Privacy Policy

Last updated: July 1, 2026

This policy explains what ReplyGrid (“we”, the “Service”) collects, how we use it, and the choices you have. The Service helps support teams draft email replies with AI, with a human approving before anything is sent. This is a starting template tailored to how the Service works — have it reviewed by legal counsel before you rely on it.

Information we collect

  • Account data — your email, workspace name, and authentication details (handled by our auth provider, Supabase).
  • Gmail data (with your consent) — when you connect Gmail, we access messages in the label you choose so the assistant can classify them and draft replies, and we send the replies you approve. We request the gmail.modify scope for this.
  • Customer & billing context — if you connect Stripe, we look up a sender’s subscription (read-only) to give the assistant context for a reply.
  • Content you add — knowledge-base sources, uploaded attachments, settings, and the replies you edit or approve.
  • Usage & audit logs — actions taken in the app, kept for security and troubleshooting.

How we use information

  • To provide the Service: triage incoming email, draft on-brand replies grounded in your knowledge base, and send the replies you approve.
  • To generate drafts, message content is sent to our AI provider (Anthropic, via the Vercel AI Gateway) at the time of processing. We do not use your data to train generalized AI models, and the gateway is configured for zero data retention.
  • To secure, maintain, and improve the Service.

Google user data — Limited Use

ReplyGrid’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically: we use Gmail data only to provide and improve the user-facing features described here (triaging and drafting replies you review). We do not sell it, use it for advertising, or use it to train generalized/foundation AI models, and humans do not read it except with your explicit permission or as needed for security or to comply with law.

Subprocessors

  • Supabase — database, authentication, and file storage.
  • Vercel — hosting and the AI Gateway.
  • Anthropic — the AI models that generate drafts.
  • Google — Gmail access you authorize.
  • Stripe — billing and (optionally) customer lookups.

Retention & your choices

  • We keep your data while your workspace is active. You can disconnect Gmail at any time, which revokes our access.
  • You can request access to, or deletion of, your data — deleting your workspace removes its content.
  • Access is isolated per workspace, and stored credentials (such as OAuth tokens) are encrypted.

Contact

Questions or requests: [privacy@your-domain]. Legal entity and address: [Your Company details].