How TimeFuser LTD, the operator of the Repley AI customer-support application, collects, uses, shares and protects personal data for Shopify merchants and their customers.
Effective date: 20 April 2026 Last updated: 17 May 2026
This Privacy Policy explains how TimeFuser LTD ("TimeFuser", "we", "us", "our"), the operator of the Repley AI customer-support application (the "App"), collects, uses, shares and protects information when Shopify merchants install and use the App, and when we process data about their customers as a data processor on their behalf.
If you are a Shopify merchant, we act as the data controller for the limited account information you provide to us directly (e.g. your login email) and as a data processor for the customer, order and fulfillment data we access from your store on your instructions.
If you are a customer of a Shopify merchant using Repley, the merchant is the data controller for your personal data and we act as their data processor; please read the merchant's own privacy notice alongside this policy.
The App is provided by TimeFuser LTD, a company registered in the Republic of Cyprus, company number HE480325, with its registered office at Voukourestiou 25, NEPTUNE HOUSE, 1st floor, Flat/Office 183, 3045 Limassol, Cyprus.
Privacy questions, data-subject requests or security reports: privacy@repley.io. General support: support@repley.io. Website: https://repley.io.
This policy applies to data processed in connection with the App, including:
It does not apply to the websites, apps or practices of other companies we integrate with (such as Shopify, Anthropic, Supabase or others listed in §6), which are governed by their own privacy notices.
When a merchant signs up for Repley or installs it on a Shopify store, we collect and process:
With the merchant's authorisation, the App requests limited scopes from Shopify and accesses:
We request only the minimum scopes needed for the feature the merchant has enabled and do not use Protected Customer Data for any purpose beyond providing the agreed service to the merchant.
When a merchant connects their support inbox to Repley, the App ingests inbound email that reaches that inbox. Repley supports two connection methods:
https://www.googleapis.com/auth/gmail.readonly — read-only access only.In either case, the data ingested per message can include:
Outbound replies generated or assisted by the App are sent back to the customer via the merchant's own email infrastructure (the merchant's SMTP credentials), not from TimeFuser-owned addresses.
A merchant may revoke Repley's access to their Gmail account at any time by visiting their Google Account permissions page at https://myaccount.google.com/permissions and removing Repley. Revocation immediately stops further data ingestion; previously-ingested data remains subject to the retention schedule in §8.
We log information required to operate the service securely:
On our marketing website we may process basic analytics data (pages visited, approximate location, device and browser) and any information you submit through contact or demo forms. We do not use cookies for cross-site advertising on repley.io.
| Purpose | Data categories | Legal basis (GDPR) |
|---|---|---|
| Provide and operate the App (authentication, Shopify OAuth, ticket ingestion, AI-assisted drafting and sending, escalation routing) | Merchant account data, Shopify store data, email and ticket data, operational data | Performance of the merchant's subscription contract (Art. 6(1)(b)); our legitimate interest in operating a secure, reliable service (Art. 6(1)(f)) for data from merchants' customers, under instruction of the merchant as controller |
| Billing, invoicing and managing the commercial relationship | Merchant account data, metering data | Contract (Art. 6(1)(b)); compliance with tax & accounting obligations (Art. 6(1)(c)) |
| Security, fraud prevention, incident response | Operational data, IP addresses, audit log | Legitimate interest (Art. 6(1)(f)) and legal obligation (Art. 6(1)(c)) |
| Service improvement, debugging and model-free product analytics | Aggregated / pseudonymised operational data | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications to merchants who have opted in | Merchant email, preferences | Consent (Art. 6(1)(a)) or legitimate interest (Art. 6(1)(f)) with right to opt out |
| Complying with law, Shopify platform rules and enforcing our terms | Any of the above | Legal obligation (Art. 6(1)(c)); legitimate interest (Art. 6(1)(f)) |
The App uses large language models and embedding models to classify inbound emails, draft replies, and match customer questions to merchant-uploaded knowledge-base content. Specifically:
Merchants may disable AI autonomy features at any time from the App settings; when disabled, drafts are only surfaced for human review and are not sent automatically.
