Privacy Policy

1. General Information

We are committed to protecting your privacy and complying with all applicable data protection laws and regulations, including the General Data Protection Regulation (GDPR) of the European Union and Spain's Organic Law on Data Protection (LOPD).

2. Information We Collect

2.1 Instagram Account Information

When you connect your Instagram Business account to our application, we collect:

• Profile information: Username, display name, profile picture, and basic Instagram Business account information
• API access token: Authorization token required to access the Instagram API through Facebook
• Facebook Page ID: Identifier of the Facebook page linked to your Instagram Business account

2.2 Messaging Information

To provide our automation services, we process:

• Direct messages: Content of messages received and sent through Instagram Direct
• Message metadata: Date and time of messages, delivery status, sender ID
• Multimedia content: Images, videos, or files shared in conversations (only during active processing)
• Automated responses: Messages generated by our artificial intelligence in response to user queries

2.3 Technical Information

We automatically collect certain technical information:

• Usage data: Information about how you use the application, frequency of use, and features utilized
• Device information: Device type, operating system, web browser used
• Server logs: IP address, date and time of access, pages visited
• Cookies and similar technologies: Unique identifiers to improve your user experience

3. How We Use Your Information

3.1 Primary Purposes

We use the information collected to:

• Provide the service: Automate responses to Instagram direct messages using artificial intelligence
• Conversation management: Process, analyze, and respond to messages automatically or semi-automatically
• Service improvement: Train and enhance our AI algorithms to provide more accurate and helpful responses
• Personalization: Adapt automated responses according to context and your business needs

3.2 Secondary Purposes

• Technical support: Diagnose and resolve technical issues
• Security: Detect and prevent fraud, abuse, or unauthorized activities
• Legal compliance: Comply with legal and regulatory obligations
• Statistical analysis: Perform aggregate and anonymous analyses to improve our services
• Communication: Send you important updates about the service, changes in terms or policies

4. Legal Basis for Data Processing

We process your personal data under the following legal bases:

• Consent: By authorizing our application through Facebook/Instagram, you grant us your explicit consent
• Contract execution: Processing is necessary to provide the services you have requested
• Legitimate interest: Improvement of our services and platform security
• Legal obligation: Compliance with applicable laws and regulations

5. Sharing Information with Third Parties

5.1 Facebook/Meta

Our application uses the official Facebook/Meta API to access Instagram services. Therefore, we share information with Facebook/Meta as required by their terms and policies:

• Data necessary for authentication and authorization
• API usage information according to platform policies
• Metadata necessary for service operation

For more information about how Facebook/Meta processes your data, please see their Privacy Policy.

5.2 Service Providers

We may share information with trusted service providers who help us operate our application:

• Hosting services: To store data securely
• AI services: To process and generate automated responses
• Analytics tools: To understand how our application is used
• Security providers: To protect against threats and vulnerabilities

All our service providers are contractually obligated to protect your data and can only use it for the purposes we specify.

5.4 Legal Requirements

We may disclose your information if required by law, court order, or government authorities, or if we believe in good faith that such disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or abuse
• Protect the rights and safety of our users

6. Use of Cookies and Similar Technologies

We use cookies and similar tracking technologies to:

• Essential cookies: Necessary for basic application functionality
• Functionality cookies: To remember your preferences and settings
• Analytics cookies: To understand how users interact with our application (Google Analytics or other tools)
• Security cookies: To prevent fraud and protect your account

You can control the use of cookies through your browser settings. However, disabling certain cookies may affect the functionality of our application.

7. Data Security

We take the security of your data very seriously and implement appropriate technical and organizational measures:

• Encryption: We use SSL/TLS encryption to protect data in transit
• Restricted access: Only authorized personnel have access to personal information
• Secure storage: Data is stored on secure servers with physical and digital protection
• Continuous monitoring: We monitor our systems for suspicious activities
• Regular updates: We keep our systems updated with the latest security patches
• Security audits: We conduct periodic assessments of our security practices

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.

8. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this policy:

• Account data: While your account is active and for a reasonable period after its closure to fulfill legal obligations
• Messages and conversations: As necessary to provide the service and as permitted by the Instagram API (typically 24 hours for active messages, longer for anonymous aggregate analysis)
• Technical logs: Generally retained for 12 months or as required by law
• Support data: Until your inquiry is resolved plus a reasonable period

After these periods, we securely delete or anonymize your information.

9. Your Rights

Under applicable data protection laws (GDPR, LOPD), you have the following rights:

9.1 Right of Access

You have the right to know what personal data we have about you and to obtain a copy of it.

9.2 Right to Rectification

You can request that we correct any inaccurate or incomplete personal information.

9.3 Right to Erasure ("Right to be Forgotten")

You can request that we delete your personal data in certain circumstances.

9.4 Right to Restriction of Processing

You can request that we limit the processing of your personal data in certain situations.

9.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

9.6 Right to Object

You can object to the processing of your personal data for reasons related to your particular situation.

9.7 Right to Withdraw Consent

You can withdraw your consent at any time by disconnecting our application from your Facebook/Instagram account settings.

9.8 Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with regulations, you have the right to file a complaint with the competent data protection authority:

• Spain: Spanish Data Protection Agency (AEPD) - www.aepd.es
• European Union: Your local Data Protection Authority

10. Deleting Your Account and Data

You can delete your account and data at any time through the following methods:

• From the application: Access your account settings and select "Delete account"
• Deauthorization on Facebook: Go to Settings → Apps and websites → Remove our application
• Email request: Send us an email to the contact address indicated below

Once your account is deleted:

• We will delete all your personal data within 30 days
• Our application's access to your Instagram account will be revoked
• Some data may be retained in backups for a limited additional period
• Aggregated and anonymized data may be retained for statistical purposes

11. International Data Transfers

Your data may be transferred and processed in countries outside the European Economic Area (EEA). In such cases, we ensure that:

• Appropriate safeguards are applied such as EU standard contractual clauses
• Providers comply with data protection standards equivalent to GDPR
• We implement additional security measures when necessary

12. Minors

Our services are not directed to individuals under 13 years of age (or the minimum legal age in your jurisdiction). We do not knowingly collect personal information from minors. If we discover that we have collected data from a minor without appropriate parental consent, we will delete that information immediately.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. We will notify you of significant changes through:

• A prominent notice in our application
• An email to the address associated with your account
• Updating the "Last Updated" date at the beginning of this policy

We recommend that you review this policy periodically. Continued use of our services after changes constitutes your acceptance of the updated policy.

14. Compliance with Facebook/Meta Policies

This application complies with:

• Facebook Platform Terms
• Facebook Platform Policy
• Facebook Privacy Policy
• Instagram API policies for messaging

We are committed to using the Facebook/Meta platform responsibly and ethically, respecting both your rights and those of end users who interact with your Instagram account.

15. 24-Hour Messaging Window

In accordance with Instagram policies, our application respects the 24-hour messaging window:

• We can send automated messages only in response to user-initiated messages
• The response window is 24 hours from the user's last message
• We do not send unsolicited or promotional messages outside this window
• Message tags are used only according to Meta's guidelines

16. Artificial Intelligence and Automated Processing

Our application uses artificial intelligence to:

• Analyze the content of received messages
• Generate contextually relevant automated responses
• Identify user intent and categorize queries
• Suggest quick replies to the human team

17. Escalation to Human Agents

As required by Meta's policies, we implement:

• Human contact option: Users can request to speak with a human agent at any time
• AI identification: Automated responses are clearly identified as AI-generated when appropriate
• Human supervision: The account owner can review and supervise all automated conversations
• Manual intervention: Ability to intervene and respond manually in any conversation

19. Additional Information for EU Residents

If you reside in the European Union, you have additional rights under the GDPR:

• Right not to be subject to decisions based solely on automated processing
• Right to receive clear information about the data controller
• Right to know the retention period of your data
• Right to know the origin of the data if not obtained directly from you

20. Consent

By using our application and authorizing access to your Instagram account through Facebook, you confirm that:

• You have read and understood this Privacy Policy
• You consent to the processing of your data as described
• You understand that you can withdraw your consent at any time
• You are at least 18 years old or the legal age to give consent in your jurisdiction