← Back to home

Privacy Policy

Last updated: February 15, 2026

ReplyOn ("we", "our", "us") provides AI-powered reply generation for X (Twitter) through a Chrome extension and a Telegram bot. This Privacy Policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

Account Information

  • Google sign-in (extension): email address and display name via OAuth 2.0. We never receive your Google password.
  • Telegram (bot): Telegram user ID, username, and language preference.
  • Twitter accounts (bot): encrypted cookies for campaign execution. Cookies are encrypted with AES-256 at rest.

Tweet Content

When you generate an AI reply, we send the tweet text (and image URLs for VIP users) to our server for processing. This data is passed to the AI model in real time and not stored after the reply is returned.

Payment Data

Payments are processed by Telegram Stars (card payments) and CryptoBot (crypto). We store transaction IDs and subscription status. We never see or store your card number or crypto wallet keys.

What We Do NOT Collect

  • Your X (Twitter) password
  • Browsing activity outside x.com / twitter.com
  • IP addresses for profiling
  • We do not sell, rent, or share your data with third parties

2. How We Use Your Data

  • Identify your account and subscription tier
  • Generate AI replies based on tweet content and your style preferences
  • Execute campaigns (bot) using your connected Twitter accounts
  • Process payments and manage your credit balance
  • Track anonymous extension usage via GA4 Measurement Protocol (no personal data, no cookies)

3. Data Retention

  • Tweet content: processed in real time, not persisted.
  • Extension cache: replies cached locally for 24 hours, then auto-deleted.
  • Account data: stored until you request deletion.
  • Campaign logs: reply history retained for analytics. Can be deleted on request.

4. Third-Party Services

  • OpenAI / xAI: AI reply generation (tweet text sent for processing)
  • Google OAuth: extension sign-in (email and name only)
  • Telegram Bot API: bot interface and Stars payments
  • CryptoBot: cryptocurrency payments
  • Google Analytics 4: anonymous extension usage events (no personal data)

5. Security

  • All API communication uses HTTPS (TLS encryption)
  • Twitter cookies encrypted with AES-256 at rest
  • Authentication tokens transmitted only over encrypted connections
  • Static fingerprinting per account (no credential sharing between sessions)

6. Your Rights

  • View your data: check your profile and stats in the bot or extension
  • Delete local data: click "Disconnect" in the extension or clear browser data
  • Delete your account: contact us via Telegram or email
  • Export your data: request a copy by contacting support

7. Children's Privacy

ReplyOn is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with data, contact us and we will delete it.

8. Changes

We may update this policy when features change. Updates are reflected in the "Last updated" date above. Continued use after changes constitutes acceptance.

9. Contact