We use the following sub-processors to operate the App. Each has its own security and privacy program and is bound by a data-processing agreement with us:
| Sub-processor | Purpose | Data categories | Location |
|---|---|---|---|
| Shopify Inc. | Source of merchant store data; platform on which the App runs | All store-derived data | Canada / global |
| Google LLC (Gmail API) | Source of inbound email when a merchant connects Gmail via OAuth; provides authentication tokens and message retrieval API | Sender / recipient addresses, message headers, subject, body of inbound email; OAuth tokens | United States |
| Hetzner Online GmbH | Primary application hosting | All data | Germany (EU) |
| Supabase Inc. | Managed Postgres database, authentication | Merchant account data, ticket data, operational data | EU (Frankfurt) |
| Anthropic PBC | Large-language-model API (classification, drafting, critique) | Inbound email content, knowledge-base excerpts, order context | United States |
| Voyage AI Inc. | Embedding model API (knowledge-base retrieval) | Knowledge-base excerpts, inbound email excerpts | United States |
| Resend (Resend Inc.) | Transactional email delivery (account notifications, digests) | Merchant email address, email content sent by us to merchants | United States / EU |
| n8n GmbH (self-hosted) | Email ingestion workflow automation | Inbound email content, headers | Germany (our VPS) |
An up-to-date list of sub-processors is available on request at privacy@repley.io. We will notify merchants of material changes to our sub-processor list with reasonable advance notice.
Our primary infrastructure is hosted in the European Union. Some sub-processors (notably AI providers) are located outside the EEA/UK. When personal data is transferred outside the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum where applicable, and supplementary technical measures including encryption in transit and contractual prohibitions on training on submitted data. A copy of the transfer mechanism applicable to a specific sub-processor is available on request.
| Data | Retention |
|---|---|
| Active merchant account data | For the duration of the account plus 90 days after termination, then deleted or anonymised unless a longer legal retention applies |
| Tickets, AI traces, audit log | 24 months from creation, or the period the merchant configures in settings, whichever is shorter |
| Shopify access tokens | Until the merchant uninstalls; marked as revoked immediately on the app/uninstalled webhook; encrypted record retained for 48 hours after uninstall for GDPR reconciliation, then purged |
| Application logs | 90 days rolling |
| Backups | Encrypted; 30-day rolling window |
| Marketing website analytics | 12 months rolling |
Merchants can request early deletion of any tenant data at any time via privacy@repley.io. When Shopify sends the mandatory shop/redact webhook (48 hours after uninstall), we purge the associated tenant data on our side without further request.
We follow a defence-in-depth approach:
TOKEN_ENCRYPTION_KEY gates decryption; supports seamless rotation without user impact.No system is impenetrable. We commit to timely breach notification as described in §14.
Depending on where you live, you may have rights in relation to your personal data, including the right to:
If you are a customer of a Shopify merchant using Repley, please contact that merchant directly to exercise your rights. The merchant is the controller of your data; we will assist them in fulfilling your request. If the merchant is unresponsive, you may also contact privacy@repley.io and we will support the request to the extent permitted by law.
Residents of California, Colorado, Connecticut, Virginia and similar US states: you have equivalent rights under applicable state privacy law (e.g. the CCPA/CPRA, CPA, CTDPA, VCDPA). We do not "sell" personal information as defined in those laws.
The App implements the three mandatory Shopify data-protection webhooks:
customers/data_request — triggered when a merchant's customer requests the data we hold about them. We return the data associated with that customer within 30 days of the request.customers/redact — triggered when a merchant's customer requests erasure. We delete the customer's personal data from our production systems within 30 days, subject to any legal retention obligations.shop/redact — triggered 48 hours after a merchant uninstalls Repley. We delete the tenant's data from our production systems.All three webhooks are HMAC-verified with the app's signing secret and logged for auditability.
The App itself uses only strictly-necessary session tokens — there is no advertising, analytics or cross-site tracking inside the App. On our marketing website at repley.io, we may use first-party analytics cookies to understand aggregate traffic. We do not use advertising cookies or similar trackers on that website. Where required by law we will show a cookie banner and honour your choices.
Repley is a business-to-business service intended for use by Shopify merchants operating in a commercial capacity. The App is not directed at children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
If we become aware of a security incident that has led, or is reasonably likely to lead, to unauthorised access to personal data, we will notify affected merchants without undue delay and, where required by law, within the timeframes specified (typically 72 hours for controllers under the GDPR). Merchants remain responsible for notifying their own customers where the affected data relates to those customers.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, sub-processor list, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify merchants by email or in-App. Continued use of the App after a change constitutes acceptance of the updated policy.
Repley uses Google APIs to access Gmail data on behalf of merchants who have explicitly granted access through Google's OAuth 2.0 consent flow.
Repley's use and transfer to any other app of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Specifically, Repley:
A merchant may revoke Repley's access to their Gmail account at any time via https://myaccount.google.com/permissions. Revocation immediately stops new data ingestion; previously-ingested data remains subject to the retention schedule in §8.
TimeFuser LTD Voukourestiou 25, NEPTUNE HOUSE, 1st floor, Flat/Office 183 3045 Limassol, Cyprus Company number HE480325 Email: privacy@repley.io Website: https://repley.io
TimeFuser LTD · Limassol, Republic of Cyprus · privacy@repley.io
Version 1.1 · Effective 20 April 2026 · Last updated 17 May 2026 (added Google Gmail OAuth + Google API Services User Data Policy disclosure).