Your data. Handled responsibly.

PRIVACY POLICY

Replion is committed to protecting your privacy and handling personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect personal data when you use the Replion website and services.

This Privacy Policy explains how Replion collects and processes personal data when you visit ourwebsite or when your organization uses the Replion service.

Who we are and how to contact us

Replion is operated by Replion AB, Sweden.
Privacy contact: support@replion.se

GDPR roles

Website and sales inquiries: Replion acts as the data controller for personal data collected via ourwebsite, such as contact forms and demo requests.
Use of the Service by customers: when a customer uses Replion for chats, documents, and supportflows, the customer is typically the data controller and Replion acts as a data processor. Thisprocessing is governed by a Data Processing Agreement (DPA) between Replion and the customer.

If you interacted with a Replion chatbot on a customer’s website, please note that the customer istypically responsible for that interaction as controller. You may contact the customer directly, orcontact us and we will help route your request.

What personal data we collect

We collect personal data that is necessary to provide and improve the website and the Service.

• a) Website & contact forms
• • Name
  • Work email address
  • Company name
  • Message content and any information you choose to provide
• b) Product usage (customers)
• • User account details such as name, email, role/access level
  • Configuration and usage metadata
  • Logs related to system performance and security
• c) Technical data
• • IP address
  • Browser type and device information
  • Cookies and similar technologies

How we use personal data

We process personal data to:

• Provide and operate the Replion service
• Respond to inquiries and demo requests
• Administer customer accounts and support requests
• Improve product performance, reliability, and user experience
• Maintain security, logging, abuse prevention, and auditability
• Comply with legal and regulatory requirements

We do not sell personal data.

Legal bases for processing

Depending on the context, we rely on one or more of the following legal bases under GDPR:Contract, for providing the Service and managing customer accounts Legitimate interests, for responding to inquiries, improving the Service, and ensuring securityLegal obligation, for compliance such as accounting and legal requirements
Consent, for non-essential cookies where applicable

How Replion uses data for AI processing

Replion uses customer-provided documentation and connected sources to generate answers withineach customer’s environment.

Key points:

• Customer content is processed only to deliver the Service for that customer
• Customer content is not shared across customers
• Customer content is not used to train Replion’s own models
• If Replion cannot find a reliable answer, it falls back and/or escalates to a customer-defined supportflow

Where and how data is stored

Replion is hosted and operated in Sweden and the EU, and we aim to store data within the EuropeanUnion. We apply appropriate technical and organizational security measures, including accessrestrictions, logging, and encryption in transit and at rest.

Who we share data with

We share personal data only when necessary to operate the website and deliver the Service, forexample with:

• Infrastructure and hosting providers
• Email delivery providers used for escalation flows
• Other carefully selected service providers that support operation and security

All such providers are contractually required to process personal data in accordance with GDPR andour instructions.

Subprocessors

Replion may use carefully selected subprocessors to deliver the Service. A current list ofsubprocessors is available on request. Please email support@replion.se.

How long we keep data

We retain personal data only as long as necessary for the purposes described above:

• Website inquiries: retained for a limited period for follow-up and record keeping
• Customer account and Service data: retained according to the customer agreement, the DPA, andconfigured retention settings
• Security logs: retained as necessary to protect the Service and investigate incidents

When retention periods expire, data is deleted or anonymized unless we are legally required to keepit longer.

Your rights under GDPR

• You may have the right to:
• Access your personal data
• Request correction or deletion
• Restrict or object to processing
• Request data portability
• Withdraw consent where processing is based on consent

To exercise your rights, contact support@replion.se. If your request relates to a chatbot interactionon a customer’s website, the customer may be the appropriate controller to handle your request.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection,Integritetsskyddsmyndigheten (IMY), or another relevant supervisory authority.

Cookies

We use essential cookies to ensure website functionality and security. Where applicable, nonessential cookies (such as analytics cookies) are used only with your consent. More details areavailable in our Cookie Policy.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services or legalrequirements. The latest version will always be available on this page and the “Last updated” datewill be revised.

Contact

If you have any questions about this Privacy Policy or how your data is handled, please contact:

Privacy questions or requests: support@replion.se
Replion AB, Sweden

Turn your existing knowledge base into instant, reliable answers for every customer.