Privacy

Last updated: April 28, 2026

endless (“we”, “us”) helps marketing agencies draft Google review replies for their clients. This page explains what information we collect, how we use it, and the choices you have. We try to keep it short and plain. If anything is unclear, email us at privacy@endlessreplies.com.

Information we collect

• Account. Your name, work email, and agency name when you sign up or join the waitlist.
• Billing. Subscription, plan, and last-four card digits via Stripe. We never store full card numbers — Stripe handles that as a PCI-DSS Level 1 processor.
• Workspace data. The client businesses you manage (Google Business Profile location IDs, business names), the brand-voice samples you provide, the review text retrieved via the Google Business Profile API, and the replies we draft and you publish.
• Usage data. Server logs (IP, user agent, timestamps) for security and debugging, plus aggregate page-view metrics from Vercel Analytics. The marketing site does not set tracking cookies.
• Communications. Emails you send us, demo bookings via Cal.com, and waitlist signups.

How we use it

• To run the service: drafting replies, syncing reviews, posting approved responses to Google.
• To bill you and prevent fraud.
• To send transactional email (receipts, security alerts, product changes you need to know about).
• To improve endless in aggregate — never to build profiles on individual users.
• To meet legal obligations and respond to lawful requests.

AI and model training

We do not use your workspace data to train AI models. When we generate a draft, we send the relevant review text and your brand-voice samples to our model provider under a zero-retention agreement: the provider does not log inputs or outputs and does not use them to train their models. Your data is processed only to return the draft.

Service providers

We share data with the third parties below, only to the extent each needs to do its job:

• Stripe — payment processing.
• Google — Google Business Profile API for review sync and reply publishing.
• Anthropic — AI model provider (zero-retention).
• Vercel — application hosting and privacy-friendly analytics.
• Cal.com — demo booking.
• Slack — internal alerts (e.g. waitlist signups land in our team channel).

We do not sell your data, and we do not share it with advertisers.

Data retention

While your subscription is active, we keep your workspace data for as long as you need it. If you cancel, we delete workspace data 30 days after the subscription ends. Account and billing records are kept for up to 7 years to meet tax and accounting requirements. Backups roll on a 30-day window. You can request earlier deletion at any time.

Security

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Internal access is restricted by role and reviewed periodically. Production secrets are stored in a secret manager, never in source control. No system is perfectly secure — if we ever discover a breach affecting your data, we will notify you without undue delay.

Your rights

Depending on where you live, you may have the right to access, correct, export, delete, or restrict processing of your personal information, and to withdraw consent. To exercise any of these rights, email privacy@endlessreplies.com. We respond within 30 days.

International transfers

Our infrastructure runs in the United States. If you use endless from outside the US, your data will be transferred to and processed there under appropriate safeguards (such as Standard Contractual Clauses where required).

Children

endless is a B2B product and is not directed to anyone under 18. We do not knowingly collect data from minors.

Changes to this policy

If we make a material change, we’ll email account owners at least 30 days before it takes effect. The “Last updated” date above always reflects the current version.

Contact

Questions, requests, or anything else: privacy@endlessreplies.com.

← Back to home