Privacy Policy
Last updated: 23 April 2026 Effective date: 23 April 2026
1. About this policy
This policy explains how Bhupendra Singh, sole proprietor trading as ReplySmooth ("we", "us", "our") collects, uses, and protects your personal data when you use ReplySmooth ("the Service").
For the purposes of India's Digital Personal Data Protection Act, 2023 (the "DPDP Act"), we are the Data Fiduciary and you are the Data Principal.
2. Who we are
- Legal name: Bhupendra Singh, sole proprietor trading as ReplySmooth
- Registered office: Labitha Enclave, Devarachikkanahalli Main Rd, Maruthi Layout, Royal Shelters, Bommanahalli, Bengaluru, Karnataka 560114
- Primary contact: support@replysmooth.com
- Grievance Officer (DPDP Sec. 8(9)): Bhupendra Singh (Proprietor), reachable at support@replysmooth.com
3. Data we collect
3.1 When you sign in with Google
- Email address (from your Google account)
- Full name (if your Google profile includes it)
- Profile picture URL (if your Google profile includes it)
- Opaque Google identifier (to authenticate you on return visits)
3.2 When you use the Service
- Messages you paste in — the text of messages you received, your drafts, and context you provide. Required for the AI to generate reply suggestions, openers, polished drafts, and profile critiques.
- AI-generated suggestions returned to you and stored against your account.
- AI Wingman conversation history — retained so the AI can maintain context across a session.
- Profile descriptions you enter into the Profile Review feature. This is text only — we do not accept photo uploads.
- Credit usage records — an append-only ledger of when you used a feature, for fairness, billing, and audit.
3.3 Automatic
- Device signals processed by Cloudflare Turnstile during sign-in. We receive only a success/failure verification token from Cloudflare; we do not receive raw device identifiers.
- IP address — used for rate limiting, fraud prevention, and abuse mitigation.
3.4 What we do not collect
- No access to your dating-app accounts. We never plug into Tinder, Bumble, Hinge, Aisle, or any other platform.
- No photo uploads. The Profile Review feature accepts text descriptions of photos only.
- No payment card data stored by us directly. When paid plans launch, card data will be handled by our payment processor (details will be added here before that feature ships).
- No tracking cookies for advertising. We do not sell or rent your data to advertisers.
4. How we use your data
| Purpose | Data used | Legal basis under DPDP Act |
|---|---|---|
| Authenticate you | Email, Google identifier | Performance of our contract with you (Sec. 7(a)) |
| Provide AI reply suggestions, openers, polished drafts, profile review | Messages/drafts/profile text you submit | Performance of contract |
| Maintain Wingman conversation context | Messages within the session | Performance of contract |
| Enforce fair-use limits (credits) | Credit ledger, user ID | Performance of contract |
| Prevent abuse, spam, and fraud | IP address, Turnstile verification signal | Legitimate use (Sec. 7(i)) |
| Notify you of important service updates | Email address | Consent (Sec. 6) |
We do not use your data for behavioural advertising, profiling for marketing purposes, or any purpose beyond those listed above.
5. Third-party processors
We share the minimum necessary data with these third parties. Each is contractually bound to confidentiality and DPDP-aligned security standards.
| Processor | Role | Data shared | Where it's hosted |
|---|---|---|---|
| Supabase | Database + authentication hosting | Account info, chat history, credit ledger | ap-south-1 (Mumbai, India) |
| Google (OAuth) | Identity provider for sign-in | Standard OAuth handshake | Global |
| Google Cloud — Gemini API | AI inference for reply generation | Text you submit for that request. Not retained by Google for model training per the Gemini API Additional Terms. | Global |
| Cloudflare Turnstile | Bot protection on sign-in | Session-level verification signals | Global |
We do not sell your data to any of these processors or to anyone else.
6. Where your data lives
Your account data, chat history, and credit records are hosted in Supabase's Mumbai region (ap-south-1), inside India.
Data transmitted to the Gemini API for AI inference is processed transiently and is not retained by Google for model training, per Google's Generative AI API Additional Terms.
7. How long we keep your data
| Category | Retention |
|---|---|
| Account record (name, email, avatar) | Until you delete your account |
| AI Wingman chat history (Free tier) | Until you clear the conversation, or 7 days of inactivity |
| AI Wingman chat history (Monthly tier) | Until you clear the conversation or delete your account |
| Credit ledger transactions | 7 years (financial-audit retention allowed under DPDP Sec. 17) |
| Server logs (IP, request metadata) | 30 days |
When you request account deletion, we hard-delete all data within 30 days except the credit ledger, which is retained with personally identifying fields removed so individual transactions cannot be traced back to you.
8. Your rights under the DPDP Act
As a Data Principal, you have the right to:
- Access — request a copy of the personal data we hold about you (Sec. 11)
- Correction and erasure — have inaccurate data corrected or your data deleted (Sec. 12)
- Nominate — designate another person to exercise your rights in case of your death or incapacity (Sec. 13)
- Withdraw consent — at any time, for any processing based on consent
- Grievance redressal — complain to our Grievance Officer, and escalate to the Data Protection Board of India if unresolved (Sec. 13(3))
How to exercise these rights
Email the Grievance Officer at support@replysmooth.com with the subject line "Data Rights Request" and describe what you need. We respond within 30 days, as required by the DPDP Act.
9. How we protect your data
- In transit: TLS 1.2 or higher on all connections between your device and our servers.
- At rest: AES-256 encryption applied by Supabase to the Postgres database.
- Access control: Row-Level Security enforced at the database layer so each user can only read their own records.
- Bot protection: Cloudflare Turnstile on sign-in.
- Rate limiting: per-user quotas at the API layer to deter abuse.
- Principle of least privilege: only the services listed in section 5 have any access to your data, and each only to the minimum required fields.
If a personal-data breach occurs and is likely to cause harm to you, we will notify you and the Data Protection Board of India within 72 hours of becoming aware, as required by DPDP Sec. 8(6).
10. Children's data
The Service is only for users aged 18 years and above. At sign-in, you confirm you are 18 or older. If we discover that we have collected data from a person under 18, we will delete it immediately. If you believe a minor is using the Service, please email support@replysmooth.com.
11. International transfers
Your data is primarily stored in India. Some processors listed in section 5 (Google, Cloudflare) operate globally and may process data outside India in transit. Each such transfer is covered by the processor's own cross-border data-protection commitments (SCCs, DPAs) and is limited to what section 4 describes.
The Government of India, under DPDP Sec. 16, may designate restricted countries for cross-border transfer; we comply with all such designations as and when issued.
12. Changes to this policy
We may update this policy from time to time. If changes are material (e.g., new processors, new data types, new purposes), we will notify you by email and via an in-app notice at least 14 days before the changes take effect. Continued use of the Service after the effective date means you accept the updated policy.
The current effective date is shown at the top.
13. Contact
- General enquiries: support@replysmooth.com
- Grievance Officer (DPDP Sec. 8(9)): Bhupendra Singh (Proprietor), support@replysmooth.com
- Registered entity: Bhupendra Singh, sole proprietor trading as ReplySmooth
- Registered office: Labitha Enclave, Devarachikkanahalli Main Rd, Maruthi Layout, Royal Shelters, Bommanahalli, Bengaluru, Karnataka 560114