Privacy Policy
Last updated: 4 July 2026
1. What we collect
Your account
Name, email, a hashed password, language/currency/timezone preferences, and which page sent you to us.
Your Instagram connection
When you connect Instagram (through Instagram's own login — we never see your password), we receive and store: your Instagram account ID and username; your posts' and reels' IDs and thumbnails so you can pick them; comments on your posts that match your keywords, including the commenter's public username; and delivery records for the replies and DMs MynaDM sends for you. Your Instagram access token is encrypted (AES-256) at rest and never appears in our logs.
Billing
Payments are processed by Razorpay (India) or Stripe (elsewhere). We never receive or store card numbers or UPI credentials — we store your plan, subscription status, invoice records and, if you add one, your GSTIN.
Technical
Standard server logs, error reports (scrubbed of message content and tokens), and — only if you opt in — a push-notification subscription for your device. Our marketing site sets no cookies; the app uses a session cookie to keep you signed in.
2. How we use it
To run your automations (replying to comments and sending the DMs you configured), show you your own analytics, enforce plan limits and Instagram's platform rules, send you transactional email (verification, receipts, important account events), and keep the service secure. We don't sell your data, we don't share it with advertisers, and we don't use your audience's data for anything except delivering your automations.
3. AI message scanning
When you compose a message, its text is sent to Anthropic's Claude API to check for wording that commonly triggers Instagram's spam filters. We store the verdict, a one-way hash of the text, and the suggested rewrite — never the raw text that was scanned. Anthropic does not train models on this API data.
4. Who processes data for us
Meta (the Instagram Platform API that powers everything), Razorpay and Stripe (payments), Resend (transactional email), Anthropic (message scanning, above), Sentry (error monitoring), and our hosting provider. Each receives only what its job requires.
5. Retention and deletion
We keep your data while your account is active. Deleting your account (Settings → Account) permanently deletes your profile, Instagram connection, automations, leads and delivery logs; invoice records are retained where tax law requires. Full instructions — including deletion without logging in — are on our data deletion page. If you remove MynaDM from your Instagram settings, Meta notifies us and we delete your Instagram data automatically.
6. Your rights
You can access and update your information in the app, export your analytics (CSV, on Pro), and delete everything yourself. Depending on where you live (including under the GDPR and India's DPDP Act) you may also have rights to data portability, correction and objection — email us and we'll honor them. We don't make automated decisions about you with legal effect.
7. Security
All traffic is encrypted in transit (TLS). Instagram tokens are encrypted at rest. Access to production systems is restricted and audited. No system is perfectly secure — if a breach affects your data, we'll notify you as the law requires.
8. Children
MynaDM is for people 13 and older (or the higher minimum age Instagram requires where you live). We don't knowingly collect data from children below that age.
9. Changes and contact
If we change this policy materially, we'll tell you by email or in the app before the change takes effect. Questions or requests: hello@mynadm.com.