Replio
Sign inStart free
Privacy

Privacy Policy

Last updated: April 19, 2026

This Privacy Policy explains how Replio ("we", "us") collects, uses, and protects your information when you use our Instagram auto-reply service.

Information we collect

We collect only what's necessary to provide the service:

  • Instagram data: Your Instagram user ID, username, profile picture, and an access token issued by Meta. The access token is encrypted at rest.
  • Service data: Rules you create (keywords, reply text, A/B variants), events we process (comments that triggered a rule, DM delivery status, error reasons, applied delays), schedule preferences (timezone, quiet hours, vacation), per-variant performance counters, and monthly DM and AI usage counters.
  • Billing data: If you subscribe to a paid plan, payment is processed by Lemon Squeezy (our Merchant of Record). We receive your subscription status, plan, and renewal date. We do not receive or store full card details.
  • Technical data: IP address, browser user agent, and timestamps of sessions. Used for security and debugging only.

How we use your information

We use your data to:

  • Reply to Instagram comments and send DMs on your behalf based on rules you define
  • Enforce plan limits (e.g. monthly DM quota)
  • Process subscription payments and provide customer support
  • Detect abuse, prevent fraud, and improve reliability

Who we share with

We share your data only with trusted providers needed to run the service:

  • Meta Platforms: We call the Instagram Graph API on your behalf to read comments and send replies. Your interactions with Meta are subject to Meta's own privacy policy.
  • Lemon Squeezy: All payments are processed by Lemon Squeezy. They store your billing address and card details under their privacy policy.
  • Infrastructure providers: Our application is hosted on cloud infrastructure. These providers process data on our behalf under data-processing agreements.
  • AI provider (optional): AI features share only the minimum text needed for each task with OpenAI (gpt-4o-mini): (1) your draft variant when you click "Generate with AI"; (2) the plain text of inbound replies attributed to one of your auto-DMs within 24 hours — used once to classify sentiment and intent, never stored by OpenAI for training. Instagram comments, usernames, analytics, and all inbound DMs that are not replies to our auto-DM are never sent. AI features are optional and can be disabled by the operator.

We do not sell your data. We do not share it for advertising. We do not use it to train our own AI models.

How long we keep data

We keep your data while your account is active. When you delete your account, we remove all personal data immediately. Anonymized deletion audit records are kept to demonstrate compliance with deletion requests. Event history is kept up to 12 months for analytics and support, then purged.

Cookies

We use a single session cookie to keep you signed in. We do not use advertising cookies, third-party trackers, or analytics scripts that profile you.

Your rights

Under GDPR and similar laws, you have the right to:

  • Access your data: Everything we store about you is visible in your dashboard (rules, events, usage, billing).
  • Delete your data: Use the Delete account page at any time. We also honor Meta's data deletion callback if you remove Replio from your Instagram account.
  • Export your data: Email us at replio@jocage.com and we'll send you a machine-readable export within 30 days.
  • Object or complain: You can object to processing by deleting your account. You can also lodge a complaint with your local data protection authority.

Security

Data is transmitted over TLS. Access tokens are encrypted at rest. We apply the principle of least privilege to internal access. No system is 100% secure — if we discover a breach affecting you, we'll notify you within 72 hours.

International transfers

We may process data outside your country of residence (e.g. EU → US for hosting or payments). We rely on Standard Contractual Clauses or equivalent safeguards where required.

Children

Replio is not intended for users under 18. If we learn we've collected data from a child, we'll delete it.

Changes to this policy

We may update this policy as the product evolves. Material changes will be announced via email or in-app. The "Last updated" date above always reflects the latest revision.

Contact

Questions about privacy? Email replio@jocage.com.