Privacy Policy

When you use Google Sign-In or other Google services, Google may collect and process information as described in Google’s Privacy Policy. We link to the current policy in the notice above.

We collect information you provide directly — such as your name and email when you sign in with Google — and information about how you use the service, including which comments you view and reply to. We also collect your YouTube channel data through the YouTube Data API to power the inbox and reply features.

We use your information to provide and improve the service, to generate AI reply suggestions on your behalf, to send you product updates when you opt in, and to process billing through Stripe. We do not sell your personal data to third parties.

ReplySplash is built on the official YouTube Data API v3 and uses Google OAuth 2.0 with the current YouTube scopes (e.g. youtube.force-ssl) to read comments, list your channels, and post replies on your behalf. Your tokens are stored encrypted and used only for actions you authorize. You can revoke access at any time in your Google Account settings.

Information we obtain from Google about you — including identifiers and profile details you authorize through Google Sign-In, and YouTube Data API data such as channel and video metadata, comment text, and related content — is used to operate ReplySplash and is not sold to data brokers or advertisers.

We share or transfer this data only with the following categories of service providers who process it on our behalf under contractual obligations: (1) Hosting and application infrastructure (Vercel, Inc.), which handles web requests and may process associated technical metadata. (2) Database, authentication, and storage (Supabase), which stores account records, OAuth tokens, and YouTube-sourced content needed for the inbox and reply features. (3) Artificial intelligence providers (e.g. OpenAI) when you use AI-powered reply or drafting features — in that case, comment text or prompts you submit may be sent to that provider solely to generate output for you. (4) Payment processing (Stripe, Inc.) if you purchase a subscription, to the extent needed for billing. (5) Email delivery providers (e.g. Resend) if we send transactional or product emails to your address.

We may disclose information, including Google-sourced data, if required by law, regulation, legal process, or to protect the rights, safety, and security of ReplySplash, our users, or the public. If personal data is transferred across borders, we rely on appropriate safeguards consistent with applicable law and our agreements with subprocessors.

We retain your account data for as long as your account is active. If you delete your account, we remove your personal data and comment history within 30 days, except where we are required to retain it by law.

We use cookies and similar technologies to keep you logged in, remember your preferences, and analyze how the service is used. We do not use advertising or tracking cookies from third parties.

We implement industry-standard security practices including encrypted storage of OAuth tokens, HTTPS throughout, and access controls. No system is perfectly secure — if you believe you've found a vulnerability, please contact us.

For privacy questions or data requests, email us at privacy@replysplash.com. We will respond within 5 business days.