O! oyereply
Sign up
Legal

Privacy policy

Last updated · April 14, 2026 · v4.0

The TL;DR: We collect what we need to run OyeReply for you. We don't sell or share your data. We don't train AI on your messages. You can export or delete everything, anytime.

1. About this policy

This policy explains how OyeReply Technologies, Inc. ("OyeReply", "we", "us") collects and uses personal data when you use our Service. It covers GDPR, CCPA/CPRA, and India's DPDP Act 2023.

2. What we collect

Information you give us

  • Account info: name, email, password (hashed), profile photo
  • Billing info: payment details processed by Stripe — we never see your card
  • Workspace content: flows, templates, contacts, tags, notes

Information from Instagram (with your permission)

  • Connected page/account ID, username, profile photo
  • Messages, comments and mentions sent or received during automation
  • Public engagement signals (replies, reactions) needed to run flows

Information collected automatically

  • Device, browser and IP for security/fraud prevention
  • Usage events to improve the product (page views, clicks, errors)

3. How we use your information

  • To run flows, send replies, and deliver the Service you've asked for
  • To bill you, prevent fraud, and meet legal obligations
  • To support you when you contact us
  • To send essential service emails, and (only with your opt-in) product updates

We don't: sell your data, share it with data brokers, or use your customers' messages to train large language models.

4. Sharing

We share data only with vetted sub-processors needed to run the Service. The current list is at oyereply.com/sub-processors and includes:

  • AWS (eu-central-1 / us-east-1) — hosting & encrypted storage
  • Stripe — payments
  • Postmark — transactional email
  • Sentry — error monitoring
  • Intercom — in-app help chat

We may disclose data if required by law, but we'll push back where we can and tell you unless legally prohibited.

5. Cookies

We use first-party cookies for sign-in and a small set of analytics cookies (PostHog, self-hosted) to understand how the product is used. You can opt out from the cookie banner or your browser. We don't run third-party advertising trackers.

6. Your rights

Wherever you live, you can:

  • Access — see what we have on you
  • Export — get it in CSV or JSON
  • Correct — fix anything wrong
  • Delete — wipe your account
  • Object — to certain processing

Email privacy@oyereply.com; we respond within 30 days.

7. Security

Encryption in transit (TLS 1.3) and at rest (AES-256). Access is least-privilege, audited and 2FA-required for our team. We run quarterly penetration tests and publish a public trust report.

8. Retention

While you're a customer, we keep what's needed to run the Service. After cancellation, primary copies are deleted within 60 days; encrypted backups roll out within 90 days.

9. International transfers

OyeReply is built and operated globally. Where we move data across borders we rely on Standard Contractual Clauses, the EU–US Data Privacy Framework, and equivalent safeguards. EU customers' data is hosted in eu-central-1 by default.

10. Children

OyeReply isn't for kids under 16. If we find we've collected data from a child, we'll delete it.

11. Changes

We'll email you 30 days before any material change. The "Last updated" date at the top always shows the current version.

12. Contact / DPO

Data Protection Officer · Anjali Pillai · dpo@oyereply.com
OyeReply Technologies, Inc. · 401 Indiranagar 100ft Rd, Bengaluru 560038, India