Legal

Privacy Policy

Last updated: June 12, 2026

1. Introduction

Welcome to Insta Automate ("we", "our", or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Instagram comment-to-DM automation service available at instautomate.app.

By using Insta Automate you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use immediately.

2. Information We Collect

2.1 Information You Provide

  • Account registration details (name, email address)
  • Instagram Business or Creator account credentials (via Meta OAuth — we never store your Instagram password)
  • Automation configurations: keywords, response messages, flow nodes, and button settings
  • Payment information (processed securely by our payment provider; we do not store card details)

2.2 Information Collected Automatically

  • Instagram comment data received via Meta Webhooks (comment text, commenter ID, media ID)
  • DM delivery logs (recipient scoped ID, message status, timestamp) — retained for 90 days
  • Contact records: Instagram username, display name, and profile picture URL of users who interact with your automations — retained while your account is active
  • Lead generation data you configure us to collect via DM (e.g. email address, phone number, name, custom fields) — retained until you delete the contact or your account
  • Relationship data: whether the business account follows or is followed by a contact (used solely to display relationship status in the Contacts dashboard)
  • Usage analytics (pages visited, features used, session duration)
  • Server logs (IP address, browser type, referring URL)

2.3 Uploaded Images

Images you upload for use in automation response messages are stored on our servers at instautomate.app/uploads/. These images are publicly accessible via their URL so that Instagram's servers can fetch and deliver them to recipients. Uploaded images are deleted when you remove them from your automation or delete your account.

2.3 Information from Meta / Instagram

When you connect your Instagram account, we receive an access token and basic profile information (Instagram user ID, username, profile picture) via the Meta Graph API. We use this solely to operate the automation service on your behalf.

3. How We Use Your Information

  • To provide, operate, and improve the Insta Automate service
  • To send automated DMs and comment replies on your behalf through the official Meta Graph API
  • To display analytics and statistics about your automations
  • To send transactional emails (account alerts, billing receipts)
  • To detect, prevent, and address technical issues or abuse
  • To comply with legal obligations

We do not sell your personal data. We do not use your data to train AI models.

4. Instagram / Meta Data Usage

Insta Automate uses the Meta Graph API and complies with Meta's Platform Terms and Developer Policies. Specifically:

  • We access only the permissions required to operate the service (instagram_business_basic, instagram_business_manage_messages, instagram_business_manage_comments)
  • We do not share Instagram user data with third parties except as described in Section 5
  • Comment and commenter data received via webhooks is used only to trigger automations and is not sold or repurposed
  • Access tokens are encrypted at rest using AES-256 encryption

5. Sharing Your Information

We may share your information with:

  • Meta Platforms, Inc. — via API calls required to deliver messages on your behalf
  • Infrastructure providers — Vercel (hosting), MongoDB Atlas (database), all under data processing agreements
  • Payment processors — for billing purposes only
  • Law enforcement — when required by applicable law or valid legal process

We require all third-party providers to maintain appropriate data protection standards.

6. Data Retention

  • Account data is retained while your account is active
  • DM logs and automation statistics are retained for 90 days
  • Contact records (Instagram username, name, profile picture, relationship status) are retained while your account is active and deleted upon account deletion
  • Lead generation data (email, phone, custom fields) collected via DM flows is retained until you delete the contact record or your account
  • Uploaded images are retained until removed from automations or account deletion
  • Upon account deletion, all personal data is purged within 30 days except where retention is required by law
  • Encrypted Instagram access tokens are deleted immediately upon account disconnection or deletion

7. Security

We implement industry-standard security measures including AES-256 encryption for tokens at rest, TLS for data in transit, and regular security reviews. However, no method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data (see our Data Deletion page)
  • Withdraw consent for processing at any time
  • Lodge a complaint with a data protection authority

To exercise these rights, contact us at privacy@instautomate.app.

9. Cookies

We use essential cookies for authentication and session management, and analytics cookies to understand how the service is used. You can control cookie preferences through your browser settings.

10. Children's Privacy

Insta Automate is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or a prominent notice in the application. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy, please contact:
Insta Automate
Email: privacy@instautomate.app
Website: instautomate.app