Replyge Privacy Policy
Last updated: 24 May 2026 · Replyge, operated by QuantumTechX SH.P.K. (Kosovo business reg. 812177302), Vushtrri, Kosovo
Replyge is an AI-powered customer-service assistant for small shops on Instagram. This policy explains what data Replyge collects when a shop owner connects their Instagram Business account, how we store it, and the choices you have. We write this in plain language because we want it to be readable, not legalese.
1. Who this applies to
- Shop owners who sign up for a Replyge account and connect their Instagram Business profile.
- Their customers, whose direct messages on Instagram are processed by Replyge's AI to generate replies on the shop's behalf.
2. What we collect
From shop owners (Replyge account)
- Email address, full name, password (hashed with Argon2id, never stored in plain text).
- Shop name.
- Preferred language (Albanian or English).
- IP address and Accept-Language header at signup time (used once to pick your default language; not retained as a separate log entry).
From the connected Instagram Business account (OAuth)
- Instagram username, Instagram Business Account ID, account type.
- A long-lived access token Meta issues so Replyge can send replies on your behalf. Stored encrypted at rest with ASP.NET Data Protection API (AES-256, per-purpose key ring). The token can be revoked at any time from Replyge Settings → Disconnect.
From customer Instagram DMs received by your business account
- Sender Instagram user ID (PSID) and handle.
- The text content of the DM.
- Timestamps and Instagram-assigned message IDs.
- Any name, phone number, or shipping address the customer provides for an order, if you choose to record one.
We do not collect Instagram media attachments, post likes, comments outside the messaging API, or any data about Instagram accounts that have not messaged your business.
3. How we use it
- Reply generation — your shop's product catalogue plus the customer's most recent messages are sent to Anthropic (creators of Claude) to generate an Albanian-language reply. Anthropic processes the data per their enterprise privacy terms and does not train on Replyge customer data.
- Order tracking — when a customer provides name/phone/address and confirms a purchase, Replyge creates an Order record visible only to you in your dashboard.
- Analytics — counts of messages handled, AI cost per period, resolution rate. All scoped to your business; we don't pool data across shops for analytics.
- Service operation — keeping the app running (load balancing, error logs, infrastructure health). Logs are retained 30 days.
We do not sell your data or your customers' data. We do not use it for advertising. We do not pool data across shops to train a shared model.
4. Third parties we share with
- Anthropic — to generate AI replies. Data is sent over HTTPS, retained briefly for safety scanning, then deleted per Anthropic's policy. Anthropic does not train on it.
- Meta (Instagram / Facebook) — to send replies on your behalf via the Instagram Graph API. Subject to Meta's privacy policy.
- Our hosting provider (currently a single EU-region VPS). Data does not leave the EU.
We do not share data with marketing, advertising, or analytics platforms beyond what is listed above.
5. Where the data is stored
All persistent data (accounts, conversations, orders, encrypted tokens) is stored in a PostgreSQL database hosted in the European Union. Backups are encrypted and retained 30 days.
6. How long we keep it
- Shop owner account data — until you delete your account.
- Customer messages and orders — kept while you have an active Replyge account, so that you can refer back to past conversations and orders. Deleted within 30 days of account closure or upon explicit request.
- Encrypted Meta access tokens — automatically removed when you click Disconnect, or when Meta invalidates them.
- Service logs (error messages, request traces) — 30 days.
7. Your choices and rights
- Disconnect Instagram at any time in Replyge Settings → "Shkëput". This deletes your stored access tokens immediately and instructs Meta to revoke the connection.
- Export your conversations and orders by emailing support@replyge.com.
- Delete your account by emailing the same address. We action requests within 14 days.
- Customers of Replyge shops can request deletion of their data from a specific shop's Replyge records by emailing us with the shop's name and their Instagram handle.
- Under GDPR (we are Kosovo-based but treat residents of the EEA/UK as if GDPR applies): the right to access, rectify, erase, restrict, port, and object to processing. To exercise any of these, email the address above.
8. Security
- Passwords are hashed with Argon2id (not encrypted, not reversible).
- Access tokens are encrypted at rest using AES-256 via ASP.NET Data Protection.
- All traffic between your browser and Replyge is TLS-encrypted.
- Database access is restricted to the application VPS; no public-internet access to the database.
- We do not knowingly collect data from children under 13.
9. Changes to this policy
If we change anything material, we'll email all active shop owners at least 14 days before the change takes effect. Minor edits (typos, clarifications) we make without notice but always update the "Last updated" date above.
10. Contact
Questions, requests, or complaints: support@replyge.com.
Replyge, a product of QuantumTechX SH.P.K. · Shote Galica Pn, Vushtrri, Kosovo · Terms of Service