Security at ReplyCue AI

Your data security is not an afterthought — it is foundational to everything we build. Here is how we protect your information.

Last updated: March 1, 2026

How We Protect Your Data

Security is built into every layer of ReplyCue AI — from how we authenticate to how we store and process your data.

AES-256 Encryption at Rest

All stored data — including comment content, classification results, and account information — is encrypted using AES-256, the same standard used by banks and government agencies.

TLS 1.3 in Transit

Every connection between your browser and our servers is protected by TLS 1.3, the latest and most secure transport layer protocol. No data is ever transmitted in plain text.

Public API Access

We use the public YouTube Data API to fetch comments from video URLs you provide. No account connection or authorization is required — just paste a YouTube video URL.

No Human Review

Your comment data is processed entirely by AI. No ReplyCue AI employee reads your comments or classification results. Human access to production data requires explicit justification and is fully audited.

90-Day Data Retention

Raw comment data is analyzed in real-time and automatically deleted after 90 days. Only aggregated analytics and classification metadata are retained for the duration of your subscription.

SOC 2 Type II (In Progress)

We are currently undergoing SOC 2 Type II certification to formally validate our security controls. We expect to complete the audit by Q3 2026.

Infrastructure

Application Hosting

Hosted on Vercel's edge network with automatic DDoS protection, global CDN, and serverless function execution. All data processing occurs in US regions.

Database

Supabase (PostgreSQL) with row-level security, automatic backups, and point-in-time recovery. Database hosted in US East region with encrypted connections.

AI Processing

Comment analysis is performed via Anthropic's Claude API. Data sent to Anthropic is processed in real-time and not used for model training. Anthropic's enterprise data processing terms apply.

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue, we want to hear from you.

Please report security vulnerabilities to security@replycueai.com. We will acknowledge your report within 24 hours and provide an estimated timeline for resolution. We ask that you give us reasonable time to address the issue before any public disclosure.

We do not currently operate a formal bug bounty program, but we appreciate the security research community and will work with you in good faith.

Questions about our security practices?

We are happy to discuss our security measures in detail. Reach out to our security team.

Contact Security Team

← Back to homepage