Get Started

Privacy Policy

Introduction

This Privacy Policy describes how WeReply processes personal data in connection with the provision of its communication management platform (the “Platform”), related services, and interactions with customers, users, and website visitors. WeReply is committed to ensuring that personal data is processed lawfully, fairly, and transparently in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

This Privacy Policy explains:

  • what personal data we process
  • in what capacity we process it
  • for what purposes and on what legal grounds
  • how long we retain personal data
  • how and where data is stored
  • how international transfers are safeguarded
  • what rights individuals have

     

For privacy-related questions, contact: support@wereply.io

 

Scope

This Privacy Policy applies to:

  • Customers and users of the Platform
  • End-users whose data is processed through the Platform on behalf of customers
  • Visitors of our website

 

Roles and Responsibilities

Depending on the context, WeReply acts as either:

  • Data Controller
    When processing personal data for its own purposes, such as account administration, billing, compliance, website management, and support.
  • Data Processor
    When processing personal data on behalf of customers through the Platform. In such cases, the customer determines the purposes and means of processing, and WeReply processes data under a Data Processing Agreement (DPA).

 

Categories of Personal Data

Depending on how the Platform and website are used, WeReply may process the following categories of personal data:

  • Account Data
    Name, business email address, telephone number, company name, job title, login credentials, and account identifiers.
  • Contact and Identification Data
    Email addresses, telephone numbers, billing addresses, shipping or delivery addresses, customer identifiers, and social media usernames or profile information received through integrations.
  • Communication Data
    Messages, conversation history, attachments, internal notes, and related metadata such as timestamps and sender or recipient identifiers.
  • Transaction and Order Data
    Order details, product information, delivery information, transaction status, and other commerce-related data received through integrations with external systems.
  • Technical Data
    IP address, device information, browser type, operating system, log data, and usage statistics.
  • Billing and Financial Data
    Billing address, invoice information, VAT or tax identifiers, and payment transaction records.

WeReply does not intentionally collect special categories of personal data unless such data is submitted to the Platform by or on behalf of the Customer.

 

Purposes and Legal Bases

We process personal data for the following purposes:

  • To provide, operate, and maintain the Platform.
    Legal basis: performance of a contract.
  • To manage subscriptions, accounts, and billing.
    Legal basis: performance of a contract and legal obligation.
  • To provide customer support and technical assistance.
    Legal basis: performance of a contract.
  • To ensure platform security, prevent misuse, detect fraud, and monitor system integrity.
    Legal basis: legitimate interests.
  • To improve and optimize the Platform and website.
    Legal basis: legitimate interests.
  • To comply with legal and regulatory requirements.
    Legal basis: legal obligation.

Where required, consent will be obtained before processing.

 

Hosting and Infrastructure

The Platform infrastructure, including servers and databases, is hosted in the Netherlands. Personal data stored within the Platform is therefore primarily hosted within the European Union. We implement appropriate safeguards to ensure secure hosting and controlled access to systems.

 

Use of Subprocessors

WeReply engages third-party service providers to support delivery of the Platform. These may include providers for:

  • Hosting infrastructure
  • Email delivery services
  • AI-based functionality
  • Messaging integrations
  • Monitoring and logging
  • Payment processing

An up-to-date list of subprocessors is available upon request. WeReply uses reasonable care in selecting subprocessors and requires them to implement appropriate data protection measures in accordance with applicable data protection laws.

 

International Data Transfers

Some subprocessors or integrated third-party services may process personal data outside the European Economic Area, including in the United States.

Where personal data is transferred to a country that has not been recognized by the European Commission as providing an adequate level of protection, WeReply ensures appropriate safeguards are implemented, including:

  • Standard Contractual Clauses approved by the European Commission
  • Reliance on adequacy decisions where applicable
  • Additional technical and organizational measures where necessary

We assess international transfer risks and implement measures designed to ensure an essentially equivalent level of protection.

 

AI and Automated Processing

The Platform may include AI-supported features designed to assist users in managing communications.

AI-generated outputs are provided as supportive functionality. Customers remain responsible for reviewing and validating outputs before use.

Where AI services are provided through third-party providers, personal data may be processed by those providers in accordance with contractual safeguards and applicable data protection laws.

WeReply does not use customer data to independently train proprietary AI models unless explicitly agreed.

WeReply does not engage in automated decision-making that produces legal or similarly significant effects without human involvement.

 

Data Retention

Personal data is retained only for as long as necessary for the purposes described in this Privacy Policy.

When acting as a data processor, retention periods are determined by the customer and governed by contractual arrangements.

Following termination of an account, personal data will be deleted or anonymized within a reasonable period unless retention is required by law.

Financial records may be retained as required under applicable tax or accounting laws.

 

Security Measures

WeReply implements appropriate technical and organizational measures to protect personal data, including:

  • Encryption in transit
  • Access controls and role-based permissions
  • Logging and monitoring
  • Secure hosting practices
  • Internal access limitation

While we take reasonable precautions, no system can guarantee absolute security.

 
Cookies and Similar Technologies

WeReply uses cookies and similar technologies on its website. Cookies are small text files placed on a user’s device when visiting a website. They enable the website to function properly, enhance user experience, analyze website performance, and support security.

WeReply may use the following categories of cookies:

  • Strictly Necessary Cookies
    These cookies are essential for the operation and security of the website. They enable core functionalities such as page navigation, security features, and access to secure areas. These cookies do not require prior consent.
  • Functional Cookies
    These cookies allow the website to remember user preferences and settings to improve usability and personalization.
  • Analytical Cookies
    These cookies collect information about how visitors use the website, such as pages visited and traffic patterns. This information is used to improve website performance and user experience. Where required by applicable law, analytical cookies are only placed with prior consent.
  • Third-Party Cookies
    Some cookies may be placed by third-party service providers that support analytics, performance monitoring, or embedded content. Where applicable, these third parties may process personal data in accordance with their own privacy policies.

The legal basis for the use of strictly necessary cookies is WeReply’s legitimate interest in ensuring the proper functioning and security of the website. For non-essential cookies, WeReply relies on user consent where required by law. Users can manage cookie preferences through their browser settings. Most browsers allow users to block or delete cookies. Please note that disabling certain cookies may affect the functionality and performance of the website. Where a cookie consent mechanism is implemented, users may update their preferences at any time through the available settings.

 

Rights of Data Subjects

Subject to applicable law, individuals have the right to:

  • Access their personal data
  • Request rectification
  • Request erasure
  • Request restriction of processing
  • Object to processing
  • Request data portability

Where WeReply acts as a data processor, requests should be directed to the relevant customer. Requests can be submitted to support@wereply.io. WeReply will respond within statutory timelines. Individuals have the right to lodge a complaint with a supervisory authority.

 

Data Breaches

In the event of a personal data breach, WeReply will act in accordance with applicable data protection laws and notify customers where required.

 

Children

The Platform and website are intended for business use. WeReply does not knowingly collect personal data from children.

 

Changes to This Privacy Policy

WeReply may update this Privacy Policy periodically. The most recent version will be available on the website.

Last updated: 17/02/2026