Privacy Policy
Last updated: Wed Jun 3, 2026
NEWRISE L.L.C-FZ ("Repline," "we," "us," or "our") is committed to protecting personal data. This Privacy Policy explains what personal data we collect, how we use it, how we share it, and the rights available to individuals.
In this Privacy Policy, a "Merchant" means a business customer, Shopify store, company, or support team that uses Repline. A "Merchant Customer" means an individual customer, prospect, or other person who communicates with a Merchant or whose order or support information is processed by a Merchant through Repline. "Customer Data" means data processed through the Application on behalf of a Merchant, including Merchant Customer data. The "Public Website" means Repline's marketing website and landing pages. The "Application" means Repline's authenticated web app, SaaS product, and related backend services.
1. Who We Are
Repline is a business-to-business customer communications platform for Merchants and support teams. It is operated by NEWRISE L.L.C-FZ, a free zone limited liability company registered under the laws of the Meydan Free Zone, Dubai, United Arab Emirates.
Contact:
- Privacy: privacy@repline.ai
- Legal: legal@repline.ai
- Company: NEWRISE L.L.C-FZ
- Address: Meydan Free Zone, Meydan Hotel, Grandstand, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates
2. Our Role
Repline may act in different roles depending on the data and context:
- For account, billing, Public Website, security, direct relationship, and Repline business operations data, NEWRISE L.L.C-FZ generally acts as the controller.
- For Merchant Customer communications, order information, support context, and other data that Merchants process through the Application on behalf of their Merchant Customers, Repline generally acts as a processor or service provider acting on the Merchant's instructions.
Merchants are responsible for providing appropriate privacy notices to their own Merchant Customers, employees, contractors, and end users, and for ensuring they have a lawful basis to process their data through Repline. This includes informing Merchant Customers, where required, that AI-assisted tools may be used in whole or in part to help manage customer support, analyse support requests, prepare draft replies, or improve support automations.
If you are a Merchant Customer, the Merchant you contacted is generally responsible for its own relationship with you and for responding to privacy requests about the support or order data it controls. Repline may refer your request to that Merchant where Repline acts as its processor or service provider.
3. Personal Data We Collect
We collect the following categories of personal data, depending on whether you use the Public Website, the Application, or interact with a Merchant that uses Repline:
- Account data: name, email address, password hash, company or shop name, role, workspace membership, and account settings.
- Billing data, if applicable: billing address, invoices, subscription details, billing status, and tax information.
- Public Website data: landing page visits, campaign information, cookie preferences, website performance information, and signup or contact form submissions.
- Application usage data: features used in the authenticated Application, request activity, email volumes, timestamps, pages viewed, actions taken, and workspace configuration.
- Technical data: IP address, browser type and version, device type, operating system, time zone, logs, cookie identifiers, and security events.
- Communications data: messages you send to Repline support, feedback, survey responses, and related metadata.
- Connected integration data: data from third-party services a Merchant user chooses to connect, such as Gmail, Shopify, analytics tools, fulfilment tools, or shipping tools.
- Merchant Customer communication data: Merchant Customer emails handled through Repline, message identifiers and metadata, reply drafts, sent replies, attachment metadata, request status, classification data, and automation events handled through Repline.
- AI feature data: prompts, relevant message context, generated drafts, classifications, user edits, approval events, personalization settings, and workspace-specific style examples or signals generated from eligible communications.
We do not sell personal data.
4. Gmail and Google Workspace Data
If a Merchant user connects Gmail or another Google Workspace service, Repline may request access to Google user data only for user-facing features the Merchant enables, such as inbox sync, request management, reply drafting, sending replies, and support automation.
Current Gmail scopes may include:
gmail.modifygmail.send
Repline may access and process Gmail data such as message identifiers, thread identifiers, sender metadata, subject metadata, labels, timestamps, sent replies, and related automation state.
Repline stores only limited Gmail data needed to provide the Service, maintain conversation history, and operate support automations. Full inbound email body content is generally fetched from Gmail when needed for user-facing features rather than permanently stored in Repline by default. Repline-authored outbound replies may be stored so the conversation can be displayed after sending.
Reply personalization may be enabled by default because it is part of how Repline provides more relevant and brand-consistent draft replies. Repline provides clear information about this feature during onboarding and in settings, and Merchant users may disable it before continuing or later through available product controls. If a Merchant disables reply personalization, the Merchant may continue using Repline, but generated drafts may be less tailored to its support style.
When reply personalization is enabled, Repline may analyse eligible communications handled through Repline to generate workspace-specific style examples or personalization signals. These examples may be AI-generated and synthetic, and are intended to improve reply suggestions for that Merchant workspace or connected account, not to train a general-purpose model.
Repline's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We do not use Gmail data to train or improve generalised AI or machine learning models beyond the relevant Merchant workspace's personalization features or user-facing features. We do not use Gmail data for advertising, retargeting, credit-worthiness, lending, or sale to data brokers.
5. Shopify Data
If a Merchant user connects Shopify, Repline may access Shopify data only as needed to provide enabled user-facing features, such as Merchant Customer support context, order lookup, request analysis, and reply drafting.
Current required Shopify access scopes include:
read_customersread_orders
These scopes allow Repline to read Merchant Customer and order information needed for support automations. If future features require additional Shopify scopes, Repline may ask the Merchant to re-authorise the integration and may provide an in-product notice before those features are enabled.
Repline generally accesses Shopify Merchant Customer and order details as needed for enabled support automations. Where ongoing records are needed for support automation continuity, Repline stores limited references or metadata rather than full Shopify customer or order records where practical.
6. How We Collect Data
We collect personal data:
- directly from you when you create an account, configure a workspace, subscribe to a plan, contact us, or use the Service;
- automatically as you use the Public Website or Application, through logs, cookies, analytics tools, and similar technologies;
- from connected integrations a Merchant user authorises, such as Gmail, Shopify, analytics tools, fulfilment tools, shipping tools, and other services; and
- from Merchants who use Repline to process Merchant Customer communications and support automations.
7. How We Use Data
We use personal data for the following purposes:
- to create accounts, authenticate users, and operate workspaces;
- to provide the Service, including inbox sync, request management, reply drafting, sending replies, support automation, analytics, and integrations;
- to manage subscriptions, issue invoices where applicable, and administer usage limits;
- to provide support, troubleshoot issues, and respond to enquiries;
- to secure the Service, detect abuse, prevent fraud, and investigate incidents;
- to monitor and improve performance, reliability, user experience, and product functionality;
- to provide AI-assisted features such as request classification, draft generation, automation suggestions, and reply personalization where enabled by or for a Merchant workspace;
- to generate workspace-specific AI-generated synthetic examples or personalization signals when reply personalization is enabled;
- to send transactional communications such as account notices, security alerts, invoices, and product updates;
- to send marketing communications where permitted by law or with consent where required;
- to comply with legal obligations and enforce our Terms and agreements; and
- to create aggregated or de-identified analytics where the data no longer identifies an individual.
8. Legal Bases
Where the GDPR, UK GDPR, or similar laws apply, we rely on the following legal bases:
- Contract performance: to provide the Service, manage accounts, process subscriptions, and support connected integrations.
- Legitimate interests: to secure and improve the Service, prevent fraud, understand product usage, support Merchants and users, and send relevant business communications, where those interests are not overridden by individual rights.
- Consent: for non-essential cookies and certain marketing communications where consent is required.
- Merchant instruction or product setting: where a Merchant uses, enables, disables, or continues with optional workspace features, including default-enabled reply personalization disclosed during onboarding and available in settings, and instructs Repline to process Customer Data for that feature.
- Legal obligation: to comply with tax, accounting, legal, regulatory, and security obligations.
Where Repline processes Merchant Customer data as a processor, the relevant Merchant is responsible for identifying the applicable legal basis for its own processing activities and instructions.
9. AI Features and Reply Personalization
Repline uses AI-assisted features to help Merchants understand requests, generate reply drafts, classify support automations, and improve response quality.
AI features may be provided using third-party AI infrastructure providers. These providers are required to process Customer Data only on Repline's instructions and subject to appropriate contractual, confidentiality, and security obligations. We can provide further information about subprocessors where required by applicable law or contract.
When reply personalization is enabled, Repline may use eligible communications and related support activity handled through Repline to create workspace-specific examples, style preferences, or personalization signals for the relevant Merchant workspace.
Personalization may generate AI-generated synthetic examples that reflect the Merchant's support style. These examples are intended to improve future Repline reply suggestions for the same workspace or connected account.
Merchant users may disable reply personalization through onboarding controls or settings where available. Disabling personalization stops future optional personalization processing, but does not necessarily delete operational records that are retained for service, legal, security, or billing purposes.
