RepliStack
Start for free

Privacy Policy

RepliStack is privacy-first. This page explains what we collect, what we do not collect, and how third-party providers process data.

Last updated: February 24, 2026

What we collect

  • Account data: Supabase user ID, email address, and account creation time.
  • Usage data: server-side generation counters used to enforce the free trial.
  • Abuse prevention metadata: minimal technical signals such as timestamps, endpoint counts, and IP-derived signals.
  • Subscription data: Stripe customer ID, Stripe subscription ID, status, price ID, and billing period end date.
  • Billing-related metadata from Stripe needed to verify and maintain subscription status.

We store minimal account data, usage counts, and subscription status.

We apply rate limits and abuse prevention to protect reliability; excessive automated usage may be throttled.

What we do not store

  • Inbox email threads you paste into the app
  • Generated reply text as persistent server records
  • Full payment card numbers

We do not store your emails on our servers. Email content is sent to OpenAI only to generate the reply.

OpenAI, Supabase, and Stripe

We use Supabase for authentication and database hosting, Stripe for billing, and OpenAI for reply generation.

  • OpenAI receives email content (and any optional style/knowledge context you include) to generate replies.
  • Supabase hosts authentication and the Postgres tables for accounts, usage, and subscriptions.
  • Stripe processes payments and sends billing/subscription events we use to keep subscription status accurate.

OpenAI data handling is governed by OpenAI policies. See OpenAI Privacy Policy.

Stripe data handling is governed by Stripe policies. See Stripe Privacy Policy.

Supabase data handling is governed by Supabase policies. See Supabase Privacy Policy.

Cookies and local storage

  • Auth cookies: Supabase auth cookies are used to keep you signed in.
  • Local storage: style profile, support knowledge base, share popup, and debug-related local keys may be stored in your browser.

You can remove local browser data from the app using "Clear all local data" or by clearing site data in your browser.

Analytics (Vercel Web Analytics)

We use Vercel Web Analytics to understand aggregated usage and performance trends and to diagnose issues.

Vercel Web Analytics does not rely on third-party cookies. It may process technical/request metadata such as page URL, referrer, browser/device details, approximate location, and timestamps in aggregated form.

You can use browser privacy controls or content blockers to limit analytics collection. We do not sell personal data.

Retention and deletion

We keep account, usage, and subscription records while your account is active and for a limited period afterward when needed for security, dispute resolution, tax/accounting, or legal compliance.

You can request account deletion by contacting support. We will delete or anonymize personal data unless retention is legally required.

Your rights (GDPR/EEA)

Depending on your location, you may have rights to:

  • Access personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of personal data
  • Object to or restrict certain processing
  • Request data portability where applicable

To exercise these rights, contact support@replistack.com.