Your privacy is fundamental to us. Learn how we collect, use, and protect your personal information.
We never use your emails to train AI models
Full data control and deletion rights
Only with your explicit consent
We only collect what's necessary
Welcome to ReplyFabric.ai ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our practices regarding data collection and use when you visit our website or use our services.
ReplyFabric BV, with registered office at Stanislas Leclefstraat 18, 2600 Antwerp, Belgium, registered under company number 1026329284 (RLE Antwerp) and VAT number BE1026329284, acts as the data controller for the personal data processed as described in this Privacy Policy, such as for website analytics when you visit our website, client relationship management, account administration, billing, security, legal compliance, and direct communications.
When business customers use the ReplyFabric service to process emails, mailbox content, and related data on behalf of their organization, ReplyFabric generally acts as a processor on behalf of that customer, which acts as the controller.
This data may include personal data relating to the Customer’s employees, correspondents, customers, suppliers, and other third parties contained in business email communications, such as :
We use Google reCAPTCHA v3, a service provided by Google LLC, to protect our website and services from spam, bots, and abusive automated activity.
reCAPTCHA operates in the background and analyzes user interactions to determine whether an action is performed by a human or an automated system. This helps us ensure the security and availability of our website, forms, and services.
Data processed by reCAPTCHA may include:
This data is processed directly by Google and is subject to Google's own privacy policies.
We do not use reCAPTCHA data for advertising purposes and do not combine it with other personal data to identify individual users.
Google may process this information as an independent controller in accordance with its own privacy documentation. We use reCAPTCHA solely for security, fraud prevention, and abuse protection purposes.
The purposes described below apply depending on the nature of our relationship with you and the context in which the data is processed. Some processing activities are carried out by ReplyFabric as controller, while others are carried out by ReplyFabric as processor on behalf of a business customer, such as:
The disclosure of data with regard to the email management services purposes is further explained under the titles “8a. Google API Data Disclosure” and “8b. Microsoft API Data Disclosure”.
*: we do not use customer emails or mailbox content to train generalized AI models
For users in the European Union, we process your personal data based on the following legal grounds:
Where applicable, we process personal data based on our legitimate interest in ensuring the security, integrity, and availability of our website and services.
This includes:
We have assessed that this processing is necessary, proportionate, and does not override your fundamental rights and freedoms.
For marketing communications and optional analytics cookies
To provide our email management services
To comply with applicable laws and regulations
| Purpose | Categories of data | Legal basis | Retention |
|---|---|---|---|
| Website operation and security | Technical info, IP, device/browser info, logs, reCAPTCHA data | Legitimate interest | 12 months |
| Account creation and administration | Contact info, account info, business info | Execution of Contract | During account lifetime + 12 months post-termination |
| Provision of the Service | Connected mailbox data, metadata, user settings, team data | Execution of Contract / processor relationship under customer instructions | As defined in customer agreement / DPA |
| Billing and payment | Contact data, company data, billing data, payment-related records | Execution of Contract / legal obligation (legal retention period) | 10 years after termination of agreement in accordance with applicable limitation period and tax laws |
| Customer support | Account data, communication data, relevant service data | Execution of Contract | As long as necessary to resolve and document support requests and, insofar as necessary, for 10 years after termination of agreement in accordance with applicable limitation period. |
| Product analytics | Usage data, technical diagnostics | Legitimate interest | Limited period necessary for analytics and improvement |
| Marketing communications to prospects | Contact data | Consent | Until withdrawal of consent or two years if no interaction with the prospect. |
| Marketing communications to customers | Business contact data | Legitimate interest, where permitted by law | Until objection or for two years after the end of relationship |
| Legal compliance and enforcement | Any relevant categories necessary in the circumstances | Legal obligation / legitimate interest | 10 years after termination of agreement in accordance with applicable limitation period |
We do not sell your personal information. We may share your data in the following limited circumstances:
We work with trusted third-party service providers who help us operate our business:
We may use carefully selected subprocessors and service providers to help deliver the Service. Where relevant, an up-to-date overview of key subprocessors is made available through our Trust Center, or on request.
We may disclose information when required by law or to:
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
As part of our security measures, limited technical data may be shared with Google when reCAPTCHA is loaded.
We make every effort to guarantee the security of your personal data. We have implemented reasonable technical and organisational measures to guarantee your personal data against accidental or unlawful destruction, loss, modification, unauthorised disclosure and/or unauthorised access to the data transmitted, saved or otherwise processed. Please note that the internet is an open network; we cannot therefore guarantee that unauthorised third parties will not be able to circumvent these measures or use your personal data for inappropriate purposes.
