GDPR Compliance Statement

Reply Master AI ("we," "us," or "our") is fully committed to compliance with the General Data Protection Regulation (GDPR), which applies to individuals ("Data Subjects") within the European Economic Area (EEA) and the United Kingdom (UK).

This GDPR Compliance Statement explains our role as both a Data Controller and a Data Processor, outlines the legal bases for our processing activities, and details the specific rights afforded to Data Subjects under the GDPR. This document supplements our main Privacy Policy.

The GDPR distinguishes between "Data Controllers" (who determine the purposes and means of processing) and "Data Processors" (who process data on behalf of a controller). Reply Master AI acts in both capacities:

Reply Master AI as Data Controller: We act as a Data Controller for the personal data of our direct customers (the individuals or businesses who subscribe to our Service). This includes:

• Account Information: Name, email address, and billing details provided at sign-up.
• Communication Data: Information you provide when contacting our support team.
• Usage Data: Automatically collected technical and interaction data about how you use the Reply Master AI dashboard and platform.

Reply Master AI as Data Processor: We act as a Data Processor for the personal data that our customers (the Controllers) manage through our Service. Our customers are the Data Controllers for this data. This includes:

• End-User Content: Comments from Facebook Pages, comments and Direct Messages from Instagram accounts, and messages from WhatsApp Business accounts.
• End-User Metadata: The associated names, user IDs (e.g., PSID), phone numbers, and timestamps connected to that content.

As the Data Controller, our Customer (the Facebook Page, Instagram account, or WhatsApp Business account owner) is solely responsible for ensuring they have a valid legal basis (e.g., consent, legitimate interest) to collect and process their end-users' personal data using our Service.

We process our direct customers' personal data based on the following legal bases under GDPR Article 6:

• Contractual Necessity (Art. 6(1)(b)): We process your Account Information and associated data to fulfill our contract with you—that is, to provide, maintain, and secure the Reply Master AI Service you subscribed to.
• Legitimate Interests (Art. 6(1)(f)): We process Usage Data and Communication Data to operate and improve our Service, such as for security monitoring, analytics, bug fixing, and service enhancement. We also rely on legitimate interest for certain marketing communications, from which you can opt out.
• Legal Obligation (Art. 6(1)(c)): We may be required to process certain data (e.g., billing records) to comply with our legal and financial obligations.
• Consent (Art. 6(1)(a)): Where required, we will ask for your explicit consent to process your data, such as for sending non-essential marketing communications.

If you are a Data Subject in the EEA or UK, you have the following rights regarding your personal data:

• Right of Access (Art. 15): The right to request copies of your personal data.
• Right to Rectification (Art. 16): The right to request that we correct any inaccurate or incomplete data.
• Right to Erasure (Art. 17): The right to request that we erase your personal data ("right to be forgotten"), under certain conditions.
• Right to Restrict Processing (Art. 18): The right to request that we restrict the processing of your data, under certain conditions.
• Right to Object (Art. 21): The right to object to our processing of your data when it is based on legitimate interests.
• Right to Data Portability (Art. 20): The right to request that we transfer the data we have collected to another organization, or directly to you, in a structured, machine-readable format.
• Right to Withdraw Consent (Art. 7): If processing is based on your consent, you have the right to withdraw it at any time.
• Right to Lodge a Complaint (Art. 77): You have the right to lodge a complaint with your local Data Protection Authority (DPA).

How to Exercise Your Rights:

• If you are a Reply Master AI Customer: You may exercise these rights by contacting us directly at support@replymaster.ai.
• If your data is processed by our Service (e.g., you commented on a Facebook Page that uses our Service): You must contact the Data Controller (the owner of the Facebook Page, Instagram account, or WhatsApp Business account) to exercise your rights. Reply Master AI, as a Data Processor, is obligated to act upon the documented instructions of our customer (the Controller).

To provide the Service, we utilize third-party providers (such as Google Cloud for hosting and OpenAI for AI processing) that may be located outside the EEA. This means your data, and the data you process, may be transferred to and stored in countries like the United States.

We ensure such transfers are lawful under GDPR by relying on established legal mechanisms, including:

• Standard Contractual Clauses (SCCs): We have entered into (or will enter into) SCCs, also known as EU Model Clauses, with our third-party subprocessors to ensure your data receives an adequate level of protection, as required by EU law.
• Adequacy Decisions: We may rely on an Adequacy Decision from the European Commission, where applicable, which recognizes a non-EEA country as providing an equivalent level of data protection.

For our customers who are Data Controllers under GDPR, we offer a Data Processing Agreement (DPA) as required by Article 28. This DPA contractually governs our role as a Data Processor and outlines our commitments to data security, confidentiality, and compliance with your instructions. Our DPA is available upon request by contacting support@replymaster.ai.

As detailed in our main Privacy Policy, we implement robust technical and organizational measures to protect personal data from unauthorized access, use, alteration, or destruction, in line with GDPR requirements.

If you have any questions, concerns, or requests specifically related to this GDPR Compliance Statement or your data protection rights, please contact our data privacy team at:

Email: support@replymaster.ai.