• Account Registration & Authentication

  - Email Address: If you create an account using email, we collect your email address for

  authentication and account recovery.

  - Phone Number: If you create an account using phone authentication, we send a one-time

  SMS verification code to your mobile device. Your phone number is used solely for

  authentication purposes.

  Message Content

  - Text Messages: When using the Service, you paste or type text messages you've received

  in order to generate AI-powered reply suggestions.

  - Screenshots: If you use our OCR (text extraction) feature, you may upload screenshots

  of conversations. We extract the text content to generate replies; images are not

  permanently stored.

  - Conversation Context: You may optionally provide additional context about your

  conversation to improve reply quality.

  Preferences & Settings

  - Reply Preferences: You select options such as relationship type (e.g., ex, crush,

  partner, coworker), communication goal (e.g., set boundaries, de-escalate, flirt), and

  tone (e.g., soft, direct, playful) to customize your reply suggestions.

  Communication with RightReply

  - Support Requests: If you contact our support team, we collect your email address, the

  content of your message, and any attachments you send.

Device & Usage Data

- Device Identifiers: We collect device identifiers for push notification delivery and

app functionality.

- Usage Metrics: We collect information about how you interact with the Service,

including features used, reply requests made, and preferences selected.

- Analytics & Crash Reports: We collect anonymized usage metrics and crash logs to

improve performance, diagnose errors, and optimize the user experience.

Log Data

- We collect server logs including IP addresses, timestamps, and actions performed within

the App. We use these logs to monitor for security incidents, fraud, and abuse.

Purchase Information

- We maintain records of in-app credit purchases and subscription transactions to manage

your account balance and provide purchase history.

AI Service Providers

- When you submit a message for reply suggestions, the text content is sent to

third-party AI providers (such as Anthropic Claude or OpenAI) for processing. These

providers generate the reply suggestions returned to you. We do not share your account

information or identity with these providers.

Payment & Billing

- If you purchase credits or subscribe to premium features, your payment information is

processed through Apple's App Store or Google Play. We do not collect or store your

payment card details on our servers. We only receive confirmation of successful

transactions.

Analytics

- We use Firebase Analytics to collect aggregated, anonymous metrics about how the

Service is used. This helps us improve performance and user experience. We do not share

personally identifiable information (PII) with advertisers.

Authentication Services

- We use Firebase Authentication to securely manage your account login via email or phone

number.

We use the information we collect for the following purposes:

Account Creation & Authentication

- To verify your email address or phone number, create your RightReply account, and

enable secure login.

Reply Generation & Core Functionality

- To process the messages you submit and generate AI-powered reply suggestions.

- To apply your selected preferences (relationship type, goal, tone) to personalize

responses.

- To provide coaching notes and message analysis alongside your replies.

- To maintain your request history so you can access past replies.

Communication & Notifications

- To send you transactional messages (e.g., account verification codes).

- To deliver push notifications when your reply suggestions are ready.

Purchases & Account Management

- To process credit purchases and subscription transactions.

- To manage your account balance and provide purchase history.

Customer Support

- To respond to your inquiries, handle support requests, and process account deletion

requests.

Analytics & Improvement

- To analyze aggregate usage trends, monitor app performance, fix bugs, and improve

features.

- To detect and prevent fraud, spam, or abusive behavior.

Legal & Safety

- To comply with applicable laws and regulations and respond to lawful requests by public

authorities.

- To enforce our Terms of Service and investigate potential violations.

We do not sell your personal data. We share information only as described below:

Within RightReply & Thryve Studio

- RightReply employees and contractors may access account data for support, development,

and security purposes, under strict confidentiality obligations.

Service Providers & Third Parties

We share information only when necessary to provide the Service, including:

- AI Processing: Anthropic (Claude) and OpenAI to process your submitted messages and

generate reply suggestions. Only message content is shared; your account identity is not

disclosed to these providers.

- Authentication & Backend Services: Firebase for authentication, database storage, and

cloud functions.

- Cloud Hosting: Google Cloud infrastructure to store encrypted account data and request

history.

- Push Notifications: Apple Push Notification service (APNs) and Firebase Cloud Messaging

(FCM) to notify you when replies are ready.

- Analytics: Firebase Analytics for anonymized performance tracking and usage metrics.

- Payment Processing: Apple App Store and Google Play to process in-app purchases. We do

not receive or store your payment card information.

Legal Requirements

- We may disclose your personal data if required by law (e.g., valid subpoena, court

order, or government request), or to establish, exercise, or defend our legal rights.

- We may share information to prevent or investigate fraud, security or technical issues,

or to protect the rights, property, or safety of RightReply, our users, or others.

Business Transfers

- In the event RightReply or Thryve Studio is acquired, merged, or undergoes a

reorganization, your data may be transferred as part of that transaction. We will notify

you before any such transfer and your personal data will remain subject to this Privacy

Policy.

Active Accounts

- We retain your account data (email/phone, request history, preferences, purchase

history) for as long as your account is active or until you request deletion.

Deletion Requests

- You can delete your account directly within the App by going to Settings > Delete

Account.

- Alternatively, you may email support@thryvestudio.com with the subject line "Request

Account Deletion – RightReply." Include your registered email address or phone number.

- Upon verification, we will permanently delete your account information, request

history, and all associated data within 30 days. Once deleted, this data cannot be

restored.

Message Content

- Messages you submit for reply generation are stored as part of your request history.

This data is deleted when you delete your account.

- Screenshots uploaded for OCR text extraction are processed in real-time and are not

permanently stored.

Log Files & System Records

- We retain server logs (IP addresses, timestamps, error logs) for up to 90 days to

investigate security incidents and support legal compliance. After 90 days, direct

identifiers are stripped or anonymized.

Legal or Tax Records

- If required by law (e.g., to comply with a subpoena, court order, or tax audit), we may

retain minimal account metadata (account ID, creation date, purchase records) for up to

5 years. This data is stored securely and is not used for marketing.

Aggregated & Anonymized Data

- We may retain aggregated, de-identified analytics (e.g., total requests, feature usage

counts) indefinitely for product improvement. This data cannot be traced back to any

individual user.

Mobile App

- The RightReply App does not use cookies. We use standard mobile analytics through

Firebase to understand app usage and improve performance.

Website (if applicable)

- If you visit our website, we may use cookies and similar technologies to remember your

preferences, maintain your session, and improve performance. You can disable cookies in

your browser settings, though this may impact your experience.

Third-Party Analytics

- We use Firebase Analytics to collect anonymized information about how users interact

with our Service (e.g., feature usage, screen views, device type). This data is

aggregated and cannot identify individual users.

No Advertising Tracking

- We do not use advertising cookies, tracking pixels, or share your data with advertising

networks. RightReply does not display ads.

We implement industry-standard safeguards to protect your personal data:

- Encryption: All data is encrypted in transit (HTTPS/TLS). Sensitive data is encrypted

at rest using Firebase's security infrastructure.

- Access Controls: Only authorized Thryve Studio employees and contractors have access to

production data. Access is logged and restricted on a need-to-know basis.

- Authentication: We use Firebase Authentication's secure flows for email and phone

verification, including one-time SMS codes and secure session management.

- Infrastructure Security: Our backend runs on Google Cloud infrastructure (via

Firebase), which maintains SOC 2 compliance and undergoes regular security audits.

- Incident Response: In the event of a data breach, we will notify affected users and

relevant authorities within 72 hours, in accordance with applicable laws.

However, no system is 100% secure. While we strive to protect your data, we cannot

guarantee absolute security. If you believe your account has been compromised, please

contact us immediately at support@thryvestudio.com.

RightReply is intended for users who are 13 years or older. We do not knowingly collect

or maintain personal information from anyone under 13. If we become aware that a person

under 13 has provided us with personal data, we will delete that information promptly. If

you believe we may have inadvertently collected data from a minor, please contact us at

‍ ‍support@thryvestudio.com.

Depending on your jurisdiction (e.g., GDPR, CCPA), you may have rights regarding your

personal data:

Access & Portability

- You can request a copy of the personal information we hold about you by emailing

‍ ‍support@thryvestudio.com. We will provide the data in a common, machine-readable format

within 30 days.

Correction

- If any of your account information is inaccurate or incomplete, you can email

‍ ‍support@thryvestudio.com to request corrections.

Deletion

- You can delete your account directly within the App via Settings > Delete Account, or

request deletion by emailing support@thryvestudio.com as described in Section 4.

Withdrawal of Consent

- You can disable push notifications at any time through your device settings.

- To stop all data collection, delete your account and uninstall the App.

Do Not Sell My Personal Information (CCPA)

- RightReply does not sell your personal information. If you are a California resident

and have questions about our data practices, please contact us at

‍ ‍support@thryvestudio.com.

Opt-Out of Analytics

- You can limit analytics collection by adjusting your device's privacy settings (e.g.,

"Limit Ad Tracking" on iOS or "Opt out of Ads Personalization" on Android).

Linked Services

- We may provide links to third-party websites (e.g., our social media pages or App Store

listings) for your convenience. We are not responsible for the privacy practices or

content of those sites. We encourage you to review the privacy policies of any site you

visit.

Payments

- If you make in-app purchases, your payment data is processed by Apple's App Store or

Google Play. We do not store your card number or billing information on our servers.

AI Service Providers

- RightReply uses third-party AI providers (Anthropic Claude, OpenAI) to generate reply

suggestions. Message content you submit is processed by these providers according to

their respective privacy policies. We do not share your account identity with these

providers.

External Software & SDKs

- RightReply integrates third-party software development kits (SDKs) for authentication

(Firebase Auth), analytics (Firebase Analytics), and push notifications (Firebase Cloud

Messaging). These providers may collect anonymized, aggregated data. We do not share your

personally identifiable information with these providers beyond what is necessary to

provide the Service.

We may update this Privacy Policy from time to time (for example, when we add new

features or in response to changes in law). When we do, we will post the updated policy

within the App and update the "Last Updated" date at the top. If changes are material, we

will notify you via push notification or in-app notice. Continued use of the Service

after the effective date indicates your acceptance of the revised policy.