Privacy Policy

Last updated: July 3, 2026

1. Introduction

Secreply (“we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Secreply is a trade name of frits.cloud, registered with the Dutch Chamber of Commerce (KvK) under number 90653327.

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email, password)
  • Organization details (company name, VAT number, billing contact)
  • Security questionnaire data and documents you upload to the platform
  • Payment information (processed securely through Stripe — we do not store credit card details)

2.2 Automatically Collected Information

  • Usage data and analytics
  • Device and browser information
  • IP address and approximate location data
  • Cookies and similar technologies (see our Cookie Policy)

3. How We Use Your Information

  • Provide and maintain our service
  • Process your transactions
  • Send administrative information and updates
  • Improve our platform and user experience
  • Provide AI-powered questionnaire assistance
  • Comply with legal obligations

4. Data Storage and Security

We use industry-standard security measures to protect your data:

  • Storage: Your data is stored securely on AWS infrastructure in the EU (Frankfurt, Germany)
  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest
  • Backups: We maintain automated backups for disaster recovery purposes
  • Access Controls: Strict role-based access controls and authentication
  • Security Audits: Regular security assessments and monitoring

5. Third-Party Service Providers

We use the following trusted service providers to operate our platform:

  • AWS (Amazon Web Services): Cloud infrastructure and hosting (EU region — Frankfurt, Germany)
  • OpenAI: AI-powered features (questionnaire answer generation and document analysis)
  • Stripe: Payment processing (we do not store credit card information)

These providers are carefully selected and comply with GDPR and industry security standards.

5.1 AI Data Privacy (OpenAI)

We take special care with data sent to AI services:

  • Only document content and questionnaire text relevant to generating answers is sent to OpenAI
  • Data sent to OpenAI is not used to train their models (we use their API with data protection agreements in place)
  • AI responses are used solely to assist with your questionnaire answers
Important: You are responsible for the content you upload to the platform. We recommend avoiding including unnecessary sensitive personal information in documents you upload.

6. Data Sharing

We never sell or share your data with third parties for marketing or commercial purposes.

We only share data:

  • With the service providers listed above, solely to operate our platform
  • When legally required by law enforcement or regulatory authorities
  • With your explicit consent for specific purposes

7. Your Rights (GDPR Compliance)

We are fully GDPR compliant. You have the following rights:

Right to AccessRequest a copy of all personal data we hold about you
Right to RectificationCorrect any inaccurate or incomplete data
Right to ErasureRequest complete deletion of your data
Right to ObjectObject to processing of your personal data
Right to Data PortabilityExport your data in a machine-readable format
Right to Withdraw ConsentWithdraw consent at any time
Right to Restrict ProcessingLimit how we use your data

To exercise any of these rights, contact us at legal@secreply.com. We will respond within 30 days.

8. Data Deletion

You can request complete deletion of your account and all associated data at any time:

  • All personal information will be permanently deleted
  • All documents and questionnaire data will be removed
  • Backups containing your data are automatically purged within 30 days
  • Some data may be retained for legal compliance (e.g., billing records for tax purposes)

9. Cookies

We use essential cookies for authentication and session management. For more details, see our Cookie Policy.

10. Data Retention

  • Active accounts: Data retained while your account is active
  • Deleted accounts: Data permanently deleted within 30 days
  • Legal requirements: Some financial records retained for tax compliance (typically 7 years as required by Dutch law)

11. Business Use Only

Secreply is a B2B (business-to-business) platform intended for professional and organizational use only. Our service is not intended for individuals under 16 years of age. We do not knowingly collect data from minors.

12. International Data Transfers

Your data is stored in the EU (AWS Frankfurt, Germany). We do not transfer your data outside the European Economic Area except where necessary for service operation (e.g., OpenAI processing), in which case appropriate safeguards such as Standard Contractual Clauses (SCCs) are in place.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through our platform. Continued use after changes constitutes acceptance.

14. Contact Us

For privacy-related questions or to exercise your rights, contact us at:

legal@secreply.com

15. Exercise Your Rights

Use the form below to submit a Data Subject Access Request (DSAR). We will respond within 30 days.

© 2026 Secreply (frits.cloud). All rights reserved.