replyk.io

Privacy Policy

Effective Date: May 11, 2026

1. Introduction

Welcome to Replyk ("we," "us," or "our"), a service provided by VERSAAS LLC.Replyk is a B2B SaaS platform that provides WhatsApp Business API integration, Facebook/Meta platform integrations, AI-powered Sales Agent automation, order management, product catalog management, customer support automation, and analytics dashboards.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform athttps://www.replyk.io and related services. Please read this policy carefully.

Data Processor Role: When our business customers ("Clients") use Replyk to communicate with their end customers, we act as a data processor on behalf of our Clients, who are the data controllers. For data we collect directly from you as a user of our platform (account information, billing, etc.), we act as the data controller.

By accessing or using Replyk, you agree to this Privacy Policy. If you do not agree, please do not use our services.

2. Data We Collect

2.1 Information You Provide

  • Account registration information (name, email, password)
  • Business profile information (business name, industry, address)
  • Payment and billing information (processed by Stripe/PayPal)
  • Products, offers, and catalog data you create
  • Customer and recipient details entered by you or your connected stores, including names, phone numbers, addresses, cities, and order details
  • Support tickets and communications with us
  • WhatsApp Business account details and configurations

2.2 Automatically Collected Information

  • Device information (browser type, OS, device identifiers)
  • Log data (IP address, access times, pages viewed)
  • Usage analytics (features used, session duration)
  • Cookies and similar tracking technologies

2.3 Meta/WhatsApp Platform Data

  • Meta Business, WhatsApp Business Account, phone number, and configuration identifiers such as Business ID, WABA ID, Phone Number ID, App ID, and webhook status
  • OAuth tokens, access tokens, app secrets, webhook verify tokens, and related credentials, stored with appropriate encryption and access controls where applicable
  • WhatsApp message IDs, sender and recipient phone numbers, delivery/read/failure status, timestamps, conversation windows, and other messaging metadata
  • Template message content, categories, language, approval status, and usage information
  • Click-to-WhatsApp referral data, ad attribution, Meta Conversion API event data, and similar analytics data when you enable those features

2.4 End-User Messaging Data

Important: When our Clients useReplyk to communicate with their end customers, message content, media, conversation history, order details, and support context may be processed and stored so the platform can display conversations, power the AI Sales Agent, create orders, route support, provide analytics, troubleshoot issues, and comply with Meta/WhatsApp policies. We do not sell end-customer message content or use it for unrelated third-party profiling. Clients are responsible for giving their customers legally required notices, obtaining opt-in/consent, and honoring opt-out and deletion requests.

3. How We Use Your Data

We use collected information for the following purposes:

  • Service Delivery: To provide, maintain, and improve Replyk
  • WhatsApp/Meta Integration: To connect your account with WhatsApp Business API and process messages
  • AI Agent Automation: To power Sales Agent responses, order processing, follow-ups, and customer engagement features
  • Analytics: To provide dashboards, reports, and insights about your messaging performance
  • Compliance Controls: To support message template rules, 24-hour conversation windows, opt-out handling, abuse prevention, and Meta/WhatsApp policy compliance
  • Account Management: To process payments, manage subscriptions, and handle billing
  • Customer Support: To respond to inquiries, troubleshoot issues, and provide assistance
  • Communications: To send service updates, security alerts, and marketing (with consent)
  • Legal Compliance: To comply with laws, regulations, and enforce our terms
  • Security: To detect, prevent, and address fraud, abuse, and security threats

4. Data Sharing & Disclosure

We may share your information with:

4.1 Service Providers

  • Cloud hosting providers (data storage and processing)
  • Payment processors (Stripe, PayPal for billing)
  • AI and automation providers, such as Gemini/OpenAI-compatible services, solely as needed to generate responses, classify conversations, process media, or provide configured AI features
  • Shipping carriers, store platforms, and other integrations you connect or instruct us to use
  • Email, notification, security, monitoring, and support providers
  • Analytics services (usage tracking and insights)
  • Customer support tools

4.2 Meta/Facebook Platforms

To provide WhatsApp Business API and Facebook integrations, we share necessary data with Meta Platforms, Inc. and WhatsApp, including business identifiers, phone numbers, templates, messages, message metadata, webhook events, and conversion events where enabled. This processing is subject to Meta's Platform Terms, WhatsApp Business Terms, WhatsApp Business Messaging Policy, and related policies.

We process Meta/WhatsApp Platform Data only for the purposes described in this policy, at our Clients' direction where we act as their service provider/processor, and in accordance with applicable Meta and WhatsApp requirements.

4.3 Legal Requirements

We may disclose information when required by law, subpoena, court order, or to protect our rights, property, safety, or that of others.

4.4 Business Transfers

In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Cookies & Tracking Technologies

We use cookies and similar technologies to:

5.1 Types of Cookies

  • Essential Cookies: Required for platform functionality, authentication, and security
  • Analytics Cookies: Help us understand how you use our service to improve it
  • Preference Cookies: Remember your settings and preferences
  • Marketing Cookies: Used for targeted advertising (with consent)

5.2 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may affect platform functionality.

5.3 Do Not Track

We currently do not respond to DNT (Do Not Track) browser signals as there is no industry standard for handling them. We will update this policy if a standard is adopted.

