Replede

Trust

Security & data handling

This page is a plain-language summary of how Replede handles the data buyers share through the intake. Replede is in beta and this summary is pending formal legal review; what we can be precise about today, we are.

How data flows

A visitor answers the intake on your site. The widget posts the submission over HTTPS to the Replede API, which validates it, stores it, enriches company context, and builds a buyer profile. When you have connected a CRM, the profile is written to your HubSpot or Salesforce. That is the whole path — there is no resale, no ad network, and no anonymous-visitor deanonymization.

Encryption at rest

  • Submissions and buyer profiles are stored in Amazon DynamoDB with encryption at rest.
  • CRM access tokens are stored as KMS-encrypted SecureString parameters in AWS SSM — never in code, config files, or logs.
  • All traffic between the widget, the API, and CRM destinations uses TLS.

Provenance promise

Every field in a buyer profile is labeled by where it came from: captured from the visitor, inferred by a model, enriched from a provider, or an existing CRM value. Visitor-confirmed facts and model inferences are never blended into one unlabeled value in your CRM record. If we are guessing, the record says so.

Retention defaults (pending formal legal review — beta)

During beta, buyer profiles and submissions are retained for the life of the customer relationship so your CRM history stays reconstructable, and deleted on verified request or contract end. Formal, configurable retention windows are being finalized as part of legal review and will be published here.

Access, export, and deletion (DSAR)

To request access to, export of, or deletion of personal data — whether you are a visitor who filled out a Replede intake or a customer — email hello@replede.com. During beta these requests are handled directly by the founder and confirmed in writing.

Subprocessors (current list — beta)

  • Amazon Web Services (us-east-1) — hosting, storage, queueing, and key management.
  • OpenAI API — model inference for intake understanding and profile drafting.
  • emcognito — waitlist email collection with double opt-in.
  • HubSpot / Salesforce APIs — customer-directed CRM destinations; profiles go only to the CRM you connect.

This list will be kept current; material changes will be announced to customers before they take effect.

What we do not do

  • No selling of personal data.
  • No anonymous visitor deanonymization or fingerprinting.
  • No training of third-party models on your buyers' data.

Related

Questions?

Ask us anything about data handling.

Security questions get straight answers from the founder. Or see the product on your own leads first.

Get a demo