Legal

Privacy Policy

Last updated: March 30, 2026

GlideDM ("we", "our", "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share information when you use our Instagram DM automation platform.

1. Information We Collect

1.1 Account Information

When you sign up, we collect: name, email address, profile picture (via Google OAuth). When you connect Instagram, we receive: Instagram username, user ID, profile picture, follower count, and a Meta access token.

1.2 Instagram Data (via Meta API)

Through Meta's official Instagram Graph API, we process:

  • Comments: Comment text, commenter's user ID and username, post/reel ID
  • Direct Messages: Message content, sender/recipient IDs, timestamps, read receipts
  • Story Interactions: Story replies and mentions
  • Profile Information: Public Instagram profile data of users who interact with your content

1.3 Contact Data

When users interact with your automations, we store: Instagram user ID, username, name, and any data they voluntarily provide through DM conversations (email, phone number, custom responses).

1.4 Usage Data

We automatically collect: IP address, browser type, device information, pages visited, feature usage, automation performance metrics, and error logs.

2. How We Use Your Information

  • Service Delivery: Processing webhook events, executing automations, sending DMs, managing contacts
  • Analytics: Providing dashboard metrics, automation performance stats, conversion tracking
  • Account Management: Authentication, billing, customer support
  • Service Improvement: Analyzing usage patterns, fixing bugs, developing new features
  • Communication: Sending service updates, security alerts, and (with consent) marketing emails

3. Legal Basis for Processing (GDPR)

  • Contract: Processing necessary to deliver the service you signed up for
  • Legitimate Interest: Analytics, security, service improvement
  • Consent: Marketing communications, optional data collection
  • Legal Obligation: Tax records, fraud prevention, law enforcement requests

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Meta Platforms: Via the Instagram Graph API to send/receive messages (required for service operation)
  • Infrastructure Providers: Hosting (Vercel/Railway), database (PostgreSQL), cache (Redis), email (Resend)
  • Payment Processor: Stripe — for subscription billing only
  • Analytics: Anonymized, aggregated usage data
  • Legal Requirements: When required by law, court order, or to protect our rights

5. Data Retention

  • Account data: Retained while your account is active + 30 days after deletion
  • Contact data: Retained while your account is active. You can delete individual contacts anytime
  • Message history: Retained for 12 months, then automatically purged
  • Webhook logs: Retained for 30 days for debugging, then deleted
  • Analytics data: Aggregated data retained indefinitely; individual data follows account retention

6. Data Security

We implement industry-standard security measures:

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Instagram access tokens encrypted before storage
  • Webhook payloads validated via HMAC-SHA256 signature
  • Regular security audits and penetration testing
  • Role-based access control for internal systems

7. Your Rights

Depending on your jurisdiction, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate data
  • Deletion: Request deletion of your data ("right to be forgotten")
  • Portability: Export your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