Privacy Policy

Last updated: March 4, 2026

1. Who We Are

ReplyRunner is operated by Source Strong AI. When we say "we", "us", or "our", we mean Source Strong AI. When we say "you" or "your", we mean you as a user of ReplyRunner.

2. Information We Collect

Account information: When you sign in with Google, we receive your name, email address, and profile picture. We do not receive or store your Google password.

Product information: You provide your product URL, brand description, target audience, and marketing preferences. This is stored to power your AI-generated replies.

Usage data: We track scan counts, post counts, and feature usage to enforce plan limits and improve the service.

Payment information: Payments are processed by Dodo Payments. We receive your subscription status, plan, and customer ID. We never see or store your card number, CVV, or full billing details.

3. How We Use Your Information

  • To provide and operate ReplyRunner (monitoring, AI reply generation, opportunity detection)
  • To manage your account, subscription, and plan limits
  • To send transactional emails (account confirmation, billing updates)
  • To improve the platform based on aggregated, anonymized usage patterns

We do not sell, rent, or share your personal information with third parties for their marketing purposes.

4. Third-Party Services

  • Google OAuth: Authentication only. We request minimal scopes (email, profile).
  • Convex: Backend infrastructure. Data is stored on Convex servers.
  • xAI (Grok): Powers AI reply generation. Your brand context is sent to generate replies. xAI does not use your data for model training.
  • Google Gemini: Powers product page analysis. Your product URL content is sent for analysis.
  • Dodo Payments: Handles all payment processing. Subject to their own privacy policy.

5. Data Retention

Your data is retained for as long as your account is active. If you delete your account, all your projects, monitors, opportunities, drafts, prompts, and personal data are permanently deleted. We do not retain backups of deleted accounts.

6. Data Security

We use industry-standard security measures including encrypted connections (HTTPS/TLS), secure authentication (OAuth 2.0), and webhook signature verification (HMAC-SHA256). Access to production systems is restricted to authorized personnel only.

7. Your Rights

You can access, update, or delete your personal data at any time through the Settings page. To delete your account entirely, go to Settings → Account & Plan → Danger Zone. For any privacy-related requests, email us at [email protected].

8. Cookies

We use essential cookies only — for authentication and session management. We do not use advertising cookies or third-party tracking cookies.

9. Changes

We may update this policy from time to time. Significant changes will be communicated via email or an in-app notification.

10. Contact

Questions about this policy? Email us at [email protected].

Back to Home