This website may include links to third-party websites. We will not be held liable for the content of these websites, nor for the privacy standards and practices of the corresponding third party. You must read and understand the relevant third-party and website privacy policies before accepting cookies and visiting a website, to ensure your personal data is sufficiently protected.
We implement appropriate technical and organizational measures to protect your personal information, such as:
Data is encrypted in transit and at rest
Limited access to personal data on a need-to-know basis
Security assessments and monitoring
Regular privacy and security training for our team
ReplyFabric.ai uses Google OAuth to allow users to connect their Gmail or Google Workspace accounts. This section explains how we access, use, store, and share Google user data, in accordance with Google's API Services User Data Policy, including the Limited Use Policy.
With your explicit consent, ReplyFabric may access the following Google data:
We do not access Drive, Calendar, Contacts, Photos, or any other Google data.
We use Gmail data solely to provide the core functionality of ReplyFabric:
We do not:
Depending on your settings, ReplyFabric may temporarily store:
Full email bodies are processed in encrypted systems and stored during 3 months to deliver the feature, unless your organization configures retention for analysis or audit logs.
All data is encrypted in transit and at rest.
We do not share Google user data with:
Limited sharing may occur with:
ReplyFabric conforms to Google's Limited Use Policy:
You can revoke ReplyFabric's access to your Google account at any time:
Once access is revoked, ReplyFabric can no longer read, process, or send emails on your behalf.
ReplyFabric.ai uses Microsoft OAuth (via Microsoft Identity Platform) to allow users to connect their Outlook or Microsoft 365 accounts. This section explains how we access, use, store, and share Microsoft user data, in accordance with Microsoft's API Terms of Use and applicable data protection requirements.
With your explicit consent, ReplyFabric may access the following Microsoft data via Microsoft Graph API:
We do not access OneDrive, SharePoint, Teams, Calendar, Contacts, or any other Microsoft 365 data beyond what is listed above.
We use Outlook and Microsoft 365 data solely to provide the core functionality of ReplyFabric:
We do not:
Depending on your settings, ReplyFabric may temporarily store:
Full email bodies are processed in encrypted systems and stored during 3 months to deliver the feature, unless your organization configures retention for analysis or audit logs.
All data is encrypted in transit and at rest.
We do not share Microsoft user data with:
Limited sharing may occur with:
You can revoke ReplyFabric's access to your Microsoft account at any time through your Microsoft account settings:
Microsoft 365 administrators can additionally manage and revoke application permissions via the Azure Active Directory admin portal at portal.azure.com. Once access is revoked, ReplyFabric can no longer read, process, or send emails on your behalf.
Data protection legislation provides various rights for the data subject with regard to the processing of personal data to ensure the data subject has sufficient control over the processing of their personal data. Depending on your location, you may have the following rights regarding your personal information:
To exercise any of these rights, please contact us at privacy@replyfabric.ai. We will respond within the time periods required by applicable data protection law, usually within 30 days.
We can request you verify your identity to ensure your request is lawful and that we are sending the reply to a person entitled to make such a request and to receive the data.
Please note that we may refuse access to your personal data or may not be able to grant your data subjects’ request under specific circumstances when we are entitled to do so under the applicable data protection legislation.
ReplyFabric primarily aims to store core customer email and mailbox content within the European Union. However, some personal data may be processed by service providers or subprocessors located outside the European Economic Area (EEA), including in the United States, for example in connection with infrastructure, authentication, analytics, diagnostics, AI model services, communications, payments, or abuse prevention. The international transfer of data outside the EEA is legal if the recipient of the data resides in a country covered by an adequacy decision, i.e. a country with a level of protection deemed adequate by the European Commission or by the certification scheme provided by the EU-US Data Privacy Framework. Some of these countries may not have enacted equivalent data protection legislation to protect the use of your personal data. In such cases, we have researched whether appropriate preventive measures similar to those implemented within the EU are possible, for example by adopting standard contractual clauses. In specific cases, we will request your prior consent to the transfer of your personal data outside the EEA. Please follow the procedure set out in Rights of the data subject for further information on data transfer.
Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children.
If we become aware that we have collected information from a child under 16, we will take steps to delete such information promptly.
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will:
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@replyfabric.ai
Website: https://replyfabric.ai/contact
Address: Stanislas Leclefstraat 18, 2600 Antwerp (Belgium)
This Privacy Policy is effective as of May 18, 2026 and applies to all information collected by ReplyFabric.ai from that date forward.