InstantReply

Privacy Policy

Last updated: May 23, 2026

1. Introduction

AssemblyNest ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how InstantReply collects, uses, and shares your information when you use our web platform and mobile applications (iOS and Android). For the purposes of the General Data Protection Regulation (GDPR), AssemblyNest acts as the Data Controller, operating under the jurisdiction of the Republic of Ireland.

2. Information We Collect

When you authenticate and use InstantReply, we collect specific data necessary to provide our Service:

  • Account Information: Your Google account profile information (email, name) for authentication.
  • Business Data: Data related to your Google Business Profiles, including business listings, locations, and settings.
  • Review Data: Incoming Google reviews, which include reviewer names, star ratings, and the textual content of the feedback.
  • Device Information: Mobile device push tokens (e.g., Expo Push Tokens) to deliver real-time notifications when new reviews are received.
  • Billing Information: Subscription status and reference IDs managed by our payment processor.

3. Lawful Basis and How We Use Your Information

We process your data strictly to fulfill our contractual obligations to you and based on our legitimate interests in providing a seamless B2B service. Your data is used to:

  • Synchronize and display your Google reviews in a unified dashboard.
  • Generate automated, context-aware, translated, and SEO-optimized reply suggestions using Artificial Intelligence.
  • Send real-time push notifications regarding customer interactions.
  • Process subscription payments and send transactional account emails.

4. Third-Party Data Processors

To provide our Service securely and efficiently, we share necessary data with trusted third-party sub-processors:

  • Google: We act as a conduit between you and Google's APIs via OAuth to fetch reviews and post your approved replies directly to Google Maps and Search.
  • OpenAI: Review text is transmitted securely to OpenAI (GPT models) to generate reply drafts. We do not use your data to train public AI models.
  • Supabase: Our database and backend infrastructure provider, where your profile, settings, and review history are securely hosted.
  • Stripe: Our secure payment processor. We do not store your credit card information on our servers.
  • Expo: Utilized to deliver secure push notifications to your iOS and Android devices.
  • Resend: Utilized to send essential transactional emails (e.g., subscription notices).

5. Data Security and Retention

We implement industry-standard security measures, including separated production and development environments, to protect your data. We practice data minimization: once an AI-generated reply is approved and posted to Google, the unused AI drafts are automatically purged from our database to prevent data bloat. We retain your synchronized review history and authentication tokens only for as long as your account is active.

6. International Data Transfers

As some of our sub-processors (e.g., Google, OpenAI) are located outside the European Economic Area (EEA), we ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs) or adequacy decisions (like the EU-US Data Privacy Framework), are in place to protect your data during transfer.

7. Your GDPR Rights

Under the GDPR, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request the deletion of your InstantReply account and associated stored data.
  • Revocation: Revoke InstantReply's access to your Google account at any time via your Google Security settings.
  • Complaint: Lodge a complaint with the Irish Data Protection Commission (DPC) if you believe your privacy rights have been violated.

8. Changes to Policy

We may update this Privacy Policy from time to time to reflect technological or legal changes. We will post the new version on this page and update the "Last updated" date.

9. Contact

For privacy questions, data deletion requests, or to exercise your GDPR rights, please Contact us.