This Privacy Policy (hereinafter referred to as the "Policy") applies to the content, tools, features, and functionalities (collectively, the “Services”) provided and controlled by the Repali AI Team through the Replai platform (the “Platform”). This Policy is established in accordance with applicable laws to protect users’ (“you” or “your”) personal information.
1. Scope and Consent
This Policy explains the reasons, methods, and details of how we collect, use, store, process, share, transfer, and disclose your personal information, the security measures we implement, and the rights you have to access, update, delete, and control your personal data. Please read this Policy in conjunction with the Replai Terms of Use. If you do not agree with this Policy, you should stop using Replai and/or our Services.
We reserve the right to modify this Policy at any time. We encourage you to review it regularly for updates. If you do not accept the revised Policy, you should discontinue use of Replai.
Age Restrictions:
• Global minimum: Users under the age of 13 are not allowed to use the Services.
• EEA/UK: Users under 16 are not allowed; where permitted by national laws (e.g., Austria, age 14), explicit parental consent is required.
• Other jurisdictions: Users below the local legal age are prohibited.
If you are between 13 and the legal age of majority (13–16 in EEA), you must obtain written consent from a parent or guardian.
For children under 13 in the U.S. or under the legal age in other jurisdictions:
• We only provide limited services after obtaining verifiable parental/guardian consent.
• We collect only the minimum personal information necessary to provide functionalities.
• Parents/guardians can view, modify, or request deletion of their child’s data.
• They may also deny further data collection.
Users must provide their age upon first use (whether guest or registered mode). Only registered users can modify incorrect age entries; guest users cannot. We reserve the right to suspend or permanently restrict access to Replai if false age information is detected.
Unless otherwise permitted or required by law, we do not collect, use, or disclose personal information of children without parental consent. Parents may access, delete, and request that we stop processing their child’s data.
By accessing and/or using our Services, you confirm that you are of legal age in your jurisdiction, or that you are under the supervision of a parent or legal guardian who consents to your use of our Services and this Policy.
This Policy is a legally binding electronic contract under applicable laws and does not require physical, electronic, or digital signatures.
Please read this Policy carefully. By accessing or using Replai and/or our Services, you acknowledge, understand, and agree to this Policy and the collection, use, processing, sharing, transfer, and disclosure practices outlined herein.
2. What Information Do We Collect?
2.1 Information You Provide Directly
• Registration/Login: When registering via third-party platforms (e.g., Google), we collect your Open ID, location, and device information. A nickname and age are required to use chat functions.
• Contact & Marketing: We may use your contact information (e.g., email) to send product information, subject to prior consent where required by law.
2.2 Information Generated During Use
• Chats & Communications: We collect text/voice chat data strictly for safety purposes, such as filtering illegal content.
• Payments & Transactions: We collect user ID, country, payment amount, and may require ID verification when extracting virtual assets.
• Feedback & Reporting: We collect descriptions, screenshots, or reports to resolve issues.
• User Experience Improvement: We automatically collect data such as language, gender, click behavior, and device information for personalization.
• Security & Stability: We collect login status, device identifiers, and IP addresses to ensure service security.
3. Cookies and Similar Technologies
We use cookies and similar technologies (e.g., pixel tags, device identifiers) to enhance your experience, analyze usage behavior, and provide personalized content or ads. First-party cookies are essential for core service operations.
4. User Consent
You may be asked to consent to the following:
• Photos/Storage: To upload images for display or AI training (uploaded to our servers).
• Microphone: For voice-to-text features.
• Internet Access: To optimize connectivity and access Replai.
• Camera: To capture photos/videos related to your queries.
• Identity: For login via third-party accounts (e.g., Google or Apple).
