Privacy Policy

Last Updated: November 30, 2025

1. Introduction

Welcome to Instagram DM Automation ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Instagram direct message automation service (the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, phone number, business name
Payment Information: Billing details processed securely through our payment provider (Asaas)
Instagram Business Account: Instagram username, account ID, connected Facebook Page information

2.2 Information Collected via Instagram Graph API

User Interactions: Comments on your Instagram posts (username, comment text, timestamp)
Message Data: Direct messages sent and received through our Service
Profile Information: Basic Instagram profile information of users who interact with your posts
Instagram Insights: Analytics data about message delivery, open rates, and engagement metrics

2.3 Technical Information

Log Data: IP address, browser type, operating system, access times, pages viewed
Device Information: Device type, unique device identifiers
Usage Data: How you interact with our Service, features used, time spent

3. How We Use Your Information

We use the collected information for the following purposes:

Provide the Service: Automate responses to Instagram comments and send direct messages on your behalf
Account Management: Create and manage your account, process payments, provide customer support
Service Improvement: Analyze usage patterns to improve features and user experience
Communication: Send service updates, technical notices, security alerts, and support messages
Compliance: Comply with legal obligations and enforce our Terms of Service
Analytics: Generate aggregated statistics about Service usage (anonymized data only)

4. Instagram Graph API Compliance

Our use of the Instagram Graph API is subject to Meta's Platform Terms and Instagram's API Terms of Use. We:

Only request permissions necessary for our Service to function
Do not use Instagram data for advertising or cross-app data sharing
Do not sell, license, or trade Instagram user data
Respect Instagram's 24-hour messaging window policy
Allow users to revoke access at any time through Instagram settings
Delete Instagram data within 90 days of account deletion or API access revocation

5. Data Retention

Active Accounts: We retain your data as long as your account is active or as needed to provide the Service
Deleted Accounts: Upon account deletion, we delete your personal data within 30 days
Instagram Data: Deleted within 90 days of account deletion or API access revocation
Legal Requirements: We may retain certain data longer if required by law or for legitimate business purposes (e.g., fraud prevention)
Backup Systems: Data may persist in backup systems for up to 90 days after deletion

6. How We Share Your Information

We do not sell or rent your personal information. We may share information in the following circumstances:

Service Providers: Third-party companies that help us operate the Service (hosting, payment processing, customer support)
Meta/Instagram: Information shared through Instagram Graph API in accordance with their terms
Legal Compliance: When required by law, court order, or governmental request
Business Transfers: In connection with a merger, acquisition, or sale of assets (with notice to affected users)
Your Consent: With your explicit consent for other purposes

7. Data Security

We implement industry-standard security measures to protect your information:

Encryption: HTTPS/TLS encryption for data in transit
Secure Storage: Encrypted databases with access controls
Access Controls: Limited employee access on a need-to-know basis
Authentication: Secure OAuth 2.0 for Instagram API access
Monitoring: Regular security audits and vulnerability assessments
Token Management: Instagram access tokens stored securely and rotated regularly

Note: No method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights and Choices

You have the following rights regarding your personal information:

Access: Request a copy of the personal data we hold about you
Correction: Update or correct inaccurate information
Deletion: Request deletion of your account and associated data
Export: Download your data in a portable format (JSON/CSV)
Opt-Out: Unsubscribe from marketing communications (service emails may still be sent)
Revoke Access: Disconnect Instagram account through your Instagram settings or our dashboard
Object: Object to certain processing of your data

To exercise these rights, contact us at privacy@agenciacafeonline.com.br

9. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

Legal Basis: We process your data based on your consent, contract performance, or legitimate interests
Data Portability: Right to receive your data in a structured, machine-readable format
Right to Object: Object to processing based on legitimate interests
Right to Restriction: Request restriction of processing under certain circumstances
Supervisory Authority: Right to lodge a complaint with your local data protection authority

10. LGPD Compliance (Brazilian Users)

For users in Brazil, we comply with the Lei Geral de Proteção de Dados (LGPD):

Legal Basis: Consent, contract execution, legitimate interest, or legal obligation
Data Controller: We act as data controller for personal data collected
National Data Protection Authority: Right to contact ANPD for complaints
Data Transfer: International data transfers comply with LGPD requirements

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately.

12. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., Instagram, Facebook). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

Posting the updated policy on this page with a new "Last Updated" date
Sending an email notification to your registered email address
Displaying a prominent notice in our Service dashboard

Your continued use of the Service after changes constitutes acceptance of the updated policy.

14. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer data internationally, we ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses).

15. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request disclosure of data collected, used, and shared
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt-out of sale of personal information (we do not sell data)
Non-Discrimination: We will not discriminate against you for exercising your rights

16. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Instagram DM Automation
Email: privacy@agenciacafeonline.com.br
Support: support@agenciacafeonline.com.br
Website: agenciacafeonline.com.br
WhatsApp: +55 11 94729-2318

Data Protection Officer (DPO): Felipe Zanoni

Response Time: We will respond to privacy requests within 30 days.