Overview
This Privacy Policy explains how NexReply, operated by WebDreamScape, collects, uses, stores, and protects your information when you use our AI customer support platform. By using NexReply, you agree to the practices described here.
NexReply is a Software-as-a-Service (SaaS) platform that enables businesses to deploy AI-powered customer support chatbots on WhatsApp. In delivering this service, we process data belonging to you as a business owner (our customer) and data belonging to your end customers who interact with your chatbot.
We take your privacy seriously. We collect only what we need, we do not sell your data to anyone, and we give you control over what you share with us.
Data We Collect
Account and Business Data
When you register for NexReply, we collect the following:
- Name and email address used to create your account
- Business name, location, operating hours, and contact details you enter into your business profile
- Payment information — processed and stored by Paddle, our payment provider. We never see or store your full card details
- Your chosen subscription plan and billing history
Product and Catalog Data
When you connect your store or upload products, we collect and store:
- Product names, descriptions, prices, stock levels, and images
- API credentials and tokens used to connect to Shopify, WooCommerce, or your custom API — stored encrypted at rest
- CSV files you upload for product imports
Chat and Message Data
When your customers send messages through WhatsApp, we process:
- The content of customer messages, including text and images sent to your bot
- WhatsApp user identifiers (numeric IDs, not personal names unless the customer provides them)
- Timestamps and conversation history used to provide context to the AI
- Support ticket data created when messages are escalated to your team
Technical and Usage Data
- IP addresses and browser information when you use the NexReply dashboard
- Pages visited, features used, and session duration — used to improve the platform
- Server logs, error reports, and performance metrics
How We Use Your Data
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing the chatbot service | Business profile, product catalog, chat history | Contract performance |
| Processing payments | Email, subscription plan | Contract performance |
| Sending service emails | Email address | Contract performance |
| Improving AI accuracy | Anonymised conversation data | Legitimate interest |
| Security and fraud prevention | IP addresses, usage patterns | Legitimate interest |
| Legal compliance | Account and billing records | Legal obligation |
We do not use your data for advertising, we do not build profiles for third-party marketing, and we do not use your customers' conversations to train general-purpose AI models without explicit consent.
Data Sharing
We do not sell, rent, or trade your personal data or your customers' data to any third party. Data is shared only in the following limited circumstances:
- Service providers — we use trusted sub-processors (listed below) to operate our infrastructure. They process data only on our instructions and under strict data protection agreements.
- Legal requirements — we may disclose data if required by law, court order, or governmental authority.
- Business transfer — in the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you in advance and give you the option to delete your account.
- Your instruction — when you connect third-party integrations (Shopify, WooCommerce), you are explicitly authorising us to exchange data with those services on your behalf.
Third-Party Services
NexReply uses the following third-party services to operate. Each has its own privacy policy which we encourage you to review:
| Service | Purpose | Data transferred |
|---|---|---|
| Anthropic Claude API | AI language processing | Customer message content, business context |
| Message delivery | Message content, chat IDs | |
| Paddle | Payment processing | Email, billing details |
| Shopify / WooCommerce | Product catalog sync (if connected) | Store products, stock data |
| VPS / Server provider | Infrastructure hosting | All data at rest and in transit |
Data Retention
We retain your data for as long as your account is active. Specific retention periods are as follows:
- Account and billing data — retained for 7 years after account closure to comply with financial regulations
- Chat and conversation history — retained for 12 months from the date of the conversation, then permanently deleted
- Product catalog data — deleted within 30 days of account closure
- Server logs — retained for 90 days then automatically purged
- Uploaded images — retained while your account is active. Deleted within 30 days of account closure
You may request early deletion of specific data at any time by contacting us. See the Your Rights section below.
Your Rights
Depending on your location, you have the following rights regarding your personal data. We will respond to all requests within 30 days.
Rights available to all users
- Right to access — request a copy of all personal data we hold about you
- Right to correction — request correction of inaccurate or incomplete data
- Right to deletion — request deletion of your account and associated data, subject to legal retention requirements
- Right to data portability — request your data in a structured, machine-readable format
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time
Additional rights for EU / EEA residents (GDPR)
- Right to object to processing based on legitimate interests
- Right to restrict processing while a complaint is being investigated
- Right to lodge a complaint with your local Data Protection Authority
Additional rights for California residents (CCPA)
- Right to know what personal information is collected and how it is used
- Right to opt out of the sale of personal information — we do not sell personal information
- Right to non-discrimination for exercising your rights
To exercise any of these rights, email us at privacy@nexreply.app. We may ask you to verify your identity before processing the request.
Security
We implement technical and organisational measures to protect your data against unauthorised access, loss, or disclosure:
- All data is transmitted over HTTPS with TLS 1.2 or higher
- API credentials and tokens stored in the database are encrypted at rest using AES-256
- Access to production systems is restricted to authorised personnel only
- Regular automated backups with encrypted storage
- Server-level firewall and DDoS protection
- Dependency and security updates applied promptly
If you discover a security vulnerability in NexReply, please report it responsibly to security@nexreply.app before disclosing it publicly. We take all reports seriously and will respond within 48 hours.
Cookies
NexReply uses a minimal set of cookies necessary to operate the platform. We do not use advertising cookies or tracking pixels.
| Cookie | Purpose | Duration |
|---|---|---|
| nexreply_session | Maintains your login session in the dashboard | 2 hours / session |
| XSRF-TOKEN | Prevents cross-site request forgery attacks | 2 hours |
| remember_token | Keeps you logged in if you select "Remember me" | 30 days |
You can disable cookies in your browser settings but this will prevent you from logging into the NexReply dashboard.
Children
NexReply is a business-to-business service intended for use by adults operating businesses. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has provided data to us, please contact us immediately and we will delete it promptly.
Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email at least 14 days before the changes take effect. The date at the top of this page reflects the most recent revision.
Continued use of NexReply after the effective date of a revised policy constitutes acceptance of the updated terms. If you do not agree with the changes, you may close your account before the effective date.
Contact Us
If you have any questions about this Privacy Policy or how we handle your data, please reach out to us: