DuckReply
LoginStart your $MRR Journey

Privacy Policy

Last updated May 21, 2026

This Privacy Policy explains what DuckReply collects, why we collect it, who we share it with, and your rights. DuckReply is a Reddit marketing tool for indie SaaS founders. We aim to collect the minimum data needed to run the product and never sell your data.

1. What we collect

Account data. Your email, name, and password hash when you sign up.

Project data. The project information you give us: your product name, domain, description, seed keywords, target subreddits, and any reply you draft, edit, or save in DuckReply.

Reddit data. If you connect Reddit, we use read-only OAuth scopes to fetch public threads and your basic profile. We do not post to Reddit on your behalf and never request write scopes.

Billing data. Stripe handles all payments. We store your Stripe customer ID, plan, and billing status. We never see or store your card number.

Usage data. Standard server logs (IP address, browser, timestamps), error reports, and product analytics events to understand which features are used.

Cookies. We use essential cookies for login sessions and a small number of analytics cookies. No advertising cookies. No cross-site tracking.

2. How we use your data

  • Run the product: monitor subreddits, score Reddit threads, draft Reddit replies, send digest emails.
  • Handle billing and customer support.
  • Detect abuse, prevent fraud, and keep accounts secure.
  • Improve the product based on aggregated usage.

We do not sell your personal data, ever.

3. Who we share data with

We share data only with the service providers we need to run DuckReply:

  • Stripe: payment processing.
  • OpenAI and Anthropic: AI providers used to draft Reddit replies. Drafts are generated on your behalf and not used to train their models.
  • Cloud hosting and email providers: to operate the service and send transactional email.

We may disclose data if required by law, to enforce our Terms, or to protect the rights and safety of our users.

4. Data retention

We keep your data as long as your account is active. If you cancel, we delete your project data within 30 days. Some records (invoices, security logs) are kept longer where required by law.

5. Your rights

You can request access to, correction of, or deletion of your personal data at any time. To do so, email hello@duckreply.com from your account email. We respond within 30 days. You can also export your data from the dashboard.

If you are in the EU, UK, or California, you have additional rights under the GDPR, UK GDPR, and CCPA respectively, including the right to lodge a complaint with your local data protection authority.

6. International transfers

DuckReply is operated from servers in the United States. By using the service, you consent to your data being processed in the United States and other countries where our providers operate.

7. Security

We use industry-standard security practices: encrypted transport (HTTPS), encrypted backups, scoped database access, and audit logs. No system is perfectly secure. If a data breach affects your account, we will notify you without undue delay.

8. Children

DuckReply is not directed to anyone under 18. We do not knowingly collect data from children.

9. Changes to this policy

We will post the updated policy here with a new last-updated date. Material changes will be emailed to active accounts.

10. Contact

Questions about your data? Email hello@duckreply.com.