Security & Privacy

Before IT says yes, here's what they'll ask.

CX tools read customer ticket content — emails, chat transcripts, order data. That means your InfoSec or IT team will have questions before they approve deployment. This page answers the ones that come up most often: encryption, data retention, PII access, and whether your data trains any model.

Abstract visualization of data security with interconnected nodes and encryption concepts

Data Handling Principles

Five principles that govern how we handle data.

Replyglint is an early-stage company. The controls described here are ones we have designed and implemented. We do not claim third-party certifications (SOC 2, ISO 27001, or similar) that we have not yet obtained. We describe exactly what we do — no more.

Encryption in transit and at rest

All data transmitted between your helpdesk, Replyglint's services, and your agents is encrypted using TLS 1.2 or higher. Data stored in our systems is encrypted at rest using AES-256. This applies to ticket content, customer data fields, and handoff card contents.

Data minimization

Replyglint reads only the ticket fields required for classification and resolution: subject, body text, and the customer and order metadata your playbooks need to look things up. We do not request payment card data, government IDs, or fields outside the integration scope you approve during setup. OAuth scopes are documented per integration in your account dashboard.

No training on customer data

Customer ticket content processed by Replyglint is not used to train, fine-tune, or otherwise improve any AI model — ours or any third party's. Your customers' support conversations are processed to serve you, not to build datasets. This is a contractual commitment in our Terms of Service.

Access controls

Replyglint's systems are designed with least-privilege access controls. Our team uses role-based access, and production customer data is not accessible to non-engineering staff. We conduct access reviews when team roles change.

Retention policy

Ticket content and resolution records are retained for 90 days after processing, then purged. Handoff card data is retained for the duration of your subscription plus 30 days. Account and billing data follows standard accounting retention requirements. You can request early deletion by contacting us.

Security FAQ

The questions we hear from every IT reviewer.

Can Replyglint staff see my customers' PII?

Is customer ticket data used to train AI models?

How long is customer data retained?

Running a vendor security review?

We can walk your IT or InfoSec team through our data handling in detail. Send a questionnaire or schedule a call — Jordan will handle it directly.

Contact for security review [email protected]