Privacy Policy
Azaria ("we", "us", "our") operates the website azaria-group.com and the Replylo application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Data Controller
The data controller responsible for your personal data is:
Azaria
Madrid, Spain
Email: hello@azaria-group.com
2. Data We Collect
We collect the following categories of data:
- Account Information: Name, email address, Shopify store URL, and other information you provide when registering or contacting us.
- Shopify Store Data: When you install Replylo, we access order data, product data, customer data, and fulfillment data from your Shopify store via the Shopify API. This data is used solely to generate accurate email responses on your behalf.
- Email Data: We process incoming customer support emails sent to your connected email address. This includes sender information, email content, and metadata. This data is used solely to classify emails and generate template-based responses.
- Usage Data: Information about how you interact with our Service, including log data, device information, and analytics.
3. How We Use Your Data
We use the collected data for the following purposes:
- To provide and maintain the Replylo service, including email classification, order data lookup, and automated responses.
- To communicate with you about your account, support requests, and service updates.
- To improve our Service based on usage patterns and feedback.
- To comply with legal obligations.
4. Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:
- Contract Performance: Processing is necessary to provide the Service you have requested.
- Legitimate Interest: Processing is necessary for our legitimate interests, such as improving the Service and ensuring security.
- Consent: Where required, we obtain your explicit consent before processing certain data.
5. Data Sharing and Disclosure
We do not sell your personal data. We may share data with the following categories of third parties:
- Cloud Infrastructure Providers: We use Google Cloud Platform (GCP) to host and process data. Data is stored in the europe-west1 region (Belgium, EU).
- AI Processing: We use Google Vertex AI (Gemini) to classify email content. Email content is processed but not stored by the AI model beyond the processing session.
- Email Delivery Services: We may use third-party email services to send responses on your behalf.
- Legal Requirements: We may disclose data if required by law or to protect our rights.
6. Data Retention
We retain your data for as long as your account is active or as needed to provide the Service. Specifically:
- Email history and classification data: Retained for the duration of your subscription plus 30 days after account closure.
- Account information: Retained for the duration of your subscription plus 90 days after account closure.
- Shopify order data: Cached temporarily during email processing and not stored permanently.
You may request deletion of your data at any time by contacting us.
7. Data Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS) and at rest.
- Access controls and authentication via Google Cloud IAM.
- Secrets management via Google Secret Manager.
- Regular security reviews of our infrastructure.
8. Your Rights (GDPR)
Under the GDPR, you have the following rights regarding your personal data:
- Right of Access: You can request a copy of the data we hold about you.
- Right to Rectification: You can request correction of inaccurate data.
- Right to Erasure: You can request deletion of your data ("right to be forgotten").
- Right to Restrict Processing: You can request that we limit how we use your data.
- Right to Data Portability: You can request your data in a structured, machine-readable format.
- Right to Object: You can object to processing based on legitimate interest.
- Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at hello@azaria-group.com. We will respond within 30 days.
9. International Data Transfers
Your data is processed and stored within the European Union (Google Cloud europe-west1 region). If any data transfer outside the EU is required in the future, we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).
10. Cookies
Our website uses only essential cookies necessary for the functioning of the site. We do not use tracking cookies, advertising cookies, or third-party analytics that collect personal data.
11. Children's Privacy
Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date above.
13. Contact
If you have any questions about this Privacy Policy or our data practices, contact us at:
Azaria
Email: hello@azaria-group.com
Website: azaria-group.com
You also have the right to lodge a complaint with a supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) — www.aepd.es.