replyarc
Sign inGet started
replyarc
Sign inGet started

Legal

Privacy policy

Last updated 19 May 2026

Wondertabs Pte. Ltd. (UEN 202037320G) operates ReplyArc and is the data controller for personal data we collect from account holders. We process personal data in accordance with Singapore's Personal Data Protection Act (“PDPA”).

1. Personal data we collect

  • Account data: name, email, organization, password hash, role.
  • Billing data: Stripe customer id, invoice history. Stripe holds the card.
  • Usage data: request logs, conversation counts, IP addresses.
  • Customer-provided content: documents you upload, conversations processed through your bots. You decide what visitors share with the bot.

2. Why we process it

  • To deliver and bill for the Service.
  • To detect abuse and secure the platform.
  • To respond to support requests.
  • To meet legal or regulatory obligations (e.g. IRAS records).

We do not use Customer Data to train AI models. We do not sell personal data.

3. Where data lives

Primary storage is in Singapore (ap-southeast-1) via Supabase. Stripe processes payments in its own region. LLM requests are routed through the provider whose key you supply (OpenAI, Anthropic, etc.) — that provider receives the prompt content only for the duration of the request. Visitor IPs are not stored long-term.

4. Retention

Account and billing data persist while your account is active. On account closure we delete Customer Data within 30 days, except where law requires retention (e.g. Singapore tax records retained 5 years).

5. Your rights under PDPA

You may at any time:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate personal data.
  • Withdraw consent for further processing (subject to legal obligations).

Email privacy@replyarc.tech to exercise these rights. We respond within 30 days.

6. Security

We encrypt API keys at rest using AES-256-GCM. Database access is restricted via Postgres row-level security keyed off tenant identifiers. We do not store plaintext passwords; authentication is handled by Supabase Auth.

7. Sub-processors

  • Supabase (database + auth, Singapore).
  • Fly.io (application hosting, Singapore).
  • Stripe (payments).
  • Resend (transactional email).
  • Cloudflare (CDN, Turnstile).
  • The LLM provider whose API key you supply.

8. Changes

We update this policy from time to time. Material changes will be announced by email to account owners at least 14 days before they take effect.

9. Data Protection Officer

Email our DPO at dpo@replyarc.tech.

Placeholder text for review by Singapore counsel before launch. The substantive obligations below are SaaS-template defaults; Wondertabs will confirm them against PDPA, MAS guidelines on outsourcing, and customer requirements.
replyarc

AI chatbots for Singapore businesses. BYOK, conversation-based pricing, PSG eligible.

Product

Legal

Built by Wondertabs, Singapore🇸🇬UEN 202037320GA Webflow Enterprise Partner

© 2026 Wondertabs Pte. Ltd. All rights reserved.