Privacy Policy

This Privacy Policy explains how Ricsources Sdn Bhd, trading as "reply-os" (Company No. 1198796-P), collects, uses, shares, and safeguards personal data when you visit reply-os.io, sign up for an account, communicate with us, or otherwise use our products and services (collectively, the "Service").

In this Policy, "reply-os", "we", "us", and "our" refer to Ricsources Sdn Bhd. "You" or "User" refers to any individual who interacts with reply-os.io or the Service.

We are committed to handling your personal data responsibly, transparently, and in accordance with applicable data protection laws. By accessing reply-os.io or using the Service, you acknowledge that you have read and understood this Policy.

A separate PDPA Notice addresses our specific obligations under the Malaysian Personal Data Protection Act 2010 (as amended) and is available at insert link.

Ricsources Sdn Bhd is the entity responsible for deciding how and why your personal data is processed in connection with reply-os.io. Under data protection laws such as the EU General Data Protection Regulation ("GDPR") and the UK GDPR, we act as the "data controller" in respect of personal data collected through our website, marketing channels, and account sign-up flows.

Registered office: 83-1, Jalan BK 5a/2, Bandar Kinrara, 47180 Puchong, Selangor, Malaysia. General contact: insert general email. Privacy enquiries: privacy@reply-os.io

For clarity: "personal data" means any information that identifies, or could reasonably be used to identify, a living individual; "processing" means any operation performed on personal data, including collection, storage, use, disclosure, transfer, and deletion; "data subject" means the individual to whom the personal data relates; "data processor" means a third party that processes personal data on our behalf and under our instructions.

We collect personal data in the following ways.

Information you provide directly. When you fill in forms on reply-os.io, register for an account, request a demo, subscribe to our newsletter, or contact our team, you may provide: your full name; work email address; telephone or mobile number; job title; company name, website, and approximate company size; country or region; account credentials (username and an encrypted password); and the content of any message or enquiry you send us.

Information collected automatically. When you visit reply-os.io or interact with the Service, we and our service providers automatically collect technical and usage data, including: IP address; device identifiers; browser type, version, language, and settings; operating system; referring URL; pages viewed and the date, time, and duration of your visits; actions taken within the Service; approximate location derived from your IP address; and crash, error, and diagnostic information.

Billing and payment information. If you purchase a paid plan, our payment processor will collect the information needed to process the transaction (such as card details, billing address, and tax identifiers). We do not store full payment card numbers on our own servers.

Third-party sign-in information. If you sign in using a third-party identity provider (such as Google), we receive limited profile information from that provider — typically your name, email address, and profile identifier. We never receive your password for the third-party service.

Customer content processed through the Service. As a messaging and customer-conversation platform, reply-os processes message content, contact lists, and conversation metadata that our business customers and their end-users submit. Where we process such content on behalf of a business customer, that customer is the controller and reply-os acts as a data processor. The handling of customer content is governed by our Data Processing Addendum (available on request) rather than this Policy, which primarily addresses our role as controller for website visitors, prospects, account administrators, and direct users.

We do not seek to collect special-category or sensitive personal data through reply-os.io. Please do not submit such data unless we specifically request it and you have given explicit consent.

We process personal data only where we have a lawful basis to do so. Our purposes and corresponding legal bases (under the GDPR / UK GDPR, where they apply to you) are as follows.

To provide and operate the Service. We use account, profile, and usage data to register and authenticate users, deliver the features of the Service, maintain availability and performance, provide customer support, and send service-related notices. Legal basis: performance of a contract with you, or steps taken at your request before entering a contract (Article 6(1)(b)).

For sales, marketing, and business development. We use contact details and engagement data to respond to enquiries, send product updates and marketing communications about services similar to those you have shown interest in, manage events and webinars, and measure marketing effectiveness. Legal basis: your consent (Article 6(1)(a)), or our legitimate interests in promoting our business where permitted by law (Article 6(1)(f)). You can withdraw consent or opt out at any time (see Section 10).

To improve and secure the Service. We use usage and technical data to monitor and improve the performance, usability, and security of reply-os.io, detect and prevent fraud, abuse, and security incidents, and conduct analytics. Legal basis: our legitimate interests in operating a secure and effective service (Article 6(1)(f)).

To comply with legal and regulatory obligations. We process personal data to meet applicable laws and regulations, including taxation, accounting, and lawful requests from regulators or authorities. Legal basis: compliance with a legal obligation (Article 6(1)(c)).

To protect rights and resolve disputes. We may process personal data to establish, exercise, or defend legal claims, enforce our Terms of Service, and protect the rights, property, or safety of reply-os, our users, or others. Legal basis: legitimate interests (Article 6(1)(f)).

We will not process your personal data for any purpose materially different from those described above without informing you and, where required, obtaining your fresh consent.

We do not sell your personal data. We share personal data only to the extent necessary, with the following categories of recipients.

Service providers and processors that support our operations, such as cloud hosting and infrastructure providers, email delivery and communications providers, customer support tools, customer relationship management (CRM) platforms, analytics and product-telemetry tools, marketing automation tools, payment processors, identity providers, security and fraud-prevention services, and professional advisors (legal, accounting, and audit). These parties are contractually bound to process personal data only on our documented instructions and to apply appropriate safeguards.

Group companies and affiliates of Ricsources Sdn Bhd, where relevant to the purposes described in Section 5.

Authorities and regulators where we are required to disclose personal data by law, court order, or a lawful request from a competent authority.

Successors in interest in the event of a merger, acquisition, financing, reorganisation, or sale of all or part of our business or assets, subject to standard confidentiality protections.

A current list of our principal sub-processors is available on request from privacy@reply-os.io.

Because reply-os operates a cloud-based service and relies on internationally established providers, your personal data may be transferred to, processed in, and stored in countries outside your country of residence — including jurisdictions whose data protection laws may differ from those in your country.

Where personal data of individuals located in the European Economic Area or the United Kingdom is transferred outside those regions, we rely on an appropriate transfer mechanism such as an adequacy decision, the European Commission's Standard Contractual Clauses (together with the UK International Data Transfer Addendum where applicable), or another lawful safeguard. You may request a copy of the relevant safeguards by contacting privacy@reply-os.io.

For international transfers under Malaysian law, please refer to our separate PDPA Notice.

reply-os.io uses cookies and similar technologies (such as pixels, local storage, and SDKs) to operate the website, remember your preferences, analyse traffic, and — with your consent — support marketing. You can manage your preferences at any time through our cookie banner or via your browser settings. For full details, please see our separate Cookie Policy at insert link.

Strictly necessary cookies are placed on the basis of our legitimate interest in providing a functional website. All other cookies (analytics, performance, and marketing) are placed only with your consent, which you may withdraw at any time without affecting the lawfulness of processing before withdrawal.

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. In general, account data is retained for the duration of your account and for a reasonable period thereafter to handle disputes or close out obligations; marketing contact data is retained until you opt out or after a defined period of inactivity; financial and tax-related records are retained for the period required by applicable law; and server and security log data is typically retained for up to 90 days unless required for longer for investigation purposes. When personal data is no longer required, we will securely delete, destroy, or anonymise it.

Subject to the conditions and limitations set out in applicable law, you have the following rights in respect of your personal data: the right to access the personal data we hold about you; the right to request correction of inaccurate, incomplete, or outdated personal data; the right to request deletion of personal data in certain circumstances; the right to restrict or object to processing in certain circumstances; the right to data portability where processing is based on consent or contract and is carried out by automated means; the right to withdraw consent at any time where processing is based on consent (without affecting the lawfulness of processing carried out before withdrawal); and the right to opt out of marketing communications at any time, including by clicking the "unsubscribe" link in any marketing email.

To exercise any of these rights, please contact privacy@reply-os.io. We may need to verify your identity before responding, and we will respond within the timeframes required by applicable law.

If you are located in the EEA or the UK and are dissatisfied with our response, you have the right to lodge a complaint with your local data protection authority.

We implement and maintain reasonable technical and organisational measures designed to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration, or disclosure. These measures include encryption of data in transit using TLS, access controls and authentication, network and infrastructure security, regular review of our information-security practices, and confidentiality obligations imposed on staff and service providers. While we work hard to protect your personal data, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

We do not use solely automated decision-making that produces legal effects or similarly significantly affects you. We may use automated processing (including basic profiling) for analytics, product personalisation, and marketing optimisation. Where applicable law grants you the right to object or requires consent for such processing, we will honour those rights as described in Section 10.

reply-os.io and the Service are intended for business users and are not directed at children. We do not knowingly collect personal data from individuals under 18 years of age. If you believe we have inadvertently collected such data, please contact us at privacy@reply-os.io and we will take prompt steps to delete it.

reply-os.io may contain links to third-party websites, plugins, or services that we do not operate or control. This Privacy Policy does not apply to such third parties, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you choose to use.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. When we make material changes, we will update the "Last updated" date at the top of this Policy and, where appropriate, provide additional notice (for example, by email or a prominent notice on reply-os.io). Your continued use of the Service after the changes take effect constitutes your acceptance of the revised Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our handling of your personal data, please contact:

Ricsources Sdn Bhd (operating as reply-os)
83-1, Jalan BK 5a/2, Bandar Kinrara, 47180 Puchong, Selangor, Malaysia
Email: privacy@reply-os.io