Privacy Policy

Account Information

When you create an account, we collect your name, email address, company name, and billing information. This data is necessary to provide our services and process payments.

Usage Data

We automatically collect information about how you interact with our platform, including API call volumes, feature usage, and session durations. This helps us improve the service and provide accurate billing.

Device & Technical Information

We collect basic device and browser information such as IP address, browser type, operating system, and device identifiers to ensure platform security and optimize your experience.

API Logs

We maintain logs of API requests including timestamps, endpoints called, response codes, and payload sizes. Message content is encrypted in transit and is not stored in plain text in our logs.

Communications

If you contact us by email or through our support channels, we retain those communications to provide support and improve our services.

Provide & Maintain Our Service

Your information is used to operate, maintain, and deliver the Blue Replies platform, including processing API requests, managing your account, and handling billing.

Improve the Platform

We analyze aggregated usage patterns to identify performance bottlenecks, develop new features, and enhance the reliability of our infrastructure.

Communicate With You

We use your contact information to send service announcements, security alerts, billing notifications, and respond to your support requests.

Security & Fraud Prevention

We use account and device data to detect unauthorized access, prevent abuse of our API, and protect the integrity of our platform and our users.

Legal Compliance

We may use your information to comply with applicable laws, regulations, and legal processes, including responding to lawful requests from public authorities.

We Do Not Sell Your Data

Blue Replies does not sell, rent, or trade your personal information to third parties for marketing or advertising purposes. Your data is yours.

Cloud Infrastructure Providers

We use SOC 2 Type II compliant cloud providers to host our infrastructure. These providers process data on our behalf under strict contractual obligations and data processing agreements.

Payment Processors

We use PCI-DSS compliant payment processors (such as Stripe) to handle billing. We do not store full credit card numbers on our servers.

Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website.

Legal Requirements

We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to comply with a legal obligation, protect our rights, or ensure the safety of our users.

Active Accounts

We retain your personal information for as long as your account is active or as needed to provide you with our services, comply with legal obligations, resolve disputes, and enforce our agreements.

Account Deletion

You may request deletion of your account and associated data at any time. Upon receiving a verified deletion request, we will remove your personal data from our active systems within 30 days. Some data may be retained in encrypted backups for up to 90 days before being permanently purged.

Legal Retention Obligations

Certain data may be retained longer where required by law, such as billing records which may be kept for up to 7 years for tax and accounting purposes.

Essential Cookies

We use strictly necessary cookies to maintain your session, remember your authentication state, and ensure the platform functions correctly. These cannot be disabled.

Analytics Cookies

With your consent, we use analytics cookies to understand how visitors interact with our website. This data is aggregated and anonymized. We do not use analytics cookies to track individual users across other websites.

Managing Cookies

You can manage your cookie preferences through your browser settings. Disabling non-essential cookies will not affect your ability to use the Blue Replies platform.

Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide this data in a portable, machine-readable format within 45 days of a verified request.

Right to Rectification

You have the right to request that we correct any inaccurate personal information we hold about you.

Right to Deletion

You may request that we delete your personal information. Certain data necessary for legal compliance or legitimate business purposes may be exempt from deletion.

Right to Opt-Out

You can opt out of non-essential data collection and marketing communications at any time through your account settings or by contacting us at [email protected].

How to Exercise Your Rights

To submit a data access, deletion, or opt-out request, email us at [email protected] with your account email and a description of your request. We will verify your identity and respond within 45 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know

You have the right to know what personal information we collect, use, disclose, and sell (we do not sell your data).

Right to Delete

You have the right to request deletion of your personal information, subject to certain exceptions.

Right to Correct

You have the right to request that we correct inaccurate personal information.

Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights.

Submitting a Request

To submit a CCPA/CPRA request, contact us at [email protected]. We will respond within 45 days and may extend that period by an additional 45 days where reasonably necessary.

If you are located in the European Economic Area (EEA) or the United Kingdom, you have rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Legal Basis for Processing

We process your personal data on the basis of contractual necessity (to provide the Service), legitimate interests (security and fraud prevention), compliance with legal obligations, and your consent where applicable.

Your GDPR Rights

You have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing based on legitimate interests, and the right to withdraw consent at any time without affecting prior processing.

Data Transfers

Your data may be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other lawful transfer mechanisms to protect your data when transferred outside the EEA or UK.

Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority. Contact us first at [email protected] and we will endeavor to resolve any concerns.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at [email protected] and we will delete it promptly.

Encryption Standards

All data at rest is encrypted with AES-256 encryption. All data in transit is protected with TLS 1.3. API keys are hashed and stored securely — we never store them in plain text.

Infrastructure Security

Our infrastructure is hosted on SOC 2 Type II compliant providers with continuous monitoring, intrusion detection, and automated threat response.

No Absolute Guarantee

While we implement industry-standard security measures, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your information.

Notification of Changes

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will notify you via email at the address associated with your account at least 30 days before the changes take effect.

Continued Use

Your continued use of Blue Replies after the effective date of any updated Privacy Policy constitutes your acceptance of the revised policy.

If you have any questions about this Privacy Policy, your personal data, or wish to exercise your privacy rights, please contact our privacy team at [email protected]. We aim to respond to all inquiries within 5 business days.