Privacy Policy

This Privacy Policy describes how our Instagram AI Agent service ("Service", "we", "us", or "our") collects, uses, and protects your information when you use our application to manage Instagram direct messages through automated AI responses.

By using our Service, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and complying with all applicable data protection laws, including Meta's Platform Terms and Developer Policies.

1. Information We Collect

1.1 Instagram Account Information

When you connect your Instagram business account to our Service, we collect:

• Your Instagram business account username and user ID
• Basic profile information (name, profile picture)
• Account permissions granted through Instagram's OAuth flow

1.2 Direct Message Data

Through Instagram's webhook API, we receive and temporarily store:

• Business-related direct messages sent to your Instagram account
• Message content, sender information, and timestamps
• Conversation threads and context necessary for AI responses
• Message metadata (delivery status, read receipts)

1.3 Usage Information

We automatically collect certain information about your use of the Service:

• Service usage statistics and performance metrics
• AI agent configuration and preferences
• Response accuracy and user feedback data
• Technical logs for troubleshooting and service improvement

2. How We Use Your Information

We use the collected information for the following purposes:

• Provide AI-Powered Responses: To analyze incoming direct messages and generate appropriate automated responses through our AI agent
• Service Functionality: To maintain the connection between your Instagram account and our Service
• Customer Support: To respond to your inquiries, provide technical support, and resolve issues
• Security and Fraud Prevention: To detect, prevent, and address technical issues, abuse, or fraudulent activity
• Legal Compliance: To comply with applicable laws, regulations, and Meta's Platform Policies

3. Data Security and Encryption

We take data security seriously and implement industry-standard measures to protect your information:

• Encryption at Rest: All message data is encrypted using industry-standard AES-256 encryption in our databases
• Encryption in Transit: All data transmission occurs over secure HTTPS/TLS connections
• Access Controls: Strict access controls ensure that only authorized systems can process encrypted data
• Secure Infrastructure: Our servers and infrastructure are hosted with reputable cloud providers that maintain SOC 2 compliance
• Regular Security Audits: We conduct regular security assessments and updates to maintain the highest security standards

4. Data Retention and Automatic Deletion

Our data retention practices include:

• Message data is retained for a maximum of 7 days to enable AI processing and service functionality
• After 7 days, all message content is automatically purged from our systems
• Account connection data is retained only while your account remains active with our Service

5. Data Sharing and Third Parties

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following limited circumstances:

5.1 Service Providers

We may share data with trusted third-party service providers who assist in operating our Service, such as:

• Cloud infrastructure providers (for secure data storage)
• AI model providers (for generating automated responses)
• Analytics providers (for service performance monitoring)

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Meta/Instagram

We interact with Instagram's API in accordance with Meta's Platform Terms and Policies. Message data flows through Instagram's webhook system as authorized by you.

5.3 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of our Service, users, or others.

6. Your Rights and Choices

You have the following rights regarding your data:

6.1 Access and Portability

You have the right to request access to the personal information we hold about you and to receive a copy of your data in a portable format.

6.2 Data Deletion

You can request immediate deletion of your data at any time by one:

• Contacting us through our support channels
• Using the data deletion feature in your account settings
• Sending a written request to our designated contact email

Upon receiving your deletion request, we will permanently delete all your personal data within 30 days, except where we are legally required to retain certain information.

6.3 Account Termination

You can terminate your account and disconnect our Service from your Instagram account at any time. This will:

• Immediately revoke all access permissions to your Instagram account
• Stop all AI agent activities and message processing
• Initiate the deletion process for all stored data (completed within 30 days)
• Remove the connection between your Instagram account and our Service

6.4 Modify or Correct Information

You can update your account information and AI agent settings at any time through your account dashboard.

6.5 Opt-Out

You can disable the AI agent functionality at any time while maintaining your account, preventing further processing of new messages.

7. Meta Platform Compliance

Our Service is built in full compliance with Meta's Platform Terms, Developer Policies, and Instagram API requirements:

• Authorized Access: We access Instagram data only through official APIs and with your explicit permission
• Data Usage Restrictions: We use Instagram data solely for providing our AI response service as described in this policy
• Webhook Security: All webhook data from Instagram is securely received, processed, and stored according to Meta's security requirements
• User Control: You maintain full control over the connection and can revoke access at any time through Instagram's settings
• Policy Updates: We stay current with Meta's policy changes and update our practices accordingly

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and improve our Service. These include:

• Essential Cookies: Required for authentication and basic Service functionality
• Performance Cookies: Help us understand how users interact with our Service
• Preference Cookies: Remember your settings and customization choices

You can control cookies through your browser settings, though disabling certain cookies may limit Service functionality.

9. Children's Privacy

Our Service is intended for Instagram business account owners who are at least 18 years old. We do not knowingly collect or solicit personal information from individuals under 18. If you believe we have inadvertently collected information from a minor, please contact us immediately, and we will take steps to delete such information.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws different from those in your jurisdiction. We ensure that appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable law, including:

• Standard contractual clauses approved by relevant authorities
• Compliance with EU-US and Swiss-US Privacy Shield frameworks (where applicable)
• Ensuring third-party processors meet equivalent data protection standards

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of any material changes by one of:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice within the Service

Your continued use of the Service after such modifications constitutes your acknowledgment and acceptance of the updated Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all legitimate requests within 30 days or as required by applicable law.

13. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data concerned and the context in which we collect it:

• Contract Performance: Processing is necessary to provide the AI agent service you requested
• Legitimate Interests: We have a legitimate interest in improving our Service, preventing fraud, and ensuring security
• Consent: You have given explicit consent for specific processing activities (such as connecting your Instagram account)
• Legal Obligation: Processing is necessary to comply with legal requirements

You have the right to withdraw consent at any time where we rely on consent as the legal basis for processing.

14. Acceptance of This Policy

By using our Service, connecting your Instagram business account, or accessing our platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please do not use our Service.