replywise privacy policy

I. Introduction & Scope

The replywise Chrome Extension is designed to enhance your Substack comment review and submission experience. This Privacy Policy describes how the extension handles your data in real-time.

Crucially, the replywise extension does not store user data. We do not maintain a database, and we do not log or retain your personal information, including authentication tokens, beyond the immediate time necessary to complete your requested action. All data handling is strictly in-transit and for the sole purpose of enabling the extension’s features.

II. Data We Handle (Collection and Processing)

We handle data only as necessary to facilitate communication between your browser and the Substack platform via our secure proxy.

A. Authentication and Session Information (Cookies)

Data Handled	Handling Process	Purpose
Substack Authentication Cookies/Session Tokens	The extension accesses your current Substack session cookies from your active browser tab. If the URL of the active tab is not the primary ("canonical") Substack post URL, the extension will prompt you for explicit user consent to access the cookies from the canonical URL.	These cookies/tokens are used only in real-time to authenticate your identity with the Substack API. This authentication is required to: 1) securely fetch comments for display, and 2) authorize user actions (likes, replies, restacks) on your behalf.
Cookie Expiration Data	We do not store cookie expiration data. We forward cookies to our secure proxy and immediately discard them after use with real-time request.	Used only to format the temporary request to Substack; not stored or logged.

B. User-Generated Actions (Interactions)

What we handle: Data related to your direct actions, including: clicking "like," submitting a "reply" text, or initiating a "restack" or "share" of a post or comment.
How we handle it: This data is captured by the extension and immediately forwarded to our secure proxy server.
Purpose: To transmit these actions to the Substack API on your behalf, making them visible and operational on the Substack platform as if you performed the action natively.

C. Content Access and Display (Comments)

What we handle: The comment content and related metadata for the active Substack post.
How we handle it: This content is fetched using your authenticated session (II.A).
Purpose: To render and display the comments within the extension's interface for your review and interaction.
Note on Access: If you are a paid subscriber, the extension handles content that is restricted to your paid audience. This restricted data is handled in the same real-time, non-stored manner.

III. Data Storage and Retention

We do not store, log, or retain any user-identifiable data, authentication cookies, session tokens, or user-generated actions on our servers, in a database, or locally on your machine beyond the immediate moment required to process your request. The data is handled strictly in-transit and is immediately discarded after a successful API request to Substack.

IV. Data Sharing and Transfer

Sharing: We do not sell, rent, trade, or transfer your data (cookies, actions) to external parties, third-party advertisers, or other unrelated services.
Data Transfer (Proxy Server): Your session cookies and actions are temporarily transmitted through our secure proxy server. This server’s sole function is to act as a secure intermediary to facilitate the connection between your extension and the Substack API. This server does not log or persist any of the data passing through it.
Final Destination: All authenticated data (including session tokens and user actions) is transmitted to the Substack platform. Your use of Substack is governed by Substack's Privacy Policy located here: https://substack.com/privacy.

V. Security

We prioritize the security of your data in transit. We use industry-standard security measures and encrypted connections (HTTPS/TLS) to protect data transmitted between the extension, our proxy server, and Substack. Since we do not store any user data, the risk of a persistent data breach is inherently minimized.

VI. Contact Information

If you have any questions or concerns regarding this Privacy Policy, please contact us at:

jim.david.marks@gmail.com