Privacy Policy | Automate Your DM

This Privacy Policy describes Our policies and procedures on the collection, use, and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

We use Your Personal Data to provide and improve the Service. By using the Service, You agree to the collection and use of information in accordance with this Privacy Policy.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.
Affiliate means an entity that controls, is controlled by, or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
Company (referred to as either "the Company", "We", "Us", or "Our" in this Agreement) refers to Automate Your DM.
Cookies are small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website among its many uses.
Country refers to: India.
Data Controller means the entity that determines the purposes and means of the processing of Personal Data. When You use our Service, the Company is the Data Controller of Your Account data. When You use our automation features to interact with Your subscribers or followers, You are the Data Controller of Your subscribers' data.
Data Processor means the entity that processes Personal Data on behalf of the Data Controller. When You use our automation features, the Company acts as the Data Processor for Your subscribers' data, processing it strictly on Your behalf and per Your instructions.
Device means any device that can access the Service such as a computer, a cellphone, or a digital tablet.
Personal Data is any information that relates to an identified or identifiable individual.
Service refers to the Website and the Automate Your DM platform.
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analyzing how the Service is used.
Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Website refers to Automate Your DM, accessible from https://automateyourdm.com
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Data Controller and Data Processor Roles

Automate Your DM as Data Controller: We act as the Data Controller for Your Account data, including Your name, email address, payment information, and account preferences. We determine how and why this data is processed.

Automate Your DM as Data Processor: When You use our automation features (such as automated comment replies, DM handling, story mention auto-replies, and keyword-triggered DM flows), we act as a Data Processor. We process Your subscribers' and followers' data (including messages, comments, profile information, and interaction history) strictly on Your behalf and according to Your instructions through the Service.

You as Data Controller: When You use our Service to automate interactions with Your Instagram subscribers and followers, You act as the Data Controller for their data. You are responsible for ensuring You have a lawful basis for collecting and processing their data, providing them with appropriate privacy notices, and honoring their data rights requests.

Legal Basis for Processing

We process Your Personal Data under the following legal bases:

Contract Performance: Processing is necessary to provide You with the Service, manage Your Account, and fulfill our obligations under our Terms of Service.
Consent: Where You have given explicit consent for specific processing activities, such as receiving marketing communications or connecting Your Instagram account through OAuth.
Legitimate Interest: Processing is necessary for our legitimate interests, such as improving the Service, ensuring security, preventing fraud, and conducting analytics, provided these interests are not overridden by Your fundamental rights and freedoms.
Legal Obligation: Processing is necessary to comply with applicable laws, such as tax and accounting regulations, responding to lawful requests from public authorities, or data retention requirements.

Collecting and Using Your Personal Data

Personal Data

While using Our Service, We may ask You to provide Us with certain personally identifiable information that can be used to contact or identify You. Personally identifiable information may include, but is not limited to:

Email address
First name and last name
Instagram Business or Creator account data (when you connect your account via OAuth)
Usage Data

Usage Data

Usage Data is collected automatically when using the Service. Usage Data may include information such as Your Device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers, and other diagnostic data.

Information from Third-Party Social Media Services

The Company allows You to create an account and log in to use the Service through the following Third-party Social Media Services:

Google
Facebook
Instagram

If You decide to register through or otherwise grant us access to a Third-Party Social Media Service, We may collect Personal data that is already associated with Your Third-Party Social Media Service's account, such as Your name, Your email address, Your activities, or Your contact list associated with that account.

You may also have the option of sharing additional information with the Company through Your Third-Party Social Media Service's account. If You choose to provide such information and Personal Data, during registration or otherwise, You are giving the Company permission to use, share, and store it in a manner consistent with this Privacy Policy.

Tracking Technologies and Cookies

We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:

Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service.
Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics.

Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser. We use both Session and Persistent Cookies for the purposes set out below:

Necessary / Essential Cookies
Type: Session Cookies · Administered by: Us
These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies · Administered by: Us
These Cookies identify if users have accepted the use of cookies on the Website.
Functionality Cookies
Type: Persistent Cookies · Administered by: Us
These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
Analytics Cookies
Type: Persistent Cookies · Administered by: Google (Google Analytics 4)
We use Google Analytics 4 (GA4), a web analytics service provided by Google LLC, to analyze the use of our Service. Google Analytics uses cookies to collect information such as how often users visit the Service, what pages they visit, and what other sites they used prior to visiting. We also use GA4's User-ID feature for cross-device tracking to better understand user journeys. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on. For more information on how Google uses data, please visit Google's Privacy Policy.
Advertising / Marketing Cookies
Type: Persistent Cookies (up to 90 days) · Administered by: Meta Platforms, Inc.
We use the Meta Pixel to measure the effectiveness of our advertising campaigns, understand how visitors interact with our Service after viewing a Meta (Facebook/Instagram) ad, and to optimize our marketing efforts. The Meta Pixel places cookies (such as _fbp and _fbc) on Your device to identify Your browser and track conversion events such as sign-ups and subscriptions. This data is shared with Meta to attribute conversions to our advertising campaigns. For more information, please visit Meta's Privacy Policy.

Use of Your Personal Data

The Company may use Personal Data for the following purposes:

To provide and maintain our Service, including to monitor the usage of our Service.
To manage Your Account: to manage Your registration as a user of the Service. The Personal Data You provide can give You access to different functionalities of the Service that are available to You as a registered user.
For the performance of a contract: the development, compliance, and undertaking of the purchase contract for the products, items, or services You have purchased or of any other contract with Us through the Service.
To contact You: To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation.
To provide You with news, special offers, and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless You have opted not to receive such information.
To manage Your requests: To attend and manage Your requests to Us.
For business transfers: We may use Your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Our assets.
For AI-powered automation: We use third-party artificial intelligence services (see "AI-Powered Features" section below) to generate automated responses, analyze content, and power features within the Service. Your messages, comments, and interaction data may be processed by these AI services strictly for the purpose of delivering the automation functionality You have configured.
For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and to evaluate and improve our Service, products, services, marketing, and your experience.

We may share Your personal information in the following situations:

With Service Providers: We may share Your personal information with Service Providers to monitor and analyze the use of our Service, to contact You.
For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
With Affiliates: We may share Your information with Our affiliates, in which case we will require those affiliates to honor this Privacy Policy.
With business partners: We may share Your information with Our business partners to offer You certain products, services, or promotions.
With other users: when You share personal information or otherwise interact in the public areas with other users, such information may be viewed by all users and may be publicly distributed outside.
With Your consent: We may disclose Your personal information for any other purpose with Your consent.

AI-Powered Features and Data Processing

Our Service uses artificial intelligence (AI) and machine learning technologies provided by third-party services to power automation features. This includes, but is not limited to:

Generating automated responses to Instagram comments and direct messages
Analyzing message content to determine appropriate automated replies
Powering AI-driven voice call features
Content analysis and categorization for automation triggers

Third-party AI providers: We use the following AI service providers to deliver these features:

Google (Gemini API) - for generating AI-powered text responses. Data shared: message context, conversation history relevant to generating a response. For more information, see Google's Privacy Policy.
OpenAI - for generating AI-powered text and voice responses. Data shared: message context, conversation history, and audio data (for voice features). For more information, see OpenAI's Privacy Policy.

Important disclosures regarding AI processing:

Data sent to AI providers is used solely for generating responses and is not used by us for any other purpose.
We use API-based access to these services, which means the data processed through their APIs is subject to their respective data processing terms and enterprise privacy commitments.
Automated responses generated by AI are sent on Your behalf based on the automation rules You configure. You are responsible for reviewing and adjusting Your automation settings.
You may disable AI-powered features at any time through Your account settings within the Service.

Third-Party Service Providers

We work with trusted third-party service providers to deliver and improve the Service. These providers process data only for the specific purposes described below and are contractually bound to maintain appropriate security measures:

Social Media Platform (Meta/Instagram): We integrate with Meta's official Graph API to provide the core automation functionality. When You connect Your Instagram account, data such as profile information, messages, comments, and story interactions are accessed as permitted by You.
AI Service Providers: We use third-party AI services to power automated response generation, content analysis, and voice features. Message context and conversation history relevant to generating responses may be processed by these providers. See the "AI-Powered Features" section above for details.
Payment Processors: Payment processing is handled by PCI-DSS compliant third-party providers. See the "Payment Data" section for details.
Analytics Providers: We use Google Analytics 4 (GA4) to understand how users interact with the Service. See the "Analytics Cookies" section above for details and opt-out options.
Advertising & Conversion Tracking: We use Meta Pixel to measure the effectiveness of our advertising campaigns on Facebook and Instagram, and to track conversion events (such as sign-ups and purchases). See the "Advertising / Marketing Cookies" section above for details.
Email Delivery Services: We use third-party email infrastructure providers to send transactional emails (such as OTP verification, password resets, and account notifications). Only Your email address and the email content are shared with these providers.
Authentication Services: When You choose to log in with a third-party service (such as Google), we use their authentication APIs. We receive only Your name, email address, and profile picture. We do not receive or store Your third-party account password.

We do not sell, rent, or trade Your personal information to any third party for commercial or advertising purposes.

Payment Data

When You subscribe to a paid plan, payment processing is handled by our third-party payment providers:

Razorpay (for payments within India) - Razorpay Privacy Policy
Stripe (for international payments) - Stripe Privacy Policy

We do not store Your full credit card number, CVV, or other sensitive payment card details on our servers. Payment information is collected and processed directly by Razorpay or Stripe through their secure, PCI-DSS compliant systems. We only receive and store:

Transaction identifiers and status
Subscription plan and billing period
Payment method type (e.g., card, UPI, net banking)
Amount and currency

Automated Decision-Making

Our Service includes automated decision-making features as part of the core automation functionality You configure:

Automated analysis of Instagram comments to determine which comments match Your configured keyword triggers
Automated generation and sending of reply messages based on Your automation rules
Automated categorization and routing of conversations in the shared inbox

These automated processes are initiated and configured by You and operate based on rules You define. You retain full control to review, modify, or disable any automation at any time through Your account settings. If You believe an automated decision has adversely affected You or Your subscribers, You can contact Us to request a manual review.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

Specifically, we apply the following retention periods:

Account data (name, email, preferences): Retained for the duration of Your active account plus 30 days after account deletion.
Instagram interaction data (messages, comments, story data): Retained for the duration of Your active account plus 30 days after account deletion or disconnection of the Instagram account.
Payment and transaction records: Retained for up to 7 years to comply with tax and accounting regulations under applicable Indian law.
Usage and analytics data: Retained for up to 26 months (Google Analytics default retention period).
Cookies: Session Cookies are deleted when You close Your browser. Persistent Cookies are retained for up to 12 months.
Backup data: Deleted within 90 days of the primary data deletion.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to, and maintained on, computers located outside of Your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Specifically, Your data may be transferred to or processed in the following locations through our sub-processors: the United States (via OpenAI, Stripe, and Google services), and other regions where our cloud infrastructure providers operate.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service. You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Meta Data Deletion: If You remove our application's access through Your Instagram or Facebook account settings, Meta will send us a data deletion request via our registered callback endpoint. Upon receiving such a request, we will initiate the deletion of all data associated with Your connected Instagram account and provide a confirmation code and status URL for You to track the deletion progress.

Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so (such as payment records for tax compliance purposes).

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law Enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Other Legal Requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

Comply with a legal obligation
Protect and defend the rights or property of the Company
Prevent or investigate possible wrongdoing in connection with the Service
Protect the personal safety of Users of the Service or the public
Protect against legal liability

Security of Your Personal Data

The security of Your Personal Data is important to Us. We implement appropriate technical and organizational measures to protect Your data, including:

Encryption of data in transit using TLS/SSL protocols
Secure OAuth-based authentication for Instagram account connections. We never store Your Instagram login credentials
Access controls and role-based permissions for internal systems
Regular security assessments and monitoring
Secure storage of sensitive configuration data and API keys

Remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to Your rights and freedoms, We will:

Notify the applicable data protection authority (including the Data Protection Board of India, where applicable) within 72 hours of becoming aware of the breach, as required by applicable law.
Notify affected users without undue delay when the breach is likely to result in a high risk to their rights and freedoms.
Document the nature of the breach, approximate number of individuals affected, likely consequences, and measures taken or proposed to address the breach.

Your Rights Under GDPR (EU/EEA/UK Residents)

If You are located in the European Union, European Economic Area, or the United Kingdom, You have certain data protection rights under the General Data Protection Regulation (GDPR). We aim to take reasonable steps to allow You to correct, amend, delete, or limit the use of Your Personal Data. You have the following rights:

Right of Access (Art. 15): You have the right to request copies of Your Personal Data held by us.
Right to Rectification (Art. 16): You have the right to request that We correct any inaccurate Personal Data or complete any incomplete data.
Right to Erasure (Art. 17): You have the right to request that We delete Your Personal Data, under certain conditions.
Right to Restriction of Processing (Art. 18): You have the right to request that We restrict the processing of Your Personal Data, under certain conditions.
Right to Data Portability (Art. 20): You have the right to request that We transfer the data We have collected to another organization, or directly to You, in a structured, commonly used, and machine-readable format.
Right to Object (Art. 21): You have the right to object to Our processing of Your Personal Data, particularly where We rely on legitimate interest as the legal basis.
Right Related to Automated Decision-Making (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects You.
Right to Withdraw Consent: Where We rely on Your consent to process Your Personal Data, You have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a Data Protection Supervisory Authority in Your country of residence.

To exercise any of these rights, please contact Us at [email protected]. We will respond to Your request within 30 days.

Your Rights Under CCPA/CPRA (California Residents)

If You are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide You with specific rights regarding Your Personal Data:

Right to Know: You have the right to request disclosure of the categories and specific pieces of Personal Data We have collected about You, the categories of sources, the business purpose for collecting, and the categories of third parties with whom We share it.
Right to Delete: You have the right to request the deletion of Your Personal Data, subject to certain exceptions.
Right to Correct: You have the right to request the correction of inaccurate Personal Data.
Right to Opt-Out: You have the right to opt out of the "sale" or "sharing" of Your Personal Data. We do not sell or share Your Personal Data as defined under the CCPA/CPRA.
Right to Non-Discrimination: You have the right not to be discriminated against for exercising any of Your CCPA/CPRA rights.

Categories of Personal Information collected (as defined by CCPA): Identifiers (name, email), Internet activity information (browsing history, interaction data), commercial information (subscription records, payment history), and professional information (Instagram business account data).

To exercise Your rights, please contact Us at [email protected]. We will verify Your identity before processing Your request and respond within 45 days.

Your Rights Under India's Digital Personal Data Protection Act (DPDPA), 2023

As a company based in India, We comply with the Digital Personal Data Protection Act, 2023 (DPDPA). If You are an Indian resident (Data Principal), You have the following rights:

Right to Access: You have the right to obtain a summary of Your Personal Data being processed by us and the processing activities related to it.
Right to Correction and Erasure: You have the right to request correction of inaccurate or misleading Personal Data, completion of incomplete data, and erasure of Personal Data that is no longer necessary for the purpose for which it was collected.
Right to Grievance Redressal: You have the right to have any grievance addressed by the Company within a reasonable time in accordance with the mechanism prescribed.
Right to Nominate: You have the right to nominate any other individual to exercise Your data protection rights in the event of Your death or incapacity.

Consent: We obtain Your consent before collecting and processing Your Personal Data. You have the right to withdraw Your consent at any time by contacting Us or through account settings. The withdrawal process is as simple as the original consent process. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

Grievance Redressal: For any grievance related to the processing of Your Personal Data, please contact our Grievance Officer:

Email: [email protected]
We will acknowledge Your grievance within 48 hours and aim to resolve it within 30 days.

If You are not satisfied with our resolution, You may escalate Your complaint to the Data Protection Board of India as established under the DPDPA, 2023.

"Do Not Sell or Share My Personal Information"

We do not sell, rent, or trade Your Personal Data to third parties for monetary or other valuable consideration. We do not share Your Personal Data with third parties for cross-context behavioral advertising. Your data is used solely to provide and improve the Service as described in this Privacy Policy, and is shared only with the sub-processors listed above for the specific purposes described.

Children's Privacy

Our Service does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact Us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent's consent before We collect and use that information.

Links to Other Websites

Our Service may contain links to other websites that are not operated by Us. If You click on a third-party link, You will be directed to that third party's site. We strongly advise You to review the Privacy Policy of every site You visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.

Third-Party Platform Integration

Our Service integrates with Meta (Facebook/Instagram) APIs. When you connect your Instagram account, We access certain data (such as your profile information, messages, comments, and story interactions) as permitted by you and as required to provide the Service. You are also subject to Meta's Privacy Policy and Terms of Service. We do not store Instagram login credentials. Authentication is handled securely via OAuth through Meta's official APIs.

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

By email: [email protected]
For privacy-specific inquiries: [email protected]
By visiting our Contact page