6. Data Security

We implement robust security measures to protect your data:

6.1 Technical Measures

  • HTTPS/TLS encryption for data in transit
  • Encryption and strict access controls for sensitive credentials, provider tokens, and high-risk integration secrets
  • Business/tenant isolation and role-based access controls
  • Regular security audits and penetration testing
  • Secure API authentication and access controls

6.2 Organizational Measures

  • Employee training on data protection
  • Access controls based on role and necessity
  • Vendor security assessments
  • Incident response procedures

6.3 Breach Notification

In the event of a data breach affecting your personal data, we will notify you and relevant authorities as required by law, typically within 72 hours of discovery.

6.4 Security Reports

To report a security vulnerability or suspected misuse of Meta or WhatsApp data, contact us at [email protected] or[email protected] with enough detail for us to investigate.

7. International Data Transfers

Replyk is operated from the United States. Your data may be transferred to, stored, and processed in the US or other countries where our service providers operate.

7.1 EU/EEA Transfers

For transfers of personal data from the European Economic Area (EEA) to the US, we rely on:

  • EU Standard Contractual Clauses (SCCs)
  • Data Processing Agreements with appropriate safeguards
  • Service providers with adequate data protection certifications

7.2 Data Processing Agreement

Enterprise customers may request a Data Processing Agreement (DPA) that includes SCCs and additional contractual protections. Contact us at [email protected] to request a DPA.

8. Data Retention

We retain data for the following periods:

Data TypeRetention Period
Account informationDuration of account + 30 days
Meta/WhatsApp credentialsDuration of active integration + 30 days after disconnect
Billing/payment records7 years (legal requirement)
WhatsApp conversations and messagesDuration of Client account unless deleted earlier by the Client, recipient request, or applicable law
Orders and customer recordsDuration of Client account + lawful tax, accounting, fraud, and dispute periods
Analytics data24 months
Support tickets3 years
Server logs90 days

Deletion Procedures

Upon account deletion or data erasure request, we will delete or anonymize your data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention, security, tax, accounting, chargeback defense, or dispute resolution). Backup copies may persist for a limited period until overwritten in the normal backup lifecycle.

9. Data Deletion Requests

This section is our public user data deletion instruction page for Meta App Dashboard purposes. The User Data Deletion URL for Meta ishttps://www.replyk.io/privacy/#data-deletion.

How to request deletion

  • Email [email protected] with the subject line "Data Deletion Request" and include the email address, phone number, business name, or Meta/WhatsApp account identifier associated with the request.
  • If you are a business customer, you may also delete or export platform data from your account where product controls are available, or contact [email protected] for assistance.
  • If you are an end customer of one of our Clients, contact the business you messaged on WhatsApp first. Where the business usesReplyk, we will assist that business with deletion or access requests as its processor/service provider.

Meta/Facebook app removal requests

If you remove our Meta-connected app from your Facebook Apps and Websites settings and request deletion, Meta may send us a deletion request or make user identifiers available in the App Dashboard. We will promptly initiate deletion or anonymization of Platform Data associated with the request, unless we must retain limited data for legal, security, fraud-prevention, or dispute-resolution reasons.

Expected response: We will acknowledge verified deletion requests and provide a status update or confirmation code where required. Standard requests are completed within 30 days; complex requests may take longer where permitted by law.

10. GDPR Rights (EU/EEA Users)

If you are located in the European Economic Area (EEA), you have the following rights under GDPR:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time for consent-based processing
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

Response Time: We will respond to your requests within 30 days. Complex requests may take up to 60 days with notice. To exercise your rights, contact us at[email protected].

11. CCPA/CPRA Rights (California Residents)

California residents have the following rights under the CCPA/CPRA:

  • Right to Know: What personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Correct: Correct inaccurate personal information
  • Right to Opt-Out: Opt out of the sale/sharing of personal information
  • Right to Non-Discrimination: Not be discriminated against for exercising your rights
  • Right to Limit Use: Limit use of sensitive personal information

Authorized Agents

You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authorization.

Shine the Light

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing. We do not share personal information with third parties for their direct marketing purposes.

12. Children's Privacy

Replyk is a B2B service intended for business use only. Our services are not directed to individuals under 18 years of age.

Age Requirement: You must be at least 18 years old to create an account or use Replyk. By using our services, you represent that you meet this age requirement.

We do not knowingly collect personal information from children under 13 (or under 16 in the EEA). If we become aware that we have collected data from a child without parental consent, we will delete it promptly. If you believe we have collected information from a child, please contact us at [email protected].

14. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

Notification of Changes

  • Material changes will be notified via email and/or prominent notice on our platform
  • The "Effective Date" at the top will be updated
  • Continued use after changes constitutes acceptance

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Privacy Team

Email:[email protected]

General Support

Email:[email protected]

Legal Inquiries

Email:[email protected]

Security Reports

Email: [email protected]

Mailing Address

VERSAAS LLC
8206 Louisiana Blvd Ne, Ste A #7849, Albuquerque, New Mexico 87113, United States

Please also review ourTerms of Servicewhich govern your use of Replyk.

View Terms of Service