Privacy Policy
Last updated: April 27, 2026
Urgent Reply ("we," "our," or "us") operates the Urgent Reply platform, accessible at urgentreply.app. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service.
By using Urgent Reply, you agree to the collection and use of information in accordance with this policy.
Information You Provide
- Account information — name, email address, and password when you register
- Business information — business name, type, AI tone preference, and custom instructions
- Review content — customer reviews and the AI-generated or human-edited responses you approve
- Communications — emails or messages you send to our support team
Information Collected Automatically
- Usage data — pages visited, features used, time spent, and interactions within the dashboard
- Log data — IP address, browser type, device type, and referring URL
- Session data — session cookies used to keep you logged in
Payment Information
Payment processing is handled entirely by Stripe. We do not collect, store, or have access to your full credit card number, CVV, or bank account details. We receive a Stripe customer ID and subscription status to manage your account.
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and improve the Urgent Reply platform
- Generate AI-powered responses to your customer reviews using OpenAI's API
- Route reviews to our human review team for quality oversight on sensitive responses
- Process payments and manage your subscription via Stripe
- Send transactional emails (account confirmation, billing receipts, password resets)
- Respond to support requests and troubleshoot issues
- Analyze usage patterns to improve platform performance and features
- Comply with applicable laws and regulations
We do not sell your personal information to third parties. We do not use your review data to train AI models beyond what is necessary to generate responses within your account.
3. Third-Party Services & Sharing
We share data with the following third-party service providers solely to operate the platform:
- Stripe — payment processing. Your payment data is governed by Stripe's Privacy Policy.
- OpenAI — AI response generation. Review content is sent to OpenAI's API to generate suggested replies. OpenAI may retain API inputs per their privacy policy. We do not send personally identifiable information beyond what is contained in the review text itself.
- Neon (PostgreSQL) — database hosting. Your account and review data are stored on Neon's infrastructure.
- Render — cloud hosting for the application server.
We may disclose information if required by law, court order, or governmental authority. In the event of a merger or acquisition, user data may be transferred as part of that transaction, with advance notice provided.
4. Cookies & Tracking
We use the following types of cookies and similar technologies:
Essential Cookies (always active)
- Session cookie — maintains your login state while you use the platform. Required for the service to function. Expires when you close your browser or after 24 hours of inactivity.
- Cookie consent preference — stores your cookie consent choice so we don't ask again. Expires after 1 year.
Analytics Cookies (optional, requires consent)
- Visitor ID — an anonymous identifier stored in localStorage that helps us understand aggregate site traffic patterns. No personally identifiable information is attached. You can clear this by clearing your browser's localStorage.
You can control cookies through your browser settings. Disabling essential cookies will prevent you from using authenticated features of the platform. To opt out of analytics tracking, decline non-essential cookies in our consent banner or clear your browser's localStorage.
5. Data Retention
- Your account data is retained for as long as your account is active.
- When you delete your account, we delete your personal data (name, email, business info, review history) within 30 days, except where retention is required by law (e.g., billing records for tax compliance — retained for 7 years).
- Anonymized, aggregated analytics data may be retained indefinitely.
- Backup copies may persist for up to 90 days after deletion requests are processed.
To request account deletion, email privacy@urgentreply.app.
6. Security
We implement industry-standard security measures including:
- All data transmitted over HTTPS (TLS 1.2+)
- Passwords hashed with bcrypt (12 rounds) — we never store plaintext passwords
- Rate limiting on authentication endpoints to prevent brute-force attacks
- Database access restricted to application servers only
- Regular security reviews
No system is 100% secure. If you believe your account has been compromised, contact us immediately at security@urgentreply.app.
7. GDPR Rights (EU/EEA Users)
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
Your GDPR Rights
- Right of Access — request a copy of the personal data we hold about you
- Right to Rectification — request correction of inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten") — request deletion of your personal data, subject to legal retention requirements
- Right to Data Portability — receive your data in a structured, machine-readable format (JSON or CSV)
- Right to Restrict Processing — request that we limit how we use your data
- Right to Object — object to processing based on legitimate interests
- Right to Withdraw Consent — withdraw consent for analytics cookies at any time
Our lawful bases for processing your data are: contract performance (to provide the service you signed up for), legitimate interests (platform security, fraud prevention), and consent (analytics cookies).
To exercise any GDPR right, email privacy@urgentreply.app with the subject line "GDPR Request — [Right]." We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
8. CCPA Rights (California Residents)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
Your CCPA/CPRA Rights
- Right to Know — request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
- Right to Delete — request deletion of your personal information, subject to certain exceptions
- Right to Correct — request correction of inaccurate personal information
- Right to Opt-Out of Sale — we do not sell your personal information. No action needed.
- Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights
Categories of personal information we collect: identifiers (name, email, IP address), commercial information (subscription history), internet/network activity (usage logs), and professional information (business name, type).
To exercise CCPA rights, email privacy@urgentreply.app with "CCPA Request" in the subject line. We will respond within 45 days (extendable by 45 days with notice).
9. Children's Privacy
Urgent Reply is not directed at children under 16 years of age. We do not knowingly collect personal information from anyone under 16. If you believe we have inadvertently collected information from a child, contact us at privacy@urgentreply.app and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email (at the address associated with your account) and by posting the new policy with an updated date. Continued use of the service after changes take effect constitutes acceptance of the updated policy.
For privacy-related requests, questions, or complaints:
We aim to respond to all privacy requests within 30 days.