ReplyPilot - Privacy Policy

Effective date: March 26, 2026
Last updated: March 29, 2026

1. Introduction

ReplyPilot ("we", "our", "the extension") is a Chrome browser extension that automatically generates and posts replies to Reddit posts using AI. This privacy policy explains what data we collect, how we use it, how we store it, and how we share it. We are committed to protecting your privacy and being transparent about our data practices.

2. Data Collection

We collect the minimum data necessary to provide our service. Here is a complete list of all data we collect:

Data	What it is	Why we collect it
Anonymous Installation ID	A randomly generated UUID created locally in your browser	To track your usage limits and plan status (free vs paid)
Reply Count	Number of AI replies generated per hour	To enforce rate limits (3/hr free, 100/hr paid)
Plan Status	Whether you are on the free or paid plan	To determine your rate limit tier
Reddit Post Content	Post titles, body text, subreddit names, and top comments from posts you reply to	Sent to our server in real-time to generate contextual AI replies. This data is processed and immediately discarded. It is NOT stored, logged, or retained.

Data we do NOT collect:

Your name, email address, or any personal identifiers
Your Reddit username, password, or authentication tokens
Your browsing history or activity outside of the reply generation process
Cookies, IP addresses (beyond standard server access logs), or device fingerprints
Payment information (handled entirely by third-party payment processor)
The content of replies after they are posted

3. How We Use Your Data

We use the collected data exclusively for the following purposes:

Anonymous Installation ID: To identify your installation for rate limiting and plan management. This ID cannot be linked to your identity.
Reply Count: To enforce hourly rate limits and prevent abuse.
Plan Status: To determine whether to apply free or paid rate limits.
Reddit Post Content: Sent to our server solely to generate an AI reply. The content is forwarded to an AI service (Anthropic Claude API), a reply is generated, and the post content is immediately discarded. No post content is stored on our servers.

4. Data Storage

On your device (Chrome local storage):

Your settings (selected subreddits, reply interval, daily limit)
Your anonymous installation ID
Activity log (timestamps and reply text for your reference)
List of posts already replied to (to avoid duplicates)

This data is stored locally in your browser using Chrome's storage API and is never transmitted to our servers (except the installation ID for plan management).

On our server:

Anonymous installation ID
Plan status (free or paid)
Timestamp of plan upgrade (if applicable)
Hourly reply counts for rate limiting (automatically expires)

Our server uses an encrypted SQLite database. No Reddit content, user credentials, or personally identifiable information is stored on our servers.

5. Data Sharing and Third Parties

We do not sell, rent, trade, or share your data with any third parties for marketing or advertising purposes. Data is shared with the following services solely to provide functionality:

Service	Data shared	Purpose
Anthropic (Claude AI)	Reddit post content (title, body, subreddit, existing comments)	To generate contextual reply text. Data is processed in real-time and governed by Anthropic's privacy policy.
Helio (hel.io)	Anonymous installation ID (passed as metadata during checkout)	To process payments for the Pro plan. No personal data is shared with Helio by us.

6. Data Retention

Reply counts: Automatically expire after 1 hour (used only for rate limiting).
Account records: Retained as long as the extension is actively used. Inactive accounts may be deleted after 12 months.
Reddit post content: Not retained. Processed in real-time and discarded immediately.
Local browser data: Retained until the user uninstalls the extension or clears browser data.

7. Data Security

We implement the following security measures:

All communication between the extension and our server uses HTTPS encryption.
API keys are stored server-side only and never exposed to the extension or users.
User identification is anonymous (random UUID) with no link to personal identity.
Payment processing is handled entirely by a third-party provider (Helio).
Server access is restricted and monitored.

8. User Rights and Control

You have the following rights regarding your data:

Access: You can view all locally stored data through Chrome's extension storage (chrome://extensions → ReplyPilot → Details → Storage).
Deletion: Uninstalling the extension removes all local data. To request deletion of server-side data (anonymous ID and plan status), contact us.
Control: You can stop the bot at any time, change settings, or clear the activity log from the extension popup.
Opt-out: You can uninstall the extension at any time to cease all data collection.

9. Reddit Interaction

The extension interacts with Reddit through your existing logged-in browser session on old.reddit.com. We never access, intercept, store, or transmit your Reddit username, password, cookies, or authentication tokens. All Reddit interactions (reading posts, posting comments) happen locally in your browser through standard DOM interaction, the same as if you were browsing manually.

10. Children's Privacy

This extension is not intended for use by children under the age of 13. We do not knowingly collect data from children under 13.

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected in the "Last updated" date at the top of this page. Continued use of the extension after changes constitutes acceptance of the updated policy.

12. Contact

If you have questions about this privacy policy or want to request data deletion, please contact us:

GitHub: github.com/AbhineetBaghel/reddit-autoreply/issues