5. How We Process Your Information
In brief: We use your information primarily to provide and improve our Services. We also use it for safety and to offer content you may find relevant. Detailed usage includes:
5.1 Managing Your Account and Services
• Creating and managing accounts
• Providing customer support
• Processing transactions
• Communicating service-related updates (orders, billing)
5.2 Service Improvement and Development
• Research and analysis to improve service and content
• Developing new features based on user behavior and interest
5.3 Fraud and Abuse Prevention
• Detecting and addressing misconduct
• Analyzing data to design countermeasures
• Retaining data related to fraud to prevent recurrence
5.4 Legal Compliance
• Complying with legal obligations
• Cooperating with law enforcement
• Exercising and enforcing our rights (e.g., Terms of Use)
5.5 Legal Grounds for Processing
• Contractual necessity for service provision
• Legitimate interests such as fraud prevention and service enhancement
• Consent, where required
• Legal obligations, such as anti-money laundering compliance
5.6 Under GDPR, we rely on:
• Consent: e.g., for marketing emails
• Contract performance: e.g., registration and chat services
• Legal compliance: e.g., regulatory requirements
• Legitimate interests: e.g., fraud prevention, analytics, and service improvement
6. Legal Basis by Processing Activity
6.1. Account Registration/Transactions:
• EU/UK (GDPR): Performance of Contract
• USA (CCPA): Business Purposes
• Other Regions: Performance of Contract
6.2. Marketing Communications:
• EU/UK (GDPR): Consent
• USA (CCPA): Business Purposes (including Opt-out mechanism)
• Other Regions: Consent
6.3. Security Logs:
• EU/UK (GDPR): Legitimate Interest
• USA (CCPA): Security and Fraud Prevention
• Other Regions: Legitimate Interest
7. Data Sharing and Disclosure
7.1 Stripe/PayPal
• Purpose: Payment processing
• Data Shared: User ID, transaction amount
• Compliance: PCI-DSS certified
7.2 Google Analytics
• Purpose: Traffic analysis
• Data Shared: Device ID, clickstream (anonymized)
• Compliance: GDPR-compliant data processing agreements
7.3 AWS/Azure
• Purpose: Cloud storage
• Data Shared: All business data
• Compliance: ISO 27001 certified
7.4 Law Enforcement
• Purpose: Legal requirements
• Data Shared: Minimum necessary data
• Compliance: Formal written request verification
8. Data Retention
We follow the principle of data minimization. Retention periods are:
• Regular User Account Data:
• 90 days post-deletion (EU)
• 180 days post-deletion (US)
• Children’s Data:
• Deleted within 72 hours of a deletion request
• User-Generated Content (UGC):
• Deleted 30 days after user removal
• If shared, third parties will be notified for synchronized deletion
In the event of a personal data breach:
• Notify regulators within 72 hours (per GDPR)
• Notify users via email/app:
• Type of exposed data
• Possible risks
• Recommended precautions
We will retain your data only as long as necessary, unless legally required to keep it longer. When no longer needed, we will delete, anonymize, or securely isolate it.
9. Children's Data (GDPR/KIDS COPPA)
• Age Verification: Mandatory at first launch; under-13 triggers child protection mode.
• Parental Controls:
• View list of collected data types
• Export or request deletion
• Deny consent to restrict specific functions (not full deactivation)
COPPA Compliance (USA):
“We comply with COPPA and do not collect data from children under 13 without verifiable parental consent.”
Parental Consent Verification:
• US: Upload ID + proof of relationship (e.g., family register) or credit card micro-payment
• EU: eIDAS electronic ID or bank verification
Parental Dashboard:
• Real-time access to:
• Timeline of data collected from children
• Third-party sharing history (including partner names)
10. Your Privacy Rights
EEA/UK Users:
• Right to Erasure (Right to Be Forgotten): Delete all personal data, including third-party copies
• Right to Data Portability: Obtain structured copy of your data
• Right to Object to Automated Decisions: Refuse profiling based solely on algorithms
US Users (CCPA):
• Right to Opt-Out of Data Sale: Disable data sharing via a [Do Not Sell My Info] link
• Right to Non-Discrimination: Exercise rights without service penalties
11. California Resident Rights
• Verification for Deletion Requests: Must provide two forms of proof (e.g., email + photo ID/utility bill)
• Data Deletion Commitment:
• All data (including backups) deleted within 45 days
• In accordance with CCPA §1798.105(d) using NIST 800-88 Rev.1 standards
12. Cross-Border Transfers & Regulatory Representatives
When transferring data outside the EEA:
• Use EU Commission's 2023 Standard Contractual Clauses (SCCs)
• Sensitive data sent to the U.S. is triple-encrypted:
• Transport Layer: TLS 1.3+
• Storage Layer: AES-256 segmented encryption
• Access Layer: HSM-managed keys
• Children’s data is not transferred outside countries on the EU adequacy list (e.g., not to the U.S.)
• All children’s data is processed within AWS Frankfurt region (inside the EU)
13. Contact Us
If you have any questions or comments about this Policy, please contact us at:
[email protected]