Privacy Policy

RepEasy (“we”, “us”) provides AI-assisted customer support tooling for Shopify merchants. This policy explains what information we collect, how we use it, and the choices you have. By using RepEasy you agree to the practices described below.

We collect the following categories of information:

• Account data. Your name, email address, password hash, team membership, and authentication tokens.
• Email content. When you connect Gmail, Outlook, or IMAP, we access incoming and outgoing messages, attachments, and metadata so the AI can draft replies.
• Shopify data. When you install our Shopify app, we access store information, orders, customers, fulfillments, and tracking details required to generate accurate replies.
• Configuration. Brand voice, rules, policies, AI settings, and team preferences you provide.
• Usage data. Logs, IP address, browser type, device information, and analytics about how you interact with the product.

• Authenticate users and operate the service.
• Generate AI drafts and replies using your email content, Shopify context, and configured brand voice.
• Improve product reliability, debug issues, and protect against abuse.
• Send transactional and account-related communications.

We do not sell your personal information, and we do not use the content of your customer emails or Shopify data to train third-party foundation models.

To draft replies, relevant email content and Shopify context are sent to large-language-model providers acting as our subprocessors. These providers process the data on our behalf under contractual confidentiality and do not retain it for model training.

We share information only with:

• Subprocessors that host infrastructure, run AI inference, send email, or provide analytics.
• Other team members within your RepEasy workspace, based on the access you grant.
• Authorities when required by law, valid legal process, or to protect our rights and users.

We retain account, email, and Shopify data for as long as your workspace is active. You may delete connected inboxes, uninstall the Shopify app, or close your account at any time. After deletion we remove or anonymize the related data within 30 days, except where retention is required by law.

Data is encrypted in transit using TLS and at rest. OAuth tokens are stored encrypted. Access to production systems is restricted and audited. No system is perfectly secure; you are responsible for keeping your account credentials safe.

• Disconnect any email inbox or the Shopify integration at any time from settings.
• Request access, correction, export, or deletion of your personal data.
• Opt out of non-essential communications.

Depending on where you live, you may have additional rights under GDPR, UK GDPR, or CCPA. To exercise any of these rights, contact us at the address below.

RepEasy is operated from the United States and may process data in other countries where our subprocessors operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for international transfers.

RepEasy is not intended for children under 16, and we do not knowingly collect personal information from them.

We may update this policy from time to time. Material changes will be announced in-product or by email. Continued use of RepEasy after the effective date constitutes acceptance of the revised policy.

Questions or requests about this policy? Email us at privacy@repeasy.app.