Privacy Policy

Last Updated: December 22, 2025

This Privacy Policy explains how smdrDM ("we", "us", "our") collects, uses, stores, and protects your information when you use our Instagram DM automation service.

1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Email address, password (encrypted), name, and company name (if provided)
  • Billing Information: Credit card details (processed securely via Stripe; we do not store card numbers)
  • Automation Settings: Trigger keywords, DM templates, post selections, and automation preferences

1.2 Information We Collect from Meta (Instagram)

When you connect your Instagram account, we request permission to access:

  • Profile Information: Instagram username, profile picture, bio, follower count (public data)
  • Post Comments: Read-only access to comments on your posts to detect trigger keywords
  • Story Mentions: Notifications when users mention your account in their stories
  • Direct Messaging Access: Permission to send automated DMs on your behalf

1.3 Usage Data

  • IP address, browser type, device information
  • Pages visited, features used, time spent on the platform
  • Automation performance metrics (DMs sent, click rates, engagement stats)

2. How We Use Your Information

We use the information we collect to:

  • Provide Automation Services: Monitor comments, detect keywords, and send automated DMs based on your rules
  • Improve Our Platform: Analyze usage patterns to enhance features and user experience
  • Communicate with You: Send account updates, feature announcements, and customer support responses
  • Ensure Security: Detect and prevent fraud, unauthorized access, and policy violations
  • Process Payments: Handle billing and subscription management
  • Comply with Legal Obligations: Respond to legal requests and enforce our Terms of Service

3. Data Storage and Retention

3.1 Where We Store Your Data

Your data is stored on secure cloud servers provided by AWS (Amazon Web Services) with encryption at rest and in transit. Servers are located in the United States.

3.2 How Long We Store Your Data

  • Account Data: Stored while your account is active and for 30 days after account deletion
  • Automation Logs: Stored for 90 days for analytics and debugging purposes
  • Billing Records: Stored for 7 years to comply with financial regulations
  • Instagram Data: Comment text is not permanently stored; only metadata (timestamp, username) is kept for analytics

4. How We Share Your Information

We do NOT sell your data.

We only share your information in the following limited circumstances:

  • Service Providers: Third-party vendors who help us operate our platform:
    • Stripe: Payment processing (they handle credit card data securely)
    • AWS: Cloud hosting and data storage
    • SendGrid: Transactional email delivery
  • Legal Requirements: If required by law, court order, or government request
  • Business Transfers: In the event of a merger, acquisition, or sale of assets (users will be notified)

5. Your Rights and Choices

You have the following rights regarding your data:

  • Access Your Data: Request a copy of all data we have about you (email privacy@smdrdm.com)
  • Correct Your Data: Update inaccurate information in your account settings
  • Delete Your Data: Request deletion of your data (see our Data Deletion page)
  • Revoke Instagram Permissions: Disconnect your Instagram account at any time from:
    • • Your smdrDM dashboard
    • • Instagram Settings → Security → Apps and Websites
  • Opt-Out of Marketing Emails: Unsubscribe from promotional emails (account-related emails cannot be disabled)

6. Security Measures

We take security seriously. Our measures include:

  • Encryption: All data encrypted in transit (HTTPS/TLS) and at rest (AES-256)
  • Password Protection: Passwords hashed using bcrypt
  • Access Controls: Role-based access for employees; multi-factor authentication for admin accounts
  • Regular Audits: Security reviews and penetration testing conducted quarterly
  • OAuth 2.0: Secure authentication with Instagram (no password sharing)

7. Cookies and Tracking

We use cookies and similar technologies to:

  • • Keep you logged in
  • • Remember your preferences
  • • Analyze site traffic (Google Analytics with anonymized IPs)

You can disable cookies in your browser settings, but some features may not work properly.

8. Children's Privacy

smdrDM is not intended for users under 18 years old. We do not knowingly collect data from children. If you believe we have accidentally collected data from a minor, contact us immediately at privacy@smdrdm.com.

9. International Users

If you access smdrDM from outside the United States, please note that your data will be transferred to and processed in the U.S. By using our service, you consent to this transfer.

GDPR Compliance (EU Users): If you are in the European Union, you have additional rights under GDPR, including data portability and the right to lodge a complaint with your local data protection authority.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make significant changes, we will notify you via:

  • • Email (to your registered address)
  • • In-app notification
  • • Prominent notice on our website

Continued use of smdrDM after changes indicates acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us:

Email (Privacy Inquiries)

privacy@smdrdm.com

Email (General Support)

support@smdrdm.com

Data Deletion Requests

Visit our Data Deletion page

We will respond to all privacy-related inquiries within 30 days.