Privacy Policy

When you connect your Instagram account to autodm, we collect and process the following categories of information:

Information from Instagram (via Meta Platform APIs)

• Your Instagram Business or Creator account profile information, including your username, account ID, profile picture, and biography
• Instagram Insights and analytics data, including impressions, reach, engagement metrics, and follower demographics
• Comments on your Instagram media, including the commenter's username and comment content
• Direct message metadata necessary to facilitate automated replies on your behalf
• Media data, including post content, captions, timestamps, and engagement statistics

Information you provide directly

• Your email address when you create an account with autodm
• Configuration preferences for automated messaging rules (e.g., trigger keywords, message templates)

Information collected automatically

• Browser type and version
• IP address and approximate location
• Device information
• Usage data, including pages visited, features used, and timestamps
• Server logs

We process the information we collect for the following purposes:

• Providing our services: To display analytics dashboards, follower retention metrics, and engagement insights from your Instagram account
• Automated messaging: To detect trigger comments (e.g., “Link”) on your posts and send automated direct messages on your behalf via the Instagram Messaging API
• Account management: To authenticate your identity, maintain your session, and manage your connection to Instagram
• Service improvement: To understand how our platform is used and to improve features and performance
• Communication: To send you service-related notifications, such as token expiry reminders or feature updates

We do not sell your personal data or Instagram data to third parties. We do not use your data for advertising purposes. We do not use Platform Data to disadvantage any person or group based on race, ethnicity, color, national origin, religion, age, sex, sexual orientation, gender identity, family status, disability, or medical or genetic condition.

We implement appropriate technical and organizational measures to protect your data, including:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of data at rest for all stored Platform Data
• Secure storage of access tokens using application-level encryption, with decryption keys accessible only to the application
• The Meta App Secret is never exposed outside of our secured server environment
• Multi-factor authentication for remote access to our systems
• Regular security vulnerability testing of our application and systems

Access tokens obtained from Instagram are stored securely and refreshed as needed. Long-lived tokens are renewed before their 60-day expiry to maintain your service connection.

We may share your data only in the following circumstances:

• Service providers: We use third-party infrastructure providers (such as cloud hosting services) to operate our platform. These providers process data solely on our behalf and under written agreements that require them to protect your data
• Legal requirements: We may disclose your data if required by applicable law, regulation, or legal process
• With your consent: We will share data with third parties only when you have explicitly consented to such sharing

We do not transfer, share, or sell Platform Data to any advertising network, data broker, or other service that is unrelated to the core functionality of our app.

We retain your Platform Data only for as long as necessary to provide our services to you. When your data is no longer needed, or when you request deletion, we will delete it in accordance with this policy and Meta's Platform Terms.

You have the right to request deletion of your data at any time. You may do so by:

• Sending an email to synarahq@gmail.com with the subject line “Data Deletion Request” and including the Instagram username associated with your account
• Using the account deletion option within the autodm app settings (when available)

Upon receiving your request, we will delete all Platform Data associated with your account. We will also delete your Platform Data if you delete your account within our app, or if your Instagram account is deactivated or deleted. Deletion will be completed within 30 days of your request, unless an applicable law or regulation requires us to retain certain data.

Depending on your jurisdiction, you may have additional rights regarding your personal data, including the right to access, correct, port, or restrict processing of your data. To exercise any of these rights, please contact us using the information below.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through a notice within the app. Your continued use of autodm after changes are posted constitutes your acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us: