Privacy Policy

Effective Date: April 24, 2026
Version: 1.0

This Privacy Policy explains how BrightCube Software LLC (“we,” “us,” or “our”) collects, uses, and protects your information when you use myReply (the “Service”).

What We Collect

Account Information

  • Email address and authentication credentials
  • Google account information (if you sign in with Google)
  • Apple account information (if you sign in with Apple)

Business Information

  • Business name, industry, description, and contact details
  • Knowledge, FAQs, policies, and any content you provide to ground your assistants' replies
  • Team members and their roles and permissions

Assistant Configuration

  • Assistant names, personas, system prompts, and tone settings
  • Chat page appearance and branding
  • Guardrails and escalation rules you configure

Conversation Data

When people chat with your assistants, we store:

  • Messages sent by the visitor and replies generated by your assistant
  • Timestamps, session identifiers, and locale
  • Any contact details a visitor chooses to share (name, email, phone)
  • Metadata your assistant extracts from the conversation (intents, topics, escalation flags)

Conversation data belongs to your business. You are the controller of your end customers' data; we act as a processor on your behalf.

Usage and Operational Data

  • Page views, feature usage, and performance telemetry
  • Device type, browser, IP address, and approximate location
  • Error logs and diagnostic information

How We Use Your Data

We use your data only to:

  • Provide the Service and generate replies through your assistants
  • Ground assistant replies in the knowledge you have provided
  • Maintain and improve features, fix bugs, and monitor performance
  • Communicate with you about your account, updates, and security
  • Enforce our Terms and prevent abuse, fraud, and illegal activity

We do NOT:

  • Sell your data or your customers' data
  • Use your business data or conversations to train public AI models
  • Share your data across businesses
  • Advertise to you or your customers

Data Isolation

Every business's data is isolated. Your team members and assistants can only access data that belongs to your business. Database-level access controls prevent cross-business data leakage.

AI and Your Data

myReply uses third-party AI model providers (such as Anthropic and OpenAI) to generate replies. When a visitor chats with your assistant, the visitor's messages and your configured knowledge are sent to the AI model provider so it can generate a response.

We select AI providers with enterprise data-handling terms that prohibit using your data to train their public models. Providers may retain data briefly for abuse monitoring according to their own policies. We do not permanently store your data on AI provider systems.

Data Storage and Security

  • Data is encrypted in transit (HTTPS/TLS) and at rest
  • Authentication is handled through Supabase with industry-standard practices
  • Access controls ensure only authorized users can view your business's data
  • We monitor systems for unauthorized access and unusual activity

No system is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security.

Cookies

We use cookies and similar technologies for:

  • Authentication (keeping you logged in)
  • Preferences (locale, theme)
  • Chat session continuity for visitors on your chat pages
  • Operational analytics

We do not use cookies for cross-site advertising or tracking.

Third-Party Services

We use the following third-party services to operate myReply:

Infrastructure & Storage

  • Supabase: database, authentication, and file storage
  • Vercel: application hosting and content delivery

AI Processing

  • Anthropic and/or OpenAI: large language model providers used to generate assistant replies

Email

  • Resend: transactional email delivery (account notifications, receipts, password resets)

Payments (if applicable)

  • Stripe: processes payments for paid subscriptions. We do not store full payment card numbers.

Authentication Providers

  • Google / Apple: used when you choose social sign-in

Each third-party provider operates under its own privacy policy. We only share the minimum data necessary to provide the Service.

Your Rights

Access and Export

You can view your assistants, knowledge, and conversation history at any time through the Service. On request, we will provide a machine-readable export of your business data.

Correction

You can update your account information, business details, assistants, and knowledge at any time through the Settings page.

Delete Your Account

You may delete your account at any time through the Settings page. Upon deletion:

  • Your published chat pages will be taken offline
  • Your assistants will stop responding to new messages
  • Your business data, assistants, and conversation history will be permanently deleted within 30 days
  • Active subscriptions will be cancelled

Unpublish a Chat Page

You can unpublish any chat page at any time. Unpublished pages stop accepting new conversations but retain existing history so you can review them.

California and International Users

California Residents (CCPA)

California residents have the right to:

  • Know what personal information we collect
  • Request deletion of personal information
  • Opt out of the sale of personal information (we do not sell personal information)
  • Non-discrimination for exercising these rights

European Users (GDPR)

Users in the European Economic Area have additional rights, including the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with a supervisory authority

Our legal basis for processing is the performance of a contract with you (providing the Service) and our legitimate interest in operating and improving the Service.

Data Retention

  • Active account data is retained as long as your account is active
  • Conversation history is retained unless you delete it
  • On account deletion, your data is permanently deleted within 30 days
  • Backups are retained for disaster recovery and purged on a rolling basis
  • Audit and security logs may be retained longer where required by law

Data from Your End Customers

When people visit your chat pages and talk to your assistants, we collect and process their data on your behalf. We do not contact them, market to them, or use their data for our own purposes.

You are responsible for telling your visitors that their conversations with your assistants are processed by an AI system and for complying with any privacy notice or consent requirements that apply to your business.

Children's Privacy

myReply is not intended for use by children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will update the Effective Date and version at the top. Significant changes will be communicated via email or in-app notification. Continued use of the Service constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your data, please contact us:

Email: support@brightcube.app
Legal Entity: BrightCube Software LLC
United States

Summary

You own your business's data and your end customers' conversations. We process your data only to run the Service and generate replies through your assistants. We don't sell data, don't train public AI models on your data, and don't advertise to you or your customers. You can export or delete your data at any time.

Back to login