What we collect, what we don’t, and where the data lives.
SpaReply is a small site. We sell one $49 digital toolkit and run a free browser-based review reply generator. We collect as little personal data as we can while still operating the business — and we don’t sell what we do collect.
The free generator runs entirely in your browser. Stripe handles checkout and stores the payment information — we don’t see or store your card details. We use the email you give Stripe to deliver your toolkit and reply to support. We don’t sell, rent, or trade your personal data.
Who runs SpaReply
SpaReply is operated as an independent business. The public domain is spareply.com. The only support email is hello@spareply.com.
What the free reply generator collects
Nothing leaves your device. The generator at spareply.com/#generator runs in the browser tab — review text, rating, service, and tone selections are processed locally to assemble a draft reply. No login, no API call, no analytics event carries the review text off your device.
What we collect when you buy the $49 toolkit
Checkout is handled by Stripe. When you pay, Stripe collects the data it needs to process the transaction — typically:
- Email address
- Name on payment method
- Billing country and (where required) postal code
- Card or payment-method details (handled and stored by Stripe, not by us)
- The IP address Stripe sees during checkout, for fraud screening
We receive a record of the order from Stripe — including your email and the fact that you bought the toolkit — so we can deliver the product, send receipts, handle refunds, and reply to support. We do not see or store your full card number; that lives with Stripe under their security and PCI program.
Stripe’s own privacy practices apply to the data they collect at checkout. See stripe.com/privacy for their policy.
What we collect when you email us
When you email hello@spareply.com— or use any of the “ask a question” forms on the site, which simply open your own email client — we receive whatever you send: your email address, your message, and any details you choose to share. We use that to reply, to resend a download link, or to handle a refund. We don’t add the email to a marketing list.
What we don’t collect
- We don’t require accounts, logins, or passwords on spareply.com.
- We don’t collect or store any review text, guest names, or other content typed into the free generator — it never leaves your device.
- We don’t collect protected health information. Please don’t send PHI in support emails. If a clinical or compliance question requires it, route it through your provider, privacy officer, or counsel instead.
- We don’t sell, rent, or trade personal data to third parties.
Cookies and analytics
The site uses minimal cookies. Stripe’s checkout sets the cookies it needs to complete a transaction and screen for fraud — those are governed by Stripe’s policy. If we add basic, privacy-respecting analytics later (for example, to understand which pages buyers actually read), we’ll update this page to say so and what it covers.
Email delivery
Transactional emails — Stripe receipts, refund confirmations, and human support replies — are sent through Stripe and standard email providers. We don’t run a marketing automation platform and we don’t add buyers to a newsletter without explicit opt-in.
How long we keep data
Order records (email, purchase date, refund status) are kept as long as needed to support the buyer, handle refunds, and meet basic accounting obligations. Support emails are kept while the conversation is useful — and then archived or deleted.
Your choices
- Access or delete: email hello@spareply.comfrom the address tied to your purchase and we’ll confirm what we have on file or delete it, consistent with our refund and accounting needs.
- Refund: see the refund policy for the 7-day satisfaction refund process.
- Stop receiving email:reply to any support email and ask us to close the thread. We don’t run a marketing list.
Security
Payments are handled by Stripe under their security program. We follow standard practices to keep our own systems reasonable — limited access, short-lived sessions, and no unnecessary data retention. We don’t claim certifications, audits, or compliance frameworks we haven’t completed.
Children
SpaReply is built for med-spa owners, practice managers, and front-desk leads — adults using the site in a business context. The site is not directed at children, and we don’t knowingly collect personal data from children.
Changes to this policy
If this policy changes, we’ll update the “last updated” date below. Material changes will be reflected in copy, not buried.
Contact
Email hello@spareply.com and a human will reply. The same inbox handles privacy questions, support, and refunds.
Last updated: May 3, 2026.