The Reply Agent
Log in

Privacy Policy

Gmail API Data Usage

The Reply Agent uses the Gmail API to provide email campaign management services. We access your Gmail account with the following permissions:

  • Send emails (gmail.send): To send campaign emails on your behalf
  • Read emails (gmail.readonly): To read replies to your campaign emails, track responses, and search for email threads
  • Modify emails (gmail.modify): To enable Gmail Watch for real-time reply detection via push notifications
  • User info (userinfo.email, userinfo.profile): To identify your Gmail address and display name

Limited Use Disclosure

The Reply Agent's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Gmail data to provide and improve user-facing features within The Reply Agent
  • We do not transfer Gmail data to third parties, except as necessary to provide the service, comply with applicable law, or for security purposes
  • We do not allow humans to read your email data unless you provide explicit consent, it is necessary for security purposes, or it is required by law
  • We do not use Gmail data for advertising, retargeting, or interest-based purposes
  • We do not sell or transfer Gmail data to data brokers, information resellers, or any advertising platforms

We use your Gmail data solely to:

  • Send emails as part of your sales campaigns
  • Track and display replies to your campaign emails
  • Detect replies in real time via Gmail push notifications
  • Thread email conversations for proper delivery
  • Improve email generation and campaign performance using aggregated, anonymized insights derived from reply data (see Service Improvement section below)

Service Improvement

To improve the quality of email generation and campaign recommendations for all users, we analyze aggregated and anonymized data derived from campaign replies. This includes patterns such as which messaging approaches receive positive responses, effective subject lines, and reply sentiment trends.

This data is anonymized before use -- personal details, email addresses, and identifying information are stripped. The aggregated insights are used as internal operations to improve user-facing features within The Reply Agent. Reply data may also be processed by AI services (such as OpenAI or Anthropic) to generate and improve campaign emails. These services process data under strict API terms and do not retain or train on your data.

We do not sell, share, or transfer raw email content to any third party for purposes unrelated to providing or improving The Reply Agent.

Data Storage

When you connect your Gmail account, we store the following data securely in our database:

  • OAuth tokens: Encrypted access and refresh tokens used to interact with Gmail on your behalf. We never store your Gmail password.
  • Email metadata: Subject lines, sender/recipient addresses, timestamps, and thread IDs for emails related to your campaigns
  • Email content: The body of emails sent through campaigns and replies received to those campaigns
  • Contact information: Names and email addresses of campaign recipients

All data is stored on Supabase, which provides encryption at rest and in transit. All communication between your browser, our servers, and the Gmail API is encrypted via TLS/HTTPS.

Data Security

Your Gmail credentials are managed securely using OAuth 2.0. We never store your Gmail password. All API access uses secure tokens that you can revoke at any time through your Google Account settings.

Data Retention

Email data is retained while your account is active and deleted within 30 days of account deletion. If you disconnect a Gmail account, we revoke API access and stop all Gmail API calls for that account. Campaign data associated with a disconnected Gmail account is retained unless you request its deletion.

Data Deletion

You can disconnect your Gmail account at any time from within the app, which immediately revokes API access and stops all Gmail API calls. To request complete deletion of all your stored data (including campaign emails, replies, contact information, and account data), please email jon@thereplyagent.com. We will process your deletion request within 30 days.

You may also revoke The Reply Agent's access to your Google account at any time by visiting your Google Account permissions page.

Contact

If you have questions about this privacy policy or how we handle your data, please contact us at jon@thereplyagent.com.

Last updated: February 15, 2026