AI-generated drafts and suggestions should be reviewed before use. Repline does not make solely automated decisions that produce legal effects or similarly significant effects on individuals unless separately disclosed and legally permitted.
Merchants are responsible for deciding how they use AI-assisted outputs in their own customer support operations and for providing any notices required by applicable law to Merchant Customers, including notices that AI-assisted tools may be used to help manage support requests or prepare responses.
10. Human Access and Review
Repline restricts internal access to Customer Data to authorised personnel with a need to know, such as senior engineering, security, or support personnel involved in operating, securing, debugging, or improving the Service.
Personnel with access to Customer Data are subject to confidentiality obligations and internal access controls. We aim to limit access to the minimum necessary for the relevant task.
Repline does not conduct broad human review of Merchant Customer communications for general model training. If Repline introduces human review of Merchant Customer data for quality improvement, personalization evaluation, or similar purposes beyond ordinary support and security operations, we will provide appropriate notice and controls where required.
11. Analytics
Public Website and Landing Pages
On our public website and landing pages, we may use Google Analytics 4 to measure audience and performance. Google Analytics 4 only sets non-essential cookies on your browser after your consent. If you refuse non-essential analytics cookies on the public website, we do not run those non-essential website analytics or non-essential campaign tracking.
When a visitor later creates or accesses an authenticated Repline workspace, we may reconcile lawfully collected website, signup, account, and workspace information to understand whether a public website visit became a Repline business customer relationship. This reconciliation is used to measure acquisition and product performance. It uses account and workspace information Repline already needs to operate the Service, and does not require Repline to collect Merchant Customer support email bodies, Shopify order details, or Gmail message content on the public website.
Learn more:
- Google Privacy Policy: https://policies.google.com/privacy
Authenticated Web App and SaaS Application
Within the Application, we use limited usage telemetry to operate, secure, measure, and improve the Service for authenticated workspaces. This may include product and operational events such as feature usage, workspace activity, and related usage metrics.
Application usage telemetry may be collected through Repline systems and product analytics providers such as Mixpanel. We do not use Google Analytics 4 inside the Repline application. Application telemetry is associated with the authenticated workspace or shop because Repline already needs that account context to provide the Service.
Application telemetry is designed around explicit product and operational events, not broad session replay. It is not intended to collect Merchant Customer support email bodies, Shopify order details, Gmail message bodies, attachment contents, or Merchant Customer-identifying support content. Browser-side product analytics may be partially blocked by browser or network controls such as ad blockers.
Where application telemetry uses cookies or similar technologies that require consent under applicable law, we will request consent or configure those technologies accordingly.
Learn more:
- Mixpanel Privacy Policy: https://mixpanel.com/legal/privacy-policy/
12. Cookies and Tracking
We use cookies and similar technologies differently on the Public Website and in the Application.
On the Public Website, we use cookies and similar technologies for:
- essential website operations, such as security, routing, and remembering cookie choices;
- preferences, such as remembering settings;
- website analytics, where enabled after consent; and
- marketing or campaign measurement where enabled.
In the Application, we use cookies and similar technologies for essential operations such as authentication, session management, security, load balancing, preferences, and workspace operation. Application telemetry may also be associated with the authenticated workspace or shop as described above.
Essential cookies are necessary for the Public Website or Application and cannot be disabled through our cookie tools. Non-essential Public Website analytics or marketing cookies are set only where consent has been obtained.
You can manage cookie preferences through our cookie settings tools where available and through your browser settings. You may withdraw consent at any time where processing is based on consent.
13. How We Share Data
We may share personal data with:
- service providers and subprocessors that help us operate the Service, such as hosting, database, infrastructure, security, analytics, email delivery, customer support, and AI infrastructure providers;
- connected integrations that a Merchant chooses to authorise, such as Gmail, Shopify, fulfilment, shipping, or other automation tools;
- professional advisers, such as lawyers, accountants, auditors, and insurers;
- authorities, courts, regulators, or other third parties where required by law or necessary to protect rights, security, users, or the public; and
- parties involved in a merger, acquisition, financing, corporate reorganisation, or sale of assets, subject to appropriate confidentiality and privacy protections.
We do not sell or rent personal data. We do not use Merchant Customer data for third-party advertising.
14. Data Processing Agreements and Subprocessors
Where Repline acts as a processor for a Merchant, the processing should be governed by a data processing agreement or equivalent data protection terms where required by applicable law.
Repline may use subprocessors to provide hosting, database, infrastructure, security, analytics, email delivery, AI infrastructure, and integration services. Current subprocessors and integration providers may include providers such as Google, Shopify, Mixpanel, AI infrastructure providers, and hosting or database providers. We may provide a more detailed subprocessor list or notify customers of material subprocessor changes where required by law or contract.
15. Hosting and International Data Transfers
Repline currently aims to host and store core platform data in Europe. This includes European hosting and database infrastructure for the core application and backend storage. Our infrastructure providers, regions, and deployment architecture may evolve over time, but we aim to keep core platform storage in Europe where practical.
NEWRISE L.L.C-FZ is headquartered in Dubai, United Arab Emirates, and some staff, service providers, subprocessors, or connected integrations may access or process data from outside the EEA, UK, or Switzerland.
Where required, we use appropriate safeguards for international transfers, such as Standard Contractual Clauses, data processing agreements, transfer impact assessments, or other lawful transfer mechanisms.
You may contact privacy@repline.ai for more information about international transfer safeguards.
16. Security
We use technical and organisational measures designed to protect personal data, including access controls, authentication and session controls, encrypted transport where appropriate, encryption for selected sensitive stored fields, restricted access to backend credentials, need-to-know internal access, logging and monitoring, and data minimisation practices.
Repline aims to avoid logging Merchant Customer email bodies, Shopify Merchant Customer details, order details, or other Merchant Customer-identifying support content. Operational logs are designed to use technical identifiers such as shop IDs, request IDs, event IDs, durations, statuses, and error categories. Sensitive keys such as tokens, secrets, cookies, authorisation values, and similar credentials are redacted from logs where detected.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
17. Retention and Deletion
We retain personal data for as long as needed to provide the Service, comply with legal obligations, resolve disputes, enforce agreements, maintain security, and operate our business.
Current retention practices include:
- Account and workspace data: retained while the account is active and for a reasonable period after termination, unless deletion is requested and no legal retention obligation applies.
- Billing and financial records: retained for up to 7 years or longer where required by tax or accounting law.
- Support communications: retained for up to 2 years unless a longer period is needed for legal, security, or business reasons.
- Application logs: generally retained for a short operational window, currently intended to be up to 30 days, unless needed for investigation, security, debugging, or legal reasons.
- Security and incident logs: generally retained for up to 90 days, unless a longer period is needed for investigation, security, legal, or abuse-prevention reasons.
- Gmail message metadata: generally retained for a limited operational window, currently designed around 90 days for locally stored inbox metadata.
- Full inbound Gmail body content: generally fetched from Gmail when needed for user-facing features rather than permanently stored in Repline by default.
- Repline-authored outbound replies: may be stored for conversation history, auditability, and service operation.
- Shopify Merchant Customer and order data: generally accessed as needed for enabled support automations, with limited references or metadata retained where needed for support automation continuity.
- Reply personalization data: retained while personalization is enabled or as otherwise needed to provide the Service, unless deletion is requested and no legal retention obligation applies.
Disconnecting an integration stops new authorised sync activity for that integration. You may contact privacy@repline.ai to request deletion or purge of data associated with a disconnected integration. Until automated deletion controls are available, some deletion operations may be handled manually by Repline, subject to identity verification and legal or operational retention requirements.
18. Your Rights
Depending on your location and the context of processing, you may have rights to:
- access personal data;
- correct inaccurate or incomplete data;
- request deletion;
- restrict processing;
- object to processing based on legitimate interests or direct marketing;
- receive a portable copy of certain data;
- withdraw consent where processing is based on consent; and
- lodge a complaint with a supervisory authority.
To exercise rights, contact privacy@repline.ai. We may need to verify your identity before acting on a request.
If your data is processed by a Merchant using Repline, we may refer your request to that Merchant where Repline acts as its processor.
19. Marketing Communications
You may opt out of marketing emails by using the unsubscribe link in those emails or by contacting privacy@repline.ai. We may still send non-marketing transactional or service messages.
20. Children's Privacy
Repline is a business service and is not directed to children under 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to Repline, contact privacy@repline.ai and we will take appropriate steps.
21. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, product, integrations, or legal requirements. We will update the "Last updated" date and provide notice of material changes where required by law or where the change materially affects users.
22. Contact
For privacy questions or requests, contact:
- Email: privacy@repline.ai
- Company: NEWRISE L.L.C-FZ
- Address: Meydan Free Zone, Meydan Hotel, Grandstand, Meydan Road, Nad Al Sheba, Dubai, United Arab Emirates