Privacy Policy

Repliqo is a team inbox product offered at repliqo.app and related domains. If you have questions about this policy, contact us through the support or account channels available in the product.

Depending on how you use Repliqo, we process categories such as:

• Account and profile: name, email address, password hash (if you use email sign-in), avatar image, session and authentication records.
• Workspace and collaboration: workspace name and settings, membership, roles, invitations, audit-style activity needed to operate the product.
• Connected email: when you connect Gmail or Google Workspace, we use Google OAuth and the Gmail API to sync mailboxes you authorize. That includes message metadata and content (subjects, bodies, recipients, headers), attachments, labels or mailbox placement signals, and send/receive/draft operations needed for the inbox.
• Custom domains and delivery: when you connect a domain for sending or receiving through our email provider, we process domain names and DNS-related records needed to verify and operate mail for that domain.
• Billing: if you subscribe, our payment provider processes checkout, subscription, invoice, and customer identifiers needed for billing and entitlement.
• Support and security: messages you send us, logs, and technical data used to secure accounts and debug issues.

We use the information above to:

• Provide, operate, and improve the service (sync, search, assignment, notifications, attachments, and collaboration features).
• Authenticate you, protect accounts, prevent abuse, and comply with law where required.
• Offer optional AI-assisted features (for example thread summaries and draft replies). When enabled, relevant message context and your instructions may be sent to our AI routing provider and the underlying model providers they use to generate output.
• Process subscriptions and manage plan access.
• Send transactional email such as verification and password reset messages.

We use third-party services that process data on our behalf or as part of providing the product. These include:

• Cloudflare — application hosting, edge networking, Workers, KV cache, R2 object storage, Durable Objects for realtime features, and scheduled tasks.
• PostgreSQL — primary application database, connected via Cloudflare Hyperdrive in production environments where configured.
• Better Auth — authentication framework; sessions are stored in our database with cookies issued according to our configuration.
• Google — sign-in with Google and Gmail / Google Workspace mailbox access via OAuth and the Gmail API (including the mailbox permission scope we request during connect).
• Resend — outbound transactional email, inbound and outbound email delivery for custom domains, domain provisioning, and email webhooks.
• Svix — used to verify authenticity of certain webhook payloads (for example from Resend).
• Polar — checkout, customer portal, subscriptions, and billing webhooks.
• OpenRouter — routes requests to large language models for optional AI features; model identifiers in our configuration may include providers such as Google, Anthropic, and DeepSeek depending on the model selected.

Those providers have their own privacy notices, which also describe how they handle data in their systems.

We use HTTP cookies for sign-in sessions when you authenticate. The web app may store preferences in your browser (for example theme, sidebar state, or workspace UI state) using localStorage or sessionStorage to improve the experience.

We keep information for as long as your account or workspace needs it to provide the service, as required by law, or as needed for legitimate business purposes such as security and dispute resolution. Some data may persist in backups for a limited period. When you disconnect an integration, we stop new syncing; removal timelines for stored copies can depend on product features and technical constraints.

We use administrative and technical measures designed to protect information, including encryption for secrets such as mailbox tokens at rest. No method of transmission or storage is completely secure.

You can:

• Disconnect Gmail or domain integrations from workspace settings where supported.
• Request account or workspace deletion or export using the channels we provide in the product.
• Adjust browser storage by clearing site data (this may sign you out or reset preferences).

We and our providers may process data in the United States and other countries where they operate facilities. Those countries may have different data protection rules than where you live.

Repliqo is not directed at children. We do not knowingly collect personal information from children.

We may update this page to reflect product or legal requirements. When we do, we will revise it here; material changes may also be surfaced in-product or by email where appropriate.