Privacy Policy
Last updated: July 2026
This Privacy Policy describes how FireRepl Technologies Ltd (“FireRepl”, “we”, “us”, or “our”) collects, uses, and protects your personal data and your customers’ conversation data when you use the FireRepl platform. By using FireRepl, you agree to the practices described in this policy.
Jump to section
1. Information We Collect
We collect information you provide directly when you create an account or use FireRepl:
- ●Account information: your name, email address, business name, business category, and owner phone number.
- ●Authentication credentials: hashed passwords (for email/password accounts) or OAuth provider tokens (for Google/Facebook accounts).
- ●Business configuration: products, prices, FAQs, knowledge base content, and bot personality settings you add to the platform.
- ●Payment information: subscription plan selection and billing history. Card details are processed and stored by Paystack — we do not store raw card numbers.
- ●WhatsApp Business Account credentials: your Phone Number ID and Permanent Access Token from Meta, stored encrypted at rest.
We also collect information generated through your use of the service:
- ●Customer conversation data: customer phone numbers, message content, AI-generated replies, timestamps, and conversation status.
- ●Usage data: AI reply counts, response times, lead capture events, and team member activity.
- ●Technical data: IP addresses, browser type, device type, and session information for security and service improvement purposes.
2. How We Use Your Information
We use the information we collect to:
- ●Provide, operate, and improve the FireRepl platform.
- ●Generate AI-powered replies to your customers' WhatsApp messages via OpenAI's API.
- ●Process subscription payments via Paystack.
- ●Send you service-related communications, including escalation alerts, payment receipts, and system notifications.
- ●Display analytics and conversation data on your dashboard.
- ●Authenticate your identity and maintain the security of your account.
- ●Investigate and prevent fraudulent or abusive activity.
- ●Comply with legal obligations.
We do not use your data or your customers' data for advertising purposes, and we do not sell data to third parties.
3. Third-Party Services
FireRepl integrates with the following third-party services to deliver the product. Each has its own privacy policy governing their data handling:
- ●Meta Cloud API — WhatsApp message delivery and receipt.
- ●OpenAI — AI reply generation (GPT-4o and Whisper).
- ●Paystack — payment processing and subscription management.
- ●MongoDB Atlas — encrypted cloud database storage.
- ●Redis Cloud — conversation state caching (short-term, non-persistent).
- ●SMTP email providers — OTP verification and system alert delivery.
Meta and WhatsApp
When you connect your WhatsApp Business number to FireRepl via Meta's Cloud API, Meta Platforms, Inc. shares your WhatsApp Business Account credentials with FireRepl solely to enable message delivery and receipt on your behalf. Customer messages received via WhatsApp are processed in accordance with Meta's WhatsApp Business Policy, available at whatsapp.com/legal/business-policy. FireRepl is an independent service provider and is not affiliated with, endorsed by, or sponsored by Meta Platforms, Inc.
4. Customer Conversation Data
Messages from your customers received via your connected WhatsApp Business number are stored in our database to provide conversation history, analytics, and AI context for future interactions.
This data belongs to you and your customers. We:
- ●Do not share customer message content with other businesses.
- ●Do not use customer message content to train AI models for other businesses or for general AI training purposes.
- ●Do not sell or rent customer data to any third party.
You are responsible, as the business owner, for ensuring your customers are appropriately informed that their messages are handled by an AI-powered service on your behalf.
4a. WhatsApp Data Processing
Customer messages received through your connected WhatsApp Business number are processed by FireRepl solely to generate AI-powered replies on your behalf. Message content is transmitted to OpenAI's API for reply generation and is subject to OpenAI's data processing terms (openai.com/policies/privacy-policy).
Message metadata — including sender phone number and timestamps — is stored in our database for conversation history and analytics purposes. FireRepl does not use WhatsApp message content to train AI models, serve advertising, or share with third parties beyond those listed in Section 3.
You are responsible under Meta's WhatsApp Business Policy for ensuring your customers are aware that their messages are handled by an AI-powered service on your behalf. FireRepl provides sample disclosure language in our onboarding documentation to help you meet this obligation.
5. Data Retention
- ●Account data: retained for as long as your account is active.
- ●Conversation history: retained for 12 months by default from the date of the conversation.
- ●Lead data: retained for as long as your account is active or until you delete individual leads.
- ●Payment records: retained for 7 years as required by Nigerian financial record-keeping regulations.
- ●Account deletion: upon account deletion, all personal data and conversation history are queued for permanent deletion within 30 days. Payment records are retained as required by law. You may request early deletion of non-payment data by contacting us.
6. Data Security
We implement industry-standard security measures to protect your data:
- ●Encryption in transit: all data transmitted between your browser, our servers, and third-party APIs uses TLS 1.2 or higher.
- ●Encryption at rest: sensitive fields including WhatsApp access tokens and database backups are encrypted at rest.
- ●Password security: passwords are hashed using bcrypt with a minimum cost factor of 12 before storage. We never store plaintext passwords.
- ●Access controls: database access is restricted to application servers via IP allow-listing. No direct external database access is permitted.
- ●Token isolation: your WhatsApp Permanent Access Token is stored encrypted and is never exposed in client-side code, API responses, or application logs.
No system is completely secure and we cannot guarantee absolute security. In the event of a data breach that is likely to affect your rights, we will notify you within 72 hours of becoming aware of it, in accordance with the Nigerian Data Protection Act 2023.
7. Your Rights
Under the Nigerian Data Protection Act 2023 and other applicable law, you have the following rights:
- ●Access: request a copy of the personal data we hold about you.
- ●Correction: request correction of inaccurate or incomplete data.
- ●Deletion: request deletion of your account and all associated personal data.
- ●Portability: request an export of your business configuration, conversation history, and lead data in a machine-readable format.
- ●Restriction: request that we restrict processing of your data in certain circumstances.
- ●Objection: object to processing of your data based on legitimate interests.
To exercise any of these rights, contact us at privacy@firerepl.com or use the account settings page in your dashboard.
If you connected your WhatsApp Business Account via Meta's Cloud API and wish to revoke FireRepl's access to your WhatsApp number, you may do so at any time from Settings → WhatsApp in your dashboard, or directly via your Meta Business Manager account at business.facebook.com.
8. Cookies
FireRepl uses session cookies strictly necessary for authentication and secure access to your dashboard. These cookies:
- ●Are essential for the service to function and cannot be disabled.
- ●Do not contain advertising or tracking identifiers.
- ●Expire when you log out or after a period of inactivity.
We do not use advertising cookies, third-party analytics scripts (such as Google Analytics), or any cross-site tracking technologies on the FireRepl platform.
9. Children's Privacy
FireRepl is a business tool intended for users aged 18 and above. We do not knowingly collect personal data from anyone under 18. If we become aware that a user under 18 has created an account, we will delete that account and all associated data promptly. If you believe a minor has created an account, contact us at privacy@firerepl.com.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you by email and in-app notice at least 14 days before material changes take effect. The date of the most recent update is shown at the top of this document. Continued use of FireRepl after the effective date of any update constitutes acceptance of the updated policy.
11. Contact
For privacy-related questions, data access requests, or concerns:
- ●Email: privacy@firerepl.com
- ●General support: support@firerepl.com
- ●Address: FireRepl Technologies Ltd, Lagos, Nigeria
We aim to respond to all privacy enquiries within 5 business days.
This policy was last updated in July 2026. For previous versions, contact privacy@firerepl.com.