Privacy Policy

Last updated: December 2024

IGBot ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

  • Email address
  • Password (encrypted)
  • Username (optional)
  • Timezone preference

1.2 Instagram Data

When you connect your Instagram account, we access and store:

  • Instagram user ID and username
  • Profile picture URL
  • Access tokens (securely encrypted)
  • Posts and media metadata
  • Comments on your posts (via webhook)

1.3 Automation Data

We collect data related to your automations:

  • Keywords and trigger rules you set up
  • Message templates you create
  • Links you share
  • Message delivery logs (recipient username, timestamp, status)

1.4 Payment Information

Payment information is processed by Stripe. We do not store your credit card details. We only receive:

  • Stripe customer ID
  • Subscription status and billing dates
  • Payment confirmation

1.5 Technical Information

We automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Usage patterns and analytics

2. How We Use Your Information

We use the collected information to:

  • Provide and maintain the Service
  • Process your automations and send DMs on your behalf
  • Process payments and manage subscriptions
  • Send transactional emails (account verification, password reset)
  • Provide customer support
  • Improve our Service and develop new features
  • Detect and prevent fraud or abuse
  • Comply with legal obligations

3. Data Sharing and Disclosure

We do not sell your personal information. We may share your data with:

3.1 Service Providers

Provider Purpose Data Shared
Cloudflare Hosting and security Technical data, encrypted database
Stripe Payment processing Email, payment details
Amazon SES Email delivery Email address
Instagram/Meta API integration As required by OAuth

3.2 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests from public authorities.

4. Data Security

We implement appropriate security measures including:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure password hashing
  • Regular security assessments
  • Access controls and authentication

However, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

5. Data Retention

We retain your data as follows:

  • Account data: Until you delete your account
  • Message logs: 90 days
  • Instagram tokens: Until disconnected or expired
  • After account deletion: 30 days (for recovery purposes), then permanently deleted

6. Your Rights

Depending on your location, you may have the following rights:

6.1 Access and Portability

You can request a copy of your personal data at any time.

6.2 Correction

You can update your account information through the settings page.

6.3 Deletion

You can request deletion of your account and associated data by contacting us.

6.4 Objection

You can object to certain processing of your data.

6.5 Withdrawal of Consent

You can disconnect your Instagram account at any time, which revokes our access to your Instagram data.

7. Cookies and Tracking

We use essential cookies for:

  • Authentication and session management
  • Security (CSRF protection)
  • Preferences

We do not use third-party tracking cookies or advertising cookies.

8. Children's Privacy

Our Service is not intended for users under 18 years of age. We do not knowingly collect information from children under 18.

9. International Data Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers.

10. California Privacy Rights (CCPA)

California residents have additional rights under CCPA:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information (we do not sell data)
  • Right to equal service and price

11. European Privacy Rights (GDPR)

If you are in the European Economic Area, you have rights under GDPR including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right to lodge a complaint with a supervisory authority

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the Service. Your continued use after changes constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, contact us at:

Email: privacy@igbot.app