Privacy Policy

1. Introduction

ReplyDrop ("we", "our", or "us") operates the ReplyDrop platform, a LinkedIn comment-gating SaaS service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

We collect information you provide directly to us, including:

• Account information (name, email address, password) when you register via email
• Organization details if you create or join a team workspace
• Content you create, share, or upload through the platform (sharing pages, resource files, descriptions)
• LinkedIn post URLs and comment URLs submitted through sharing pages
• Payment and billing information processed securely through Stripe (we do not store card details)
• Communications you send to us

We also automatically collect:

• IP addresses of both account holders and visitors who submit comments on sharing pages
• User agent and browser information for usage analytics and rate limiting
• API usage logs including endpoints accessed, response times, and request metadata
• Device and browser information
• Cookies and similar technologies to maintain your session

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services including sharing pages, lead capture, and analytics
• Process subscription payments and manage billing through Stripe
• Verify LinkedIn comment submissions via our webhook processing system
• Enforce rate limits and usage quotas based on your subscription plan
• Track conversions, page views, and engagement analytics for your dashboard
• Send you technical notices, updates, and support messages
• Detect, investigate, and prevent fraudulent or unauthorized activity
• Monitor API usage and enforce organization-level quotas

4. Information Sharing

We do not sell your personal information. We may share your information with:

• Supabase — our database and authentication provider that stores account data, sharing pages, and conversion records
• Stripe — our payment processor that handles subscription billing (subject to Stripe's privacy policy)
• Netlify — our hosting and serverless functions provider that processes API requests
• n8n — our webhook automation service that processes LinkedIn comment verification
• Professional advisors such as lawyers and accountants as needed
• Law enforcement when required by applicable law
• Other parties in connection with a merger, acquisition, or sale of assets

5. Data Collected from Visitors

When someone submits a LinkedIn comment URL on a sharing page, we collect:

• The LinkedIn comment URL they provide
• Their IP address for rate limiting and fraud prevention
• Their browser user agent string
• A timestamp of the submission

This data is stored as a page conversion record and is visible to the sharing page owner in their analytics dashboard. Visitors do not need to create an account to submit comments.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Passwords are hashed and managed by Supabase Auth — we never store plaintext passwords
• API keys are stored as hashed values with only a prefix visible
• Rate limiting protects against abuse (per-IP and per-organization limits)
• All data transmission uses HTTPS encryption

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services. Usage logs and conversion records are retained for analytics purposes. You may request deletion of your account and associated data at any time by contacting us.

8. Your Rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Data portability
• Withdraw consent at any time

9. Cookies

We use cookies and similar technologies to maintain your authentication session and remember your preferences. We use Supabase Auth tokens stored in your browser for session management. You can control cookies through your browser settings, though this may affect your ability to use the Service.

10. Third-Party Services

Our service integrates with third-party platforms. Each has their own privacy policy that we encourage you to review:

• Supabase (database and auth) — supabase.com/privacy
• Stripe (payments) — stripe.com/privacy
• Netlify (hosting) — netlify.com/privacy
• LinkedIn (comment verification) — linkedin.com/legal/privacy-policy

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@replydrop.com