← Back to Home
🔒 Privacy Policy
Last updated: March 31, 2026
In compliance with Regulation (EU) 2016/679 General Data Protection Regulation (GDPR), we inform you about the processing of your personal data.
1. Data Controller
| Detail | Information |
|---|
| Owner | IndieFist |
| Address | Calle Sueca, 46006 Valencia, Spain |
| Website | replyreview.app |
| Contact email | info@replyreview.app |
2. Data We Collect
We collect the following personal data:
- Email: Provided during registration. Used as an account identifier and for service-related communications.
- Password: Stored in encrypted form (bcrypt hash). It is never stored in plain text and is not accessible by staff.
3. Third-Party Data We Process
When a user connects their Google Play Console account, our system processes:
- Public reviews: Username, review text, rating, and date (data already public on Google Play).
- Service Account credentials: Google Cloud JSON file, stored encrypted with AES-256-GCM. Used exclusively to access the Google Play API on behalf of the user.
We do not access financial data, download statistics, APKs, or any other Google Play Console data beyond what is explicitly authorized by the user.
4. Purpose of Processing
- Manage user registration and authentication.
- Provide the service for reading and responding to Google Play reviews.
- Generate automatic responses using artificial intelligence.
- Send service-related communications (if applicable).
5. Legal Basis
- Performance of a contract: Processing is necessary to provide the service contracted by the user (Art. 6.1.b GDPR).
- Consent: For processing Google Play credentials, the user gives explicit consent when uploading their credentials (Art. 6.1.a GDPR).
- Legitimate interest: For the security and proper functioning of the system (Art. 6.1.f GDPR).
6. Data Security
We implement technical measures to protect your data:
- Credential encryption with AES-256-GCM.
- Passwords hashed with bcrypt.
- Encrypted communications with SSL/TLS (Let's Encrypt certificate).
- Authentication via JWT tokens with expiration.
- PostgreSQL database with restricted access.
- Firewall (UFW) configured on the server.
7. Data Retention
- Account data is retained as long as the user maintains an active account.
- Google Play credentials can be deleted by the user at any time.
- After account deletion, data will be erased within a maximum of 30 days.
8. Data Sharing with Third Parties
We do not sell or share personal data with third parties.
Data is only communicated to:
- Google Play API: To perform actions requested by the user (reading and responding to reviews), using the credentials provided by the user.
9. International Transfers
Data is stored on servers located in the European Union. Communications with the Google Play API are conducted through Google servers that comply with adequate safeguards under the GDPR.
10. Your Rights
You have the right to:
- Access: Know what personal data we process.
- Rectification: Correct inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten").
- Restriction: Request restriction of processing.
- Portability: Receive your data in a structured format.
- Objection: Object to the processing of your data.
To exercise these rights, contact us at info@replyreview.app.
You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD): www.aepd.es, or with your local supervisory authority.
11. Contact