Security
Last updated: 2026-06-19
ReplyAI is a small, focused product, and we keep our security model simple and honest. This page explains how your data is protected and which third-party providers we rely on.
Data Protection
- Encrypted in transit (HTTPS). All traffic to and from ReplyAI is served over HTTPS/TLS. Data moving between your browser and our servers is encrypted.
- Encrypted payments. Payments are handled entirely by Gumroad over their secure, encrypted checkout. We never receive, see, or store your card or banking details.
- We don’t sell your data. We do not sell, rent, or trade your personal data to anyone, and we don’t use it for third-party advertising. We collect only what’s needed to run the Service.
- Minimal retention. Rate-limit counters expire within 24 hours, and we keep only the data required to operate features like shareable result links and license validation.
Infrastructure & Providers
We build on a handful of trusted, industry-standard providers rather than rolling our own infrastructure. Here’s exactly who does what:
Supabase
Database and storage for generated emails and license records.
Vercel
Application hosting, edge delivery, and TLS/HTTPS termination.
Upstash
Rate limiting — enforces the free-tier daily limit. Counters expire within 24 hours.
Gumroad
Payment processing and license fulfilment. We never see or store your card details.
Reporting a Vulnerability
Found a security issue? We appreciate responsible disclosure. Email us at hello@replyai.com with the details and we’ll respond as quickly as we can.