Legal

Privacy Policy

This policy explains how InstaReplAI processes personal data for website visitors, account users, business customers, workspace members, support contacts and end customers whose conversations are handled through the service.

Last updated: May 10, 2026 Controller: TBD - planned Estonian company Privacy contact: privacy@instareplai.com

1. Roles

InstaReplAI is usually a controller for data about website visitors, account owners, billing contacts, product users, support contacts and our own marketing. For end-customer conversations and data uploaded by a business customer, InstaReplAI usually acts as a processor or service provider on behalf of that business customer.

The final operating entity is TBD - planned Estonian private limited company. Registered address, registry code, VAT number, EU representative details and DPO status are TBD and will be completed before launch where legally required.

2. Data we process

Category Examples Purpose
Account and identity Name, email, workspace, role, login events, SSO identifiers. Authentication, account access, security and workspace administration.
Business profile Company name, business category, policies, opening hours, products, prices. Configure AI replies, workflows, routing and customer support automation.
Conversation data Messages, sender identifiers, timestamps, attachments, channel metadata. Provide inbox, AI reply, analytics, booking and handoff features.
AI and usage data Prompts, outputs, confidence, model metadata, token counts, guardrail events. Generate responses, measure usage, enforce limits and improve reliability.
Billing and support Plan, invoices, payment metadata, support tickets, dispute records. Payments, refunds, service credits, customer support and compliance records.
Technical data IP address, device data, logs, cookies, error events, API requests. Security, fraud prevention, debugging, analytics and service operation.

3. Sources

We receive data directly from you, from workspace members, from connected channels and integrations, from payment providers, from support communications, from Witdrim account infrastructure where connected and from technical logs generated when the service is used.

4. How we use data and legal bases

We use data to provide and secure the service, authenticate users, connect channels, generate AI replies, manage bookings, route conversations, enforce usage limits, process payments, handle support, detect abuse, comply with law and improve reliability.

For EU/EEA users, legal bases may include contract performance, legitimate interests, consent, legal obligations and, for customer data processed on behalf of business customers, processor instructions under the Data Processing Agreement.

5. AI processing

Conversation content, business knowledge and context may be sent to AI providers to generate drafts, suggested replies, summaries, routing decisions or automated responses. We design the service so customer data is used to provide the requested features, not to sell personal data.

Businesses using automated replies are responsible for disclosures, consent, review settings and human escalation where required. Additional rules are in the AI Terms.

6. Sharing and subprocessors

We share data with service providers that help operate InstaReplAI, including hosting, database, AI, email, analytics, logging, payment, support, security and communication providers. Categories and TBD provider names are listed in the Subprocessors page.

We may also disclose data if required by law, to protect rights and security, during a business transfer or with your instructions through connected integrations. We do not sell personal data as commonly understood. If we introduce targeted advertising or sale/share activity under US privacy laws, we will provide the required opt-out.

7. International transfers

Data may be processed in the EU, US and other countries where we or our providers operate. Where GDPR requires safeguards for transfers outside the EEA, we intend to use appropriate transfer mechanisms such as adequacy decisions, Standard Contractual Clauses, supplementary measures or other approved safeguards.

8. Your rights

Depending on your location and role, you may request access, correction, deletion, restriction, objection, portability, opt-out of marketing, opt-out of sale/share where applicable and appeal of a denied privacy request. Use the Privacy Choices page to start.

If your data is controlled by one of our business customers, we may route your request to that business or follow its instructions because it decides how the end-customer data is processed.

9. Retention

Retention depends on data type, plan settings, legal requirements and business customer instructions. Conversation data defaults to the retention period described in our Data Retention Policy, unless a workspace selects a different setting or law requires longer retention.

10. Contact and complaints

Privacy questions: privacy@instareplai.com. Legal notices: legal@instareplai.com. Data protection officer or EU representative: TBD. If you are in the EU/EEA, you may also have the right to complain to your local data protection authority.