AI Policy

Written By Simon from Replaiy

Last updated About 1 month ago

Replaiy B.V.
Last updated: May 7, 2026
Version 1.2

1. Introduction

This AI Policy describes how Replaiy B.V. ("Replaiy," "we," "us," or "our") designs, operates, and governs the artificial intelligence systems that power our LinkedIn outreach and conversation platform (the "Services"). It explains our roles and responsibilities under the EU Artificial Intelligence Act (Regulation (EU) 2024/1689) (the "AI Act"), how we work with AI Providers, and what we expect from our Customers and Users when using AI features.

This Policy supplements our Terms of Service, Privacy Policy, and Data Processing Agreement. In case of conflict regarding AI-specific matters, this Policy prevails.

2. Our Approach to AI

We believe AI should make professional communication faster and more effective without compromising honesty, dignity, or the rights of the people on the other side of the conversation. Our approach is built on four principles:

  • Human oversight by default. AI assists; humans decide.

  • Transparency. We are clear about what our AI does, what it cannot do, and what we do with the data it processes.

  • Privacy by design. We minimize data, anonymize where possible, and operate primarily within the European Union.

  • Limited risk by design. We do not build features that score, rank, or select candidates, and we do not engage in any AI practice prohibited under the AI Act.

3. AI Act Classification

3.1 Risk Category

Replaiy operates as a "limited risk" AI system under the AI Act. Specifically, we provide an AI system intended to interact with natural persons through generated text content. The associated obligations focus on transparency (Article 50 AI Act), which we address in Sections 5 and 9 of this Policy.

3.2 Not High-Risk

The Services are not designed for, and may not be used as, high-risk AI systems under Annex III of the AI Act. In particular, the Services are not designed for, and Customers may not use them for:

  • Recruitment or selection of natural persons.

  • Analysis or filtering of job applications.

  • Evaluation, scoring, or ranking of candidates.

  • Decisions affecting employment relationships, promotions, or terminations.

  • Any other Annex III high-risk use case.

This restriction is reflected in our Terms of Service (Section 6.2) and is a condition of access to the Services.

3.3 Prohibited Practices

The Services may not be used for any practice prohibited under Article 5 AI Act, including subliminal manipulation, exploitation of vulnerabilities, social scoring, or indiscriminate scraping of facial images.

4. Roles Under the AI Act

4.1 Replaiy as Provider

Replaiy is the provider of the AI system embedded in the Services, within the meaning of Article 3(3) AI Act. As provider, we are responsible for:

  • Designing the system in line with limited-risk requirements.

  • Implementing technical safeguards described in this Policy.

  • Providing transparency information to Customers and downstream Users.

  • Cooperating with competent authorities where required.

4.2 Customer as Deployer

The Customer is the deployer of the AI system within the meaning of Article 3(4) AI Act. The Customer is responsible for:

  • Using the Services in accordance with their intended purpose.

  • Complying with Article 50 transparency obligations toward Leads, where applicable, including informing Leads that they are interacting with an AI system where this is not already clear from context.

  • Ensuring lawful processing of personal data of Leads under the GDPR.

  • Not using the Services for prohibited or high-risk purposes.

This division of responsibilities is reflected in our Terms of Service and DPA.

5. Co-Pilot and Auto-Pilot Modes

5.1 Co-Pilot Mode (Default)

In Co-Pilot Mode, Replaiy generates message drafts that the User reviews and approves before sending. This is the default operating mode of the Services and represents the highest level of human oversight. Every outbound message in Co-Pilot Mode is reviewed and authorized by a natural person.

5.2 Auto-Pilot Mode (Opt-In)

Auto-Pilot Mode is an optional operating mode in which AI-generated messages may be sent without per-message review by the User. Auto-Pilot must be explicitly enabled by the User and may be disabled at any time.

5.3 Built-In Safeguards in Auto-Pilot

When operating in Auto-Pilot Mode, the Services apply the following safeguards:

  • AI-Detection Trigger. If a Lead asks whether they are interacting with AI, a bot, or a non-human, Auto-Pilot automatically switches the affected conversation to Co-Pilot, requiring the User to respond personally. The User receives an in-product notification stating that the Lead has asked about AI involvement and reminding the User to respond honestly.

  • Sensitive Content Triggers. Conversations involving signals of distress, complaint escalation, legal threats, or other sensitive topics are routed to Co-Pilot for human handling.

  • Rate Limits. Auto-Pilot operates within fair-use thresholds designed to prevent spam and abusive patterns.

  • User Override. Users can intervene in any conversation at any time, regardless of mode.

5.4 No Solely Automated Decisions With Legal Effect

Replaiy does not use AI to make decisions producing legal or similarly significant effects on Data Subjects (Article 22 GDPR). The Services generate communications; they do not approve, reject, or score individuals.

6. AI Providers and Model Routing

6.1 Providers

Replaiy uses third-party large language model providers, accessed exclusively through OpenRouter, to perform AI inference. Current providers include:

  • Anthropic (Claude)

  • xAI (Grok)

  • Google (Gemini)

The list of AI Providers may change. Updates are reflected in our Subprocessors page.

6.2 Zero Data Retention

Replaiy configures its OpenRouter integration to use Zero Data Retention ("ZDR") with AI Providers. This means that AI Providers do not retain or train on the prompts and outputs generated through Replaiy.

6.3 Routing Constraints

Replaiy routes inference requests only to providers that meet our security and data protection standards. Where supplementary safeguards are required for international transfers, these are described in our DPA and Subprocessors page.

7. AI Model Improvement (Opt-In)

7.1 Opt-In Only

Replaiy may improve its proprietary AI systems using de-identified data derived from Customer use of the Services, subject to the following conditions:

  • The User has explicitly opted in (per LinkedIn account).

  • The Customer's workspace administrator has not disabled the feature at the workspace level.

  • Personal identifiers (names, email addresses, employer names, phone numbers, URLs) are stripped before any data enters the training pipeline.

The opt-in is off by default. Users may opt in or opt out at any time in their account settings.

7.2 Effect of Withdrawal

If a User opts out, Replaiy stops collecting new data from that User's conversations for AI Model Improvement purposes. De-identified data already incorporated into trained models cannot be reversed, as it no longer constitutes Personal Data.

7.3 What We Do Not Do

Replaiy does not:

  • Use Customer Data for training without opt-in.

  • Sell Customer Data to third parties.

  • Train on data of Customers who have not opted in.

  • Use special categories of data for training.

  • Use data containing direct personal identifiers for training.

  • Train AI models on Google Workspace user data, including data accessed via Google Workspace APIs (e.g., Google Calendar). Google Workspace data is processed solely to deliver the requested integration functionality and is never used for AI Model Improvement or any other model training, with or without opt-in.

8. Accuracy, Limitations, and Hallucinations

AI-generated content may contain errors, factual inaccuracies, fabricated information ("hallucinations"), or unintended phrasing. Replaiy makes no warranty as to the accuracy, suitability, or appropriateness of AI-generated outputs.

Customers and Users are responsible for reviewing AI-generated content before sending in Co-Pilot Mode and for setting up Auto-Pilot Mode within parameters that match their tolerance for autonomous operation.

The Services are not a source of legal, medical, financial, or other professional advice, and AI-generated content must not be relied upon as such.

9. Transparency Toward Leads

9.1 Customer Responsibility

Under Article 50 AI Act, Customers (as deployers) are responsible for ensuring that natural persons interacting with the AI system are informed that they are interacting with an AI, unless this is already obvious from context. This obligation rests with the Customer.

9.2 Tools We Provide

To help Customers comply with Article 50, Replaiy offers:

  • Optional message footers indicating AI assistance.

  • The Auto-Pilot AI-Detection Trigger described in Section 5.3, ensuring honest answers when Leads ask about AI involvement.

  • Educational guidance in our Help Center on responsible AI outreach.

9.3 Honest Answers Required

When a Lead directly asks whether they are interacting with AI, Customers and Users must answer honestly. The Services are designed to support this by routing such conversations to Co-Pilot Mode for human handling. Misleading Leads about the involvement of AI is a violation of these Terms.

10. Human Oversight and Governance

10.1 Internal Oversight

Replaiy maintains internal practices to support responsible AI development, including:

  • Review of new AI features for alignment with this Policy and the AI Act.

  • Monitoring for misuse and abuse of the Services.

  • Logging of AI-related events for security and audit purposes.

  • Periodic review of AI Providers, model behavior, and safety configurations.

10.2 Customer Oversight

Customers retain control over how the Services are used in their workspace, including the ability to:

  • Enable or disable Auto-Pilot Mode.

  • Enable or disable AI Model Improvement at the workspace level.

  • Manage Users, permissions, and access.

  • Audit conversation history and AI-generated content.

11. Security of AI Systems

AI-related processing is covered by the same technical and organizational measures described in our DPA (Annex II) and Security FAQ, including encryption, access control, audit logging, and EU-based hosting on Railway.

API keys and authentication credentials used to access AI Providers are stored encrypted at rest and rotated according to industry best practices.

12. Updates to AI Features

Replaiy may add, modify, or remove AI features at its discretion. Material changes affecting paid functionality will be communicated in line with our Terms of Service. Where changes affect compliance obligations under the AI Act, this Policy will be updated and Customers will be notified.

13. Reporting Concerns

If you believe an AI feature is being misused, that the Services are producing harmful outputs, or that our practices are inconsistent with this Policy or the AI Act, please contact us:

We take such reports seriously and will investigate promptly.

14. Updates to This Policy

We may update this Policy from time to time. Material changes will be communicated by email or in-product notice at least 30 days before they take effect. The "Last updated" date at the top of this Policy reflects the most recent revision.

15. Contact

Replaiy B.V.
Bovenkamp 7A
1391 LH Abcoude
The Netherlands
Email: legal@replaiy.ai (AI governance), dpa@replaiy.ai (data protection)
Web: https://replaiy.ai