Privacy Policy

1. Introduction

ReplyKaro ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Instagram direct message automation service.

By using ReplyKaro, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Information from Instagram

When you connect your Instagram Business or Creator account, we collect:

• Profile Information: Instagram username, user ID, and profile picture
• Access Tokens: Encrypted tokens to interact with Instagram on your behalf
• Comments: Text of comments on your posts to detect keywords
• Media Information: Post IDs, captions, and thumbnail URLs of your content
• Direct Messages: Only messages sent through our automation (not your entire inbox)

2.2 Information You Provide

• Keywords and trigger phrases you configure
• Automated reply messages you create
• Payment information (processed securely by Razorpay - we never store credit card details)

2.3 Automatically Collected Information

• Log data (IP address, browser type, device information, access times)
• Usage data (features used, automations created, DMs sent)
• Cookies and similar tracking technologies

3. How We Use Your Information

We use your information to:

• Provide Our Service: Enable Instagram DM automation based on your configured triggers
• Send Automated Messages: Detect keywords in comments and send pre-written DMs
• Analytics & Reporting: Show you statistics about your automations (DMs sent, engagement rates)
• Process Payments: Handle subscription billing through Razorpay
• Customer Support: Respond to your questions and provide technical assistance
• Service Communications: Send important updates about service changes or security
• Improve Our Service: Analyze usage patterns to enhance features and user experience
• Comply with Legal Obligations: Fulfill regulatory and legal requirements

4. How We Share Your Information

We do NOT sell your personal information. We may share your data only with:

• Service Providers: Vercel (hosting), Supabase (database), Razorpay (payments) - all under strict data protection agreements
• Meta/Instagram: To provide automation services through their official API
• Legal Requirements: When required by law, court order, or to protect our rights and safety
• Business Transfers: In the event of a merger, acquisition, or sale of assets (with notice to you)

We never share your data with advertisers or third-party marketers.

5. Data Security

We implement industry-standard security measures:

• Encryption: All data transmitted using HTTPS/TLS 1.3
• Secure Storage: Access tokens encrypted at rest using AES-256
• Access Controls: Role-based permissions, limited employee access
• Regular Audits: Quarterly security reviews and vulnerability scans
• Infrastructure: Hosted on SOC 2 compliant platforms (Vercel, Supabase)

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your data as follows:

• Active Accounts: Data retained while your account is active
• After Disconnection: Instagram access tokens immediately revoked
• Account Deletion: All personal data deleted within 30 days of account deletion request
• Logs & Analytics: Anonymized data may be retained for statistical purposes (no personal identifiers)
• Legal Requirements: Some data retained longer if required by law (e.g., tax records: 7 years)

7. Your Rights & Choices

You have the following rights:

• Access: Request a copy of your personal data
• Correction: Update inaccurate or incomplete data
• Deletion: Request deletion of your data (Account Settings → Delete Account)
• Export: Download your data in a portable format
• Withdraw Consent: Disconnect Instagram or delete automations anytime
• Opt-Out: Unsubscribe from marketing emails (we send very few)
• Object: Object to certain data processing activities

To exercise these rights, email us at: privacy@replykaro.com

8. Third-Party Services

Our service integrates with Instagram (owned by Meta). Your use of Instagram is subject to Meta's Privacy Policy and Terms of Service:

• Meta Privacy Policy: facebook.com/privacy/policy
• Instagram Terms: Instagram Terms of Use

We are not responsible for Meta's privacy practices. Please review their policies independently.

9. Children's Privacy

ReplyKaro is not intended for users under 18 years of age. We do not knowingly collect information from children. If you believe we have collected data from a minor, please contact us immediately at privacy@replykaro.com and we will delete it promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than India, including the United States (where our infrastructure providers are located). We ensure appropriate safeguards are in place through:

• Standard Contractual Clauses with service providers
• Adequacy decisions by relevant authorities
• SOC 2 and ISO 27001 certified partners

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last updated" date. Material changes will be notified via:

• Email notification (if you have an account)
• In-app notification
• Prominent notice on our website

Continued use of the service after changes constitutes acceptance of the updated policy.

14. Business Information

ReplyKaro is a registered Micro, Small & Medium Enterprise (MSME) in India under the Udyam Registration scheme:

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: