Privacy Policy

To provide our Instagram automation services, we collect the minimum data required by the Meta Platform:

• Account Information: Your Instagram User ID, username, and profile picture URL — provided by Instagram during OAuth login.
• Authentication Tokens: Securely encrypted long-lived Access Tokens issued by Instagram. These are stored server-side and never exposed to the client.
• Interaction Data: Public comments, direct messages, and story replies directed at your account, processed in real-time to trigger your configured automations.
• Contact Information: Your email address (if provided) for billing communications and critical system notifications.
• Payment Information: Subscription and payment details are handled entirely by Razorpay. We do not store credit card numbers, UPI IDs, or bank account details on our servers.

Your data is used exclusively to deliver the ReplyKaro automation experience. We do not sell, rent, or share your data or your followers' data with any third party for marketing purposes.

• Executing automated replies to comments, messages, and story interactions as configured by you.
• Tracking engagement metrics, DM delivery rates, and "Fan Points" for your loyalty programs.
• Enforcing frequency capping and rate limiting to protect your account from Meta's spam filters.
• Processing payments, managing subscriptions, and sending billing-related communications.
• Improving platform reliability, detecting abuse, and preventing unauthorized access.

We use industry-leading, SOC-2 compliant infrastructure to secure your data:

• Active Accounts: Data is retained for the duration of your active subscription.
• Deleted Accounts: Upon account deletion, all personal data is permanently removed within 30 days.
• DM Logs: Interaction logs are retained for 90 days for analytics and support purposes, then automatically purged.
• Redis Cache: Temporary cache data (sessions, frequency caps) expires automatically within 24 hours to 7 days.

We use essential cookies only. No third-party tracking or advertising cookies are used.

• Session Cookie: A secure, HttpOnly cookie to maintain your login session (7-day expiry).
• Referral Cookie: Stores the referral code of the person who invited you (30-day expiry). Used only for attribution.
• OAuth State: A temporary cookie for CSRF protection during Instagram login (deleted immediately after use).

ReplyKaro is not directed at children under the age of 13. We do not knowingly collect personal information from children. If you are a parent and believe your child has provided us with personal data, please contact us and we will delete the data immediately.

8. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email (if provided) or through a prominent notice on our platform at least 15 days before the changes take effect. Continued use of ReplyKaro after the effective date constitutes acceptance of the updated policy.