Privacy Policy

Last updated: June 30, 2025

1. Data Controller

This Privacy Policy applies to the processing of personal data by:

2. Data We Collect

2.1 Early Access Phase

During our early access signup phase, we collect:

• Name
• Email address
• Company name (optional)
• Package preference
• Platform preferences

Important: This early access database will be permanently deleted after we notify users about the service launch, without retaining any copies.

2.2 Active Service Phase

When using Autoply's services, we collect and process:

• Account Information: Name, email, company details, billing information
• Public Review Data: Reviews from connected platforms (Google, TripAdvisor, Booking.com, Facebook, Airbnb, Hotels.com, Apple Maps)
• Generated Content: AI-generated responses to reviews
• Usage Data: Service usage patterns, preferences, and settings
• Technical Data: IP addresses, browser type, access times

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our review management services
• Legitimate Interests: To improve our services and ensure security
• Consent: For marketing communications and certain data processing activities
• Legal Obligations: To comply with applicable laws and regulations

4. How We Use Your Data

We use your data to:

• Provide and maintain our AI review response service
• Connect to and manage your review platforms
• Generate appropriate responses to customer reviews
• Process payments and manage subscriptions
• Send service-related communications
• Improve and develop our services
• Ensure security and prevent fraud

5. Data Storage and Retention

Location: All data is stored on our secure servers hosted on AWS Lightsail in Germany (DE), ensuring compliance with EU data protection regulations.

Retention Period:

• Active customers: Data is retained for the duration of your subscription
• After account closure: You can choose to:
  • Download a local copy of your data
  • Keep data on our servers for up to 12 months
  • Permanently delete all data immediately

6. Data Sharing and Third Parties

6.1 Infrastructure Providers

• AWS Lightsail: Hosting services (Germany)
• AWS SES: Email delivery service
• Google Analytics: Website analytics
• Payment Provider: To be determined (likely Stripe)

6.2 AI Services

We use the European instance of Google Gemini 2.5 Pro and Flash for generating review responses, ensuring data remains within EU jurisdiction.

6.3 Review Platforms

We integrate with various review platforms to fetch and respond to reviews. Only public review data and responses are shared with these platforms.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

• All data transmissions use HTTPS encryption
• Access controls and authentication mechanisms
• Regular security updates and monitoring
• Separation of public review data from private customer data

Note: Public review data and responses are classified as lower sensitivity since they are intended for public display. Private customer data never leaves our EU-based servers.

8. Your Rights Under GDPR

As an EU citizen, you have the following rights:

• Right to Access: Request a copy of your data within 24 hours via our automated system
• Right to Rectification: Correct inaccurate personal data
• Right to Erasure: Delete your data (note: this may affect service continuation)
• Right to Restriction: Limit processing of your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to certain data processing activities
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at privacy@autoply.io

9. International Data Transfers

Your private customer data remains within the EU at all times. Public review responses may be displayed on international platforms (e.g., TripAdvisor, Google) as part of the service functionality. This is limited to content specifically created for public display.

10. Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify affected users within 72 hours
• Provide information about the breach and its potential impact
• Outline steps taken to address the breach
• Recommend actions you can take to protect yourself

11. Children's Privacy

Autoply is designed for business use and is not intended for children under 18. We do not knowingly collect personal data from children.

12. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or through our service.

13. Contact Information

For privacy-related inquiries or to exercise your rights:

• Email: privacy@autoply.io
• Post: Strategic Design France SARL, 3 Rue des Rosiers, 11440 Peyriac-de-Mer, France
• Phone: +33 (0) 7 86 13 35 05

14. Supervisory Authority

You have the right to lodge a complaint with the French data protection authority:

CNIL (Commission Nationale de l'Informatique et des Libertés)
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
France