Privacy Policy
Last updated: 11 June 2026
This Privacy Policy explains how Peg Leg Ltd (“we”, “us”, “our”) collects and uses information when you use the Replylight Chrome extension and our website at replylight.com (together, the “Service”).
Replylight is operated by Peg Leg Ltd (company number 17001723), registered office at 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ. For privacy enquiries, contact [email protected].
1. Who this applies to
Replylight is a business tool for writing replies to customer reviews. It is intended for business use. You must be old enough to enter a binding contract in your jurisdiction.
We do not require you to create an account. Each install of the extension is identified by a random client key stored locally in your browser (see section 4).
2. What we collect
Information you provide through the extension
When you generate or refine a reply, the extension may send:
- Text you highlight (the review content)
- Reviewer name, if detected on the page
- Page domain and page title
- Your browser language setting
- Reply profile settings you configure (for example business name, business type, tone, sign-off, optional contact email or phone, and optional mentions)
- Your current draft reply and refinement instructions
- Your client key
Replylight does not connect to review platforms on your behalf. We only receive what you choose to highlight and submit.
Information stored on your device
The extension stores locally in Chrome:
- Your client key
- Reply profiles and preferences
- Sites where you have snoozed or blocked the extension
Uninstalling the extension removes this local data from your browser.
Information stored on our servers
When you use the extension, our application servers (hosted in the UK or EU) may store:
- Your client key and reply profile settings (to support usage limits, support, and future account features)
- Usage counts (for example how many replies you have generated in a calendar month)
- Request and response logs for AI operations, including review text and related context
- Error logs, which may include technical error details, page URL, and page domain
- If you subscribe to Pro, your billing email address as provided by our payment processor, linked to your client key
We retain server logs for as long as needed to operate the Service, prevent abuse, improve reliability, and comply with legal obligations. We do not currently apply automatic deletion periods to these logs.
Website and tools
When you visit replylight.com:
- We use Wireboard for privacy-focused analytics on our marketing pages
- Our free tools (such as Google review link generators) may use the Google Places API when you search for a business
We do not use advertising cookies or sell your personal data.
Payment information
Pro subscriptions are processed by Polar. We do not receive or store your full payment card details. Polar provides us with subscription status and billing contact information needed to manage your plan.
3. How we use your information
We use information to:
- Generate and refine reply suggestions using AI
- Apply your reply profile settings and usage limits
- Operate, maintain, and improve the Service
- Diagnose errors and prevent abuse
- Process subscriptions and provide support
- Comply with legal obligations
We do not use your review content to train our own machine-learning models.
4. AI processing and third parties
To generate replies, review text and related context you submit are sent to our servers and then to OpenRouter, which routes requests to third-party AI model providers. Those providers process the text solely to produce a response for your request. The specific model provider may vary from request to request.
We also use:
- Cloudflare — content delivery, security, and DDoS protection in front of our website and API. Traffic may pass through Cloudflare’s global network; edge locations vary by visitor and are not limited to the UK or EU
- Polar — subscription billing
- OpenRouter — AI inference routing
- Wireboard — website analytics
- Google — Places API on certain website tools
These providers process data on our behalf under their own terms and privacy policies. Cloudflare may process technical data such as IP addresses and request metadata. Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards (such as standard contractual clauses) where required by law.
5. Legal bases (UK GDPR)
Where UK data protection law applies, we rely on:
- Contract — to provide the Service you request, including generating replies and managing subscriptions
- Legitimate interests — to secure and improve the Service, prevent abuse, and keep logs for support and reliability
- Consent — where you have given it (for example optional analytics on our website, where applicable)
- Legal obligation — where we must retain or disclose information by law
6. How long we keep data
- Local extension data — until you uninstall the extension or clear extension storage
- Server logs and usage records — retained indefinitely unless you request deletion or we no longer need the data
- Billing records — kept as long as required for tax, accounting, and dispute resolution
7. Your rights and choices
Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal data, and to data portability.
Requesting deletion:
- Email [email protected] with your client key (shown in the extension privacy settings), and we will delete server data linked to that key within 30 days; or
- If you have a Pro subscription, email from your Polar billing email address and we will delete server data linked to that subscription within 30 days.
If you uninstall the extension before requesting deletion, your local client key will be removed. Pro users can still request deletion using their billing email.
You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk.
8. Security
We use reasonable technical and organisational measures to protect data, including HTTPS for API communication and access controls on our servers. No method of transmission or storage is completely secure.
9. Children
The Service is not directed at children and we do not knowingly collect personal data from children.
10. Changes
We may update this policy from time to time. We will post the revised version on this page and update the “Last updated” date. Material changes may also be communicated through the website or extension where appropriate.
11. Contact
Privacy: [email protected]
General enquiries: [email protected]
Peg Leg Ltd
71-75 Shelton Street, Covent Garden
London, WC2H 9JQ
United Kingdom