Privacy Policy

Overview

Replx provides an AI reply-generation service for X through the Replx website, account pages, backend, and Chrome extension. This Privacy Policy explains what data Replx collects, how that data is used, when it is shared, how long it is kept, and what choices you have.

This policy applies to the Replx website at replx.app, the Replx Chrome extension, the Replx account and billing flows, support and uninstall forms, and backend services used to provide those features.

Extension purpose

The Replx Chrome extension has a single purpose: helping you generate and improve reply drafts on X. The extension runs on x.com, twitter.com, and pro.x.com so it can add Replx controls near X reply composers, read the X post needed for the reply context, read your current draft only when you ask Replx to improve it, insert the generated draft back into the composer, and optionally highlight posts according to settings you choose.

Replx does not post replies automatically. Generated and improved replies are drafts that you can review, edit, ignore, or post yourself on X.

Data we collect

Account data: when you create or use a Replx account, Replx collects your Google account email address and display name, your Replx user ID, your generated extension key, account creation and update timestamps, website session records, plan status, credit balances, reply and improvement counters, token usage counters, and saved settings.

Settings data: Replx stores the reply tone you choose, custom tone instructions if you create them, selected built-in reply styles, custom style names and definitions if you create them, selected model, reasoning setting, and post-highlighting settings such as enabled status, metric, direction, and threshold.

Extension sign-in data: when you sign in to the extension with your Replx key, the extension sends that key to the Replx backend to verify your account. The extension stores your Replx user ID, key, name, email, plan status, credit counts, billing usage summary, reply counters, selected tone, selected styles, custom styles, model, reasoning setting, post-highlighting settings, sign-in time, and last sync time in Chrome local storage on your device so the extension can keep you signed in and show your current account state.

Reply-generation data: when you click a Replx style button to generate a reply, the extension sends your Replx user ID, extension key, selected style, selected tone, reasoning setting, selected model, and the relevant X post text to the Replx backend. The backend sends the post text, tone instructions, style name, and style definition to OpenAI to generate the draft.

Reply-improvement data: when you click a Replx improver button, the extension sends your Replx user ID, extension key, improvement mode, selected tone, reasoning setting, selected model, the relevant X post text, and your current draft reply text to the Replx backend. The backend sends the post text, draft reply, tone instructions, and improvement mode to OpenAI to return an improved draft.

Post-highlighting data: when post highlighting is enabled, the extension reads visible X timeline metrics such as views, replies, or likes from the page you are viewing on X and compares them with your selected threshold. This processing happens in the browser to decide whether to visually highlight a post. Replx stores the highlighting settings you choose, but it does not send the viewed X timeline posts or metric values to the backend for the highlighting feature.

Website login and session data: the website uses Google OAuth sign-in. Google provides an ID token and profile information needed to authenticate you. Replx stores a Replx website session token in a first-party cookie so you can stay signed in on replx.app. Replx stores only a hash of that session token in the backend database.

Billing data: if you start or manage a paid plan, Replx shares your account email and selected plan with Lemon Squeezy to create checkout or customer portal links. Replx receives and stores billing metadata from Lemon Squeezy, including provider customer ID, subscription ID, order ID, variant ID, plan key, subscription status, cancellation status, test-mode flag, renewal and end dates, webhook event names and IDs, and billing usage period data. Replx does not collect or store your full payment card number.

Support and uninstall messages: if you send a message through the support or uninstall form, Replx stores the message text, source of the form, and creation time. Those forms do not require a Replx account and do not ask for your email address unless you include it in the message.

Website analytics and technical data: Replx uses PostHog on the website to understand website usage. Website analytics are configured in cookieless mode without session recording or identified user profiles. PostHog uses a privacy-preserving server hash to count anonymous visitors and strips the client IP before analytics transformations run. Replx and its service providers may also process technical data such as browser type, device information, page URLs on replx.app, request timestamps, error messages, server logs, and security events needed to operate and protect the service.

Data we do not collect

Replx does not collect your full browsing history. The extension is limited to X domains listed in the extension manifest and uses X page content only as needed for user-facing Replx features.

Replx does not collect passwords for your Google account, X account, Chrome account, or Lemon Squeezy payment account. Replx does not collect private X messages, X cookies, or data from websites outside the extension's allowed X domains.

Replx does not sell user data, does not use extension data for advertising, and does not use extension data for personalized advertising, credit-worthiness, lending, or unrelated profiling.

How we use data

Replx uses data to create and authenticate accounts, keep users signed in, verify extension keys, sync account state between the website and extension, apply your saved settings, generate reply drafts, improve reply drafts, insert generated text into X composers, highlight posts when that setting is enabled, track credits and plan limits, process checkout and subscriptions, display account and billing status, provide support, debug errors, prevent abuse, secure the service, comply with legal obligations, and improve reliability and product quality.

Usage counters, token counts, timing data, and aggregate metrics are used to enforce plan limits, show account status, understand service load, measure performance, and operate the product. Support and uninstall messages are used to respond to feedback, investigate issues, and improve the service.

Chrome Web Store Limited Use

Replx's use and transfer of information received from the Chrome extension and from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements.

Replx uses extension data only for the purposes disclosed in this policy and in the extension's user-facing features: providing reply generation and reply improvement, maintaining account and plan functionality, applying settings, syncing user-facing extension state, securing the service, debugging errors, preventing abuse, providing support, and improving Replx.

Replx does not transfer extension user data except to the processors listed in this policy when necessary to provide Replx, comply with law, enforce terms, protect rights or safety, or complete a business transfer such as a merger, acquisition, or sale of assets after notice and explicit prior consent where required by Chrome Web Store policies or applicable law.

Replx does not allow humans to read extension user data except with your consent for support, when necessary for security or abuse investigation, when data is aggregated and anonymized for internal operations, or when required by law.

Sharing and processors

Replx shares data only as needed to operate the service, process payments, comply with law, protect the service, or with your direction. The parties that may process Replx user data are:

• Convex, for backend hosting, database storage, authentication infrastructure, server functions, logs, account sessions, settings, usage counters, billing metadata, support messages, and operational data.
• Google, for Google OAuth sign-in, Google Fonts, Chrome browser storage APIs, and Chrome Web Store extension distribution and review.
• PostHog, for cookieless, anonymous website analytics hosted in its US Cloud region.
• OpenAI, for generating and improving replies from the post text, draft reply text, tone instructions, style definitions, model choice, and generation settings you choose to send through Replx.
• Lemon Squeezy, for checkout, subscriptions, customer portal access, payment processing, billing records, billing emails, subscription cancellation, subscription lookup, and webhook delivery.
• X, because the extension operates on X pages you visit and uses visible X page content to provide the reply and highlighting features. Replx does not control X's own collection or use of data.

These processors may process data under their own terms and privacy policies. Replx does not authorize processors to use extension user data for advertising or unrelated purposes.

Storage and security

Replx transmits data to its backend over HTTPS. The extension communicates only with the configured Replx Convex backend host for account sync and reply actions. Website account sessions are stored in a first-party cookie on replx.app, and extension session data is stored in Chrome local storage on your device.

Replx backend records are stored by Convex. Website session tokens are stored by Replx as backend hashes rather than raw tokens. Extension keys are account credentials, so you should keep your key private and sign out of the extension on shared devices.

No internet service can guarantee perfect security. Replx uses reasonable technical and organizational measures appropriate for the service, but users should avoid sending sensitive personal, confidential, financial, medical, or legally privileged information through reply prompts or support messages.

Data retention

Replx keeps account, settings, usage, credit, plan, subscription, and billing metadata for as long as needed to provide the service, maintain records, comply with legal obligations, resolve disputes, prevent abuse, and enforce terms. Website sessions expire after a limited period and may be deleted when you sign out. Extension local storage remains on your device until you sign out, uninstall the extension, clear Chrome storage, or Chrome removes it.

If you delete your account from the account page, Replx cancels active cancellable subscriptions through Lemon Squeezy when possible and deletes Replx account data from the Replx backend, including user, settings, plan, subscription, and website session records. Some data may remain with processors, in provider logs, backups, payment records, or records required for legal, tax, accounting, fraud-prevention, or dispute-resolution purposes.

Support and uninstall messages may be kept as long as needed to review feedback, troubleshoot issues, prevent abuse, and improve Replx. Aggregate metrics that do not directly identify you may be retained for product analytics and operational reporting.

Your choices

You can choose not to create an account, stop using Replx, uninstall the extension, sign out from the extension popup, clear extension storage in Chrome, sign out of the website, manage settings from the account page, disable post highlighting, cancel a subscription, or delete your Replx account from the account page.

You control when reply-generation and reply-improvement requests are sent: Replx sends X post text and draft reply text only when you use the corresponding Replx buttons. You can edit or remove generated drafts before posting on X.

You may also contact Replx for account, privacy, or support requests through the support page or by email. Replx may need information that verifies your account before acting on account-specific requests.

Children

Replx is not intended for children under 13 and is not directed to children. If you believe a child has provided personal information to Replx, contact us so we can review and delete it where appropriate.

International processing

Replx and its processors may process and store data in the United States and other countries where they operate. By using Replx, you understand that data may be processed outside your country of residence, where privacy laws may differ from those in your location.

Policy changes

Replx may update this Privacy Policy from time to time. The updated version will be posted on this page with a new last-updated date. If a change materially affects how Replx handles user data, Replx will provide notice as appropriate for the service.

Contact

If you have questions about this Privacy Policy or Replx data practices, contact Replx through the support page or email real.jingzewu@gmail.com. You can also review the Terms of Service.