Legal

Privacy Policy

Last updated: 29 June 2026 · Replyo

Replyo helps Instagram-connected shops turn a comment into an automatic DM and trace each click to the Shopify order it produced. This policy explains what we process, why, and the choices you have.

1. Who we are

Replyo is operated by BABC GLOBAL FZCO, the data controller for the purposes of this policy:

BABC GLOBAL FZCO
IFZA Properties, A1
Dubai Silicon Oasis
Dubai, United Arab Emirates

For privacy questions or requests, contact us at support@replyo.app.

2. What we process and why

DataSourcePurpose
Instagram account profile (ID, username) and your recent mediaInstagram API (you log in and grant access)Identify your account, let you pick posts for automations
Comments on your posts and the messages we send on your behalfInstagram webhooks & messaging APITrigger comment→DM automations and public replies
Click events on the DM buttons (click ID, time, destination)Our redirect when a recipient taps a buttonAttribution — match a click to an order
Shopify order metadata (order number, total, landing parameters)Shopify “order created” webhookShow the real revenue each automation earned
Access tokens for your connected accountsInstagram OAuthOperate the service on your behalf; stored securely

We do not sell personal data, and we do not use it for advertising. We process only what is needed to run the automations and the revenue attribution you set up.

3. Legal basis

We process data to perform the service you request (contract) and on the basis of your consent given when you connect Instagram and Shopify. You can withdraw consent at any time by disconnecting an account or deleting your data (see section 7).

4. Sharing & processors

We rely on a small set of processors to run the service:

Each acts under its own terms and processes data on our behalf to deliver Replyo.

5. Retention

We keep automation rules, send/click logs and attribution data for as long as your account is active, and delete them on request or within a reasonable period after you disconnect.

6. Security

Access tokens and data are stored in access-controlled storage and transmitted over encrypted connections. We request only the Instagram permissions the product needs: instagram_business_basic, instagram_business_manage_messages, instagram_business_manage_comments.

7. Your rights & data deletion

You can access, correct, export or delete your data, and withdraw consent. To request deletion, follow the steps on our Data Deletion page or email support@replyo.app. Disconnecting Instagram in Replyo (or removing Replyo from your Instagram’s connected apps) revokes our access.

8. Changes

We may update this policy; we will revise the “last updated” date above and, for material changes, notify connected accounts.

We recommend having this policy reviewed by your own legal counsel before launch.