Privacy Policy
Google API Services User Data Policy Compliance: ReplyQuicker's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only request the minimum scopes necessary (email and profile) for authentication purposes.
Article 1: Definitions
- "Personal Data" means any information relating to an identified or identifiable natural person.
- "Processing" means any operation performed on Personal Data, including collection, storage, use, and deletion.
- "Controller" refers to ReplyQuicker (operated under Overto Cloud), which determines the purposes and means of Processing.
- "Sub-Processor" means a third-party service provider that processes data on our behalf.
Article 2: Data We Collect
2.1 Data We Collect
| Data Type | Purpose | Retention |
|---|---|---|
| Email address (via Google OAuth) | Account identification, credit tracking | Until account deletion |
| Business name & industry (user-provided) | AI prompt personalisation | Until account deletion |
| Reply usage count | Free tier enforcement, billing | Reset monthly, deleted on account deletion |
| Stripe Customer ID | Subscription management | Until account deletion |
2.2 Data We Do NOT Collect
- Google review text (processed in real-time, never stored or logged)
- AI-generated replies (streamed to your browser, never stored)
- Passwords (authentication handled entirely by Google)
- Payment card details (handled entirely by Stripe)
- Browsing history, cookies, or tracking data
- Personal information of reviewers
Article 3: Legal Basis for Processing
We process your Personal Data under the following legal bases as defined by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018:
- Contractual Necessity (Article 6(1)(b)): We need your email address to provide the Service, manage your account, and enforce usage limits as part of our contractual obligation to you.
- Legitimate Interest (Article 6(1)(f)): We process minimal usage data to prevent abuse, maintain service quality, and improve the Extension.
- Consent (Article 6(1)(a)): By signing in with Google and using the Extension, you consent to the processing described in this Policy.
Article 4: How We Use Your Data
- To authenticate your identity and maintain your session.
- To track your monthly reply usage and enforce plan limits.
- To personalise AI-generated replies using your business name and industry.
- To manage your Pro Plan subscription status.
- To communicate important service updates (if necessary).
Article 5: Review Data Processing
5.1 Real-Time Processing
When you generate a reply, the review text is sent from your browser to our Cloudflare Worker, which forwards it to our AI provider for processing. The generated reply is streamed back to your browser in real-time.
5.2 No Storage
Review text and generated replies are never stored, logged, cached, or used for AI model training. The data exists only in transit during the generation process and is encrypted using TLS 1.3.
5.3 No Third-Party Access
Review data is not shared with, sold to, or accessible by any party other than the AI provider during the real-time generation process.
Article 6: Sub-Processors
We use the following third-party services to operate the Extension:
| Provider | Purpose | Data Processed |
|---|---|---|
| Google OAuth | Authentication | Email, profile name |
| Cloudflare Workers & KV | API hosting, usage tracking | Email, usage count |
| AI Provider (DeepSeek) | Reply generation | Review text (in transit only, not stored) |
| Stripe | Payment processing | Payment details (managed by Stripe) |
Article 7: Data Storage & Security
7.1 Storage Location
Account data (email, usage count, plan status) is stored in Cloudflare KV, a globally distributed edge storage system. Data is encrypted at rest and in transit.
7.2 Local Storage
The Extension uses Chrome's local storage API to maintain your authentication token and preferences (business name, industry, tone preference) on your device. This data never leaves your browser except when making authenticated API requests.
7.3 Security Measures
- All data in transit is encrypted using TLS 1.3 (HTTPS).
- API keys and secrets are stored as encrypted environment variables in Cloudflare.
- Google OAuth tokens are managed by Chrome's identity API with automatic expiration.
- Stripe webhook signatures are cryptographically verified using HMAC-SHA256.
Article 8: Data Retention
- Account data (email, usage): Retained until you request deletion or uninstall the Extension.
- Usage counters: Reset automatically on the first day of each calendar month.
- Review text & AI replies: Not retained. Processed in real-time and immediately discarded.
- Authentication tokens: Managed by Chrome and Google. Revoked upon sign-out.
Article 9: Cookies & Tracking
ReplyQuicker does not use cookies, tracking pixels, analytics scripts, or any form of cross-site tracking. We do not collect browsing history or monitor your activity outside of the Extension's direct functionality.
The Extension uses Chrome's chrome.storage.local API to
store your preferences and authentication state locally on your
device. This is not a cookie and is not accessible by websites.
Article 10: Your Rights (UK GDPR / Data Protection Act 2018)
Under applicable data protection law, you have the following rights:
- Right of Access: You may request a copy of the Personal Data we hold about you.
- Right to Rectification: You may request correction of inaccurate Personal Data.
- Right to Erasure: You may request deletion of your Personal Data. We will delete your data from Cloudflare KV within 30 days of your request.
- Right to Restriction: You may request that we restrict the processing of your Personal Data.
- Right to Data Portability: You may request your data in a structured, machine-readable format.
- Right to Object: You may object to processing based on legitimate interest.
- Right to Withdraw Consent: You may withdraw consent at any time by signing out and uninstalling the Extension.
To exercise any of these rights, contact us at support@replyquicker.com. We will respond within 30 days.
Article 11: Children's Privacy
The Extension is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect Personal Data from children. If we become aware that we have collected data from a child, we will delete it promptly.
Article 12: International Data Transfers
Your data may be processed in countries outside the United Kingdom through our use of Cloudflare's global edge network. Cloudflare maintains appropriate safeguards for international data transfers in compliance with UK GDPR requirements.
Article 13: Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the Extension or by email. Your continued use of the Service after changes constitutes acceptance of the revised Policy. We encourage you to review this Policy periodically.
Article 14: Data Protection Officer
For privacy-related enquiries, data access requests, or complaints, please contact:
ReplyQuicker Privacy Team
Operated by Overto Cloud
Email:
support@replyquicker.com
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you believe your data protection rights have been violated.