Privacy Policy

SmartAI Reply ("we," "our," or "us") values your privacy. This Privacy Policy explains how we collect, use, store, and protect your information when you use the SmartAI Reply Chrome Extension and related services.

1. Information We Collect

Personal Information

• Email Address: Required for account creation and authentication.
• Full Name: Optional, provided during registration.
• Account Preferences: Your selected plan (Free, Pro, or Premium).

Usage Data

• Selected Text: Text you highlight to generate AI replies.
• Generated Replies: AI responses created based on your input.
• Usage Statistics: Number of replies generated (for plan limits).
• Browser Data: Non-identifiable extension usage patterns and preferences.
• IP Address: Automatically collected for security, fraud prevention, and usage analytics.

2. How We Use Your Information

Primary Uses

• AI Reply Generation: Process your selected text to create intelligent responses.
• Account Management: Authenticate users and manage subscriptions.
• Service Delivery: Enable core extension functionality and features.
• Usage Monitoring: Track daily limits based on your selected plan.
• Security & Abuse Prevention: Detect suspicious activity, prevent fraud, and enforce rate limits using IP addresses.

We Do Not Use Your Data For

• Advertising or third-party marketing.
• Selling or sharing with data brokers.
• AI model training (your text is not stored).
• Profiling or behavioral targeting.

3. Data Storage and Security

Local Storage

• Authentication Tokens: Stored securely in your browser for 30-day sessions.
• User Preferences: Includes tone settings and interface preferences.
• No Sensitive Data: Passwords are hashed and never stored in plain text.

Server Storage

• Account Data: Email, name, plan information.
• Usage Counters: Track reply limits for your plan.
• Security Logs: Authentication attempts, IP addresses, and rate limiting data.

Security Measures

• HTTPS encryption for all data transmission.
• JWT tokens with expiration for authentication.
• IP-based rate limiting and anomaly detection to prevent abuse.
• Regular security audits and infrastructure updates.

4. Third-Party Services

OpenAI API

• Purpose: Generate AI-powered replies.
• Data Shared: Selected text and tone preferences.
• Retention: OpenAI processes data temporarily; it is not stored.
• Policy: OpenAI Privacy Policy

Hosting Services

• Netlify: Hosts our website and backend APIs.
• Data Processing: Standard server logs only (no personal data).

5. Your Rights and Choices

Account Control

• Access: View or download your account data anytime.
• Update: Modify your email or name in account settings.
• Delete: Request account deletion via our support email.
• Export: Request your data in a portable format.

Extension Control

• Uninstall: Remove the extension anytime from Chrome.
• Permissions: Revoke extension permissions in browser settings.
• Clear Data: Erase local storage data from extension settings.

6. Data Retention

• Account Data: Retained while your account is active.
• Usage Data: Stored for up to 30 days to enforce plan limits.
• Selected Text: Not stored after reply generation.
• IP Logs: Retained for up to 30 days for security and fraud prevention, then automatically deleted or anonymized.
• Deleted Accounts: All related data permanently removed within 30 days.

7. Children's Privacy

• SmartAI Reply is not intended for children under 13.
• We do not knowingly collect information from children.
• If you believe a child has provided us personal data, contact us immediately.

8. International Users

• Our services are hosted in the United States.
• By using SmartAI Reply, you consent to the transfer of your information to the U.S., where data protection laws may differ from your country.

9. Changes to This Policy

We may update this Privacy Policy occasionally. You will be notified via:

• Email (for registered users)
• Notice on our website
• Chrome extension update notice

10. Legal Basis (GDPR)

For users in the European Union, our legal basis for processing data includes:

• Consent: Provided explicitly when creating an account.
• Contract: Necessary to provide extension services.
• Legitimate Interest: Improve product performance and prevent abuse.