1. Introduction
Welcome to Reply.BD ("we", "our", or "us"), a product of Tarun Soft Pvt Limited, a company registered in Bangladesh with its registered office at 47, West Shewrapara, Mirpur, Dhaka-1216, Bangladesh.
We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at reply.bd.
Please read this policy carefully. If you disagree with its terms, please discontinue use of our service.
2. Information We Collect
2.1 Information You Provide
- Account information: name, email address, and password when you register.
- Facebook credentials: we store your Facebook Page access tokens (encrypted at rest) so we can send and receive Messenger messages on your behalf.
- Product catalog: product names, descriptions, prices, and images you upload.
- Settings: your chosen AI model, system prompt, and reply preferences.
2.2 Information Collected Automatically
- Messenger conversations: messages exchanged between your Facebook Page and your customers are stored to power AI replies and your conversation history panel.
- Usage data: log data such as IP address, browser type, and pages visited for security and analytics purposes.
- Conversion events: when customers interact with the bot (first message, order initiation, order completion), hashed interaction signals may be sent to Facebook via the Conversions API for platform analytics. Phone numbers and names are hashed with SHA-256 before transmission — never sent in plain text.
2.3 Information From Facebook
When you connect a Facebook Page, we receive your Facebook user ID, page IDs, page names, and page-level access tokens via the Facebook Graph API. We do not access your personal Facebook profile beyond what is required to list and connect pages.
3. How We Use Your Information
- To operate, maintain, and improve the Reply.BD platform.
- To send automated AI replies to your customers via Facebook Messenger.
- To display your conversation history and analytics in the dashboard.
- To authenticate you and keep your account secure.
- To communicate with you about service updates, billing, and support.
- To send hashed conversion events to Facebook via the Conversions API for platform improvement and aggregate analytics.
- To comply with legal obligations.
4. Sharing Your Information
We do not sell, trade, or rent your personal information. We may share data with:
- OpenAI: message context is sent to OpenAI's API to generate AI replies, subject to OpenAI's Privacy Policy.
- Facebook / Meta: messages are sent back to customers via the Facebook Messenger API. Hashed conversion events may be transmitted via the Facebook Conversions API for analytics purposes, subject to Meta's Privacy Policy.
- SMS providers (Bangladesh): if SMS order verification is enabled on your plan, the customer's phone number is sent to our SMS gateway solely to deliver a one-time verification code.
- Cloudflare R2: uploaded images (products, logos, media) are stored on Cloudflare's R2 object storage under our data-processing agreement.
- Hostinger: our hosting provider, which processes data solely on our behalf.
- Legal requirements: if required by law, court order, or governmental authority.
5. Data Retention
We retain your data for as long as your account is active or as needed to provide our services. You may request deletion of your account and associated data at any time (see Section 7). Facebook user data is deleted within 30 days of a valid data-deletion request.
6. Security
We implement industry-standard security measures including:
- Encryption of Facebook access tokens at rest using AES-256.
- HTTPS (TLS) for all data in transit.
- HMAC-SHA256 signature verification for all Facebook webhook payloads.
- Hashed passwords (bcrypt) for user accounts.
No method of transmission over the internet is 100% secure. We strive to use commercially acceptable means to protect your data but cannot guarantee absolute security.
7. Your Rights & Data Deletion
You have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Delete your data — submit a request via our Data Deletion page or by emailing us.
- Restrict or object to processing.
- Port your data in a machine-readable format.
Facebook users may also trigger automatic data deletion by removing the Reply.BD app from their Facebook account settings. We will process such requests within 30 days.
8. Cookies & Tracking
We use only essential session cookies required to keep you logged in and protect against CSRF attacks. We do not place advertising cookies in your browser.
However, we may use the Facebook Conversions API (server-side) to transmit hashed interaction events from our servers to Facebook — no browser-based pixel or cookie is involved in this process. This is used solely for aggregate platform analytics and improvement.
9. International Data Transfer
Our servers are located in data centres operated by our hosting providers. Data submitted by EU/UK residents may be transferred outside the European Economic Area. Where such transfers occur, we rely on standard contractual clauses or other lawful mechanisms to protect your data.
10. Third-Party Links
Our platform may link to third-party sites. We are not responsible for the privacy practices of those sites and encourage you to review their policies.
11. Children's Privacy
Reply.BD is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal data, please contact us and we will remove it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page with an updated date. Continued use of the service after changes constitutes acceptance.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your rights, please contact us at: