Privacy Policy

How we collect, use, and protect your data.

Effective date: May 17, 2026

ReplyMill ("we", "us", "our") operates the ReplyMill platform at replymill.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, and authentication credentials (or OAuth tokens if you sign in with Google). If you set up a company, we also collect your company name.

Email Content

ReplyMill receives your support emails via an email-forwarding rule that you configure on your own mailbox. When you set up forwarding, we assign you a unique forwarding address (<localPart>@inbound.replymill.com); mail you forward to that address is received by our email provider (Resend), parsed, and stored in our database. We do not access your mailbox directly and require no OAuth credentials to it.

When you reply through ReplyMill, we send mail via Resend from<localPart>@replymill.com with the Reply-To header set to your public support address so that end-customer replies land back in your inbox.

We store the email content, sender information, subject lines, and attachments of messages ingested through forwarding. This data is used solely to provide the ReplyMill service — threading conversations, generating AI draft replies, and routing messages to Slack. You can stop ingestion at any time by removing the forwarding rule on your end; deleting your account removes your Mailbox row and disables the forwarding address.

Usage Data

We automatically collect certain information when you use our service, including your IP address, browser type, pages visited, and timestamps. This helps us improve the product and diagnose issues.

Slack Workspace Data

When you connect ReplyMill to Slack, we access your workspace name, channel list, and the ability to post messages to channels you configure. We do not read messages in your Slack workspace beyond what ReplyMill itself posts.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the ReplyMill service
  • Route support emails into Slack and generate AI-assisted draft replies
  • Group similar issues and detect patterns in support requests
  • Send transactional emails (account verification, billing receipts, etc.)
  • Respond to your inquiries and provide customer support
  • Monitor and analyze usage to improve the service
  • Detect, prevent, and address technical issues or abuse

3. AI and Your Data

ReplyMill uses OpenAI's GPT-4o-mini model to power its AI features. Email content is sent to OpenAI's API for the following purposes:

  • Drafting replies — polishing an engineer's draft into a customer-friendly response.
  • Summarizing threads — generating short summaries to help your team triage their inbox.
  • Classifying messages — detecting topic, priority, sentiment, and whether a message is a bug report, feature request, or general support question.

Our commitments:

  • We never train AI models on your data. Your emails and conversations are not used to train, fine-tune, or improve any AI models. OpenAI's API terms commit them to not using input data submitted via the API for model training.
  • AI-generated drafts are suggestions only — your team reviews and approves every reply before it is sent.

4. Data Sharing

We do not sell, rent, or trade your personal information. We may share data with:

  • Service providers — third-party companies that help us operate the service (hosting, email delivery, AI processing, analytics). These providers are bound by confidentiality obligations.
  • Legal requirements — if required by law, subpoena, or governmental request.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

Sub-processors

We rely on the following sub-processors to operate ReplyMill. Each is bound by their own terms and processes only the data needed for their stated purpose:

  • OpenAI — AI processing (reply drafting, summarization, classification).
  • Resend — receiving forwarded support emails from your inbox via MX, parsing them, sending replies on your behalf, and sending transactional emails (account invites, billing receipts, etc.).
  • Google — Sign in with Google (login only; we do not access your Gmail mailbox).
  • Slack — routing threads and notifications into your workspace's channels.
  • Stripe — subscription billing and payment processing.
  • PostHog — product analytics and error tracking.
  • Railway — application hosting and database infrastructure.

5. Data Security

We take security seriously. Your data is encrypted in transit (TLS) and at rest. We use role-based access control to limit who on your team can see what. Our infrastructure is hosted on reputable cloud providers with industry-standard security certifications.

While no system is 100% secure, we work continuously to protect your data and promptly address any vulnerabilities.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. When you delete your account, we immediately remove your workspace data — including threads, messages, attachments, team configuration, your Mailbox row, and its forwarding address — and revoke your Google sign-in tokens. You should also remove the forwarding rule on your end so no further mail is sent to us. The only exception is data we are required to retain by law (e.g., billing records).

7. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Object to or restrict certain processing

To exercise any of these rights, contact us at noa@replymill.com.

8. Cookies and Analytics

We use essential cookies to keep you signed in and maintain your session. We do not use third-party advertising cookies, and we do not sell analytics data to anyone.

We use PostHog for product analytics and error tracking. Once you log in, PostHog associates events (page views, feature usage, errors) with your ReplyMill account ID, along with your workspace ID, role, and plan. We use this data only to understand how the product is used, diagnose issues, and improve the service.

9. Children's Privacy

ReplyMill is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the effective date. Your continued use of the service after changes are posted constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, contact us at:

noa@replymill.com