on this data per their commercial API terms.
• OpenAI — runs Whisper (voice transcription) and text-embedding-3-small (KB embeddings). Same training opt-out applies.
• LemonSqueezy — payment processor + merchant of record. Receives your billing details.
• Resend — sends transactional + marketing emails (sign-in links, escalation alerts, trial reminders). Receives your email address and the email content.
• Sentry — error monitoring. Receives stack traces and limited context.
• Hostinger — our hosting infrastructure. Stores the database and service files.

Production data lives on a Hostinger VPS. Backups are encrypted at rest. We do not currently mirror data outside Hostinger; if that changes we’ll update this policy.

• Active workspace: as long as your subscription is active.
• Cancelled workspace: we keep your data for 30 days after cancellation in case you want to come back, then delete.
• On request: email privacy@replai.pm and we’ll delete or export your data within 30 days.
• Operational logs: rotated after 30 days.

You can:

• Access your data through the dashboard
• Request a full export by emailing privacy@replai.pm — we return it as JSON within 30 days
• Delete your account from the dashboard, or request deletion via email
• Object to specific processing (e.g., turn off escalation emails)
• Lodge a complaint with your local data protection authority if you think we’ve mishandled your data

The dashboard uses essential cookies to keep you signed in. We do not use analytics or advertising cookies.

When your WhatsApp customers message your bot, their messages land in your workspace. You are the data controller for those messages; we are a data processor on your behalf. Make sure your own privacy policy and customer relationship reflect that their messages are processed by an AI assistant.

We may update this Policy. Material changes get an email to your account address at least 14 days before they take effect.

Email privacy@replai.pm and we’ll get back to you within a few business days.