Privacy Policy
Replyo helps Instagram-connected shops turn a comment into an automatic DM and trace each click to the Shopify order it produced. This policy explains what we process, why, and the choices you have.
1. Who we are
Replyo is operated by BABC GLOBAL FZCO, the data controller for the purposes of this policy:
BABC GLOBAL FZCO
IFZA Properties, A1
Dubai Silicon Oasis
Dubai, United Arab Emirates
For privacy questions or requests, contact us at support@replyo.app.
2. What we process and why
| Data | Source | Purpose |
|---|---|---|
| Instagram account profile (ID, username) and your recent media | Instagram API (you log in and grant access) | Identify your account, let you pick posts for automations |
| Comments on your posts and the messages we send on your behalf | Instagram webhooks & messaging API | Trigger comment→DM automations and public replies |
| Click events on the DM buttons (click ID, time, destination) | Our redirect when a recipient taps a button | Attribution — match a click to an order |
| Shopify order metadata (order number, total, landing parameters) | Shopify “order created” webhook | Show the real revenue each automation earned |
| Access tokens for your connected accounts | Instagram OAuth | Operate the service on your behalf; stored securely |
We do not sell personal data, and we do not use it for advertising. We process only what is needed to run the automations and the revenue attribution you set up.
3. Legal basis
We process data to perform the service you request (contract) and on the basis of your consent given when you connect Instagram and Shopify. You can withdraw consent at any time by disconnecting an account or deleting your data (see section 7).
4. Sharing & processors
We rely on a small set of processors to run the service:
- Meta / Instagram — the official Instagram API powers comment events, DMs and public replies.
- Shopify — order webhooks provide the revenue we attribute.
- Netlify — hosting, serverless functions and encrypted data storage.
Each acts under its own terms and processes data on our behalf to deliver Replyo.
5. Retention
We keep automation rules, send/click logs and attribution data for as long as your account is active, and delete them on request or within a reasonable period after you disconnect.
6. Security
Access tokens and data are stored in access-controlled storage and transmitted over encrypted connections. We request only the Instagram permissions the product needs: instagram_business_basic, instagram_business_manage_messages, instagram_business_manage_comments.
7. Your rights & data deletion
You can access, correct, export or delete your data, and withdraw consent. To request deletion, follow the steps on our Data Deletion page or email support@replyo.app. Disconnecting Instagram in Replyo (or removing Replyo from your Instagram’s connected apps) revokes our access.
8. Changes
We may update this policy; we will revise the “last updated” date above and, for material changes, notify connected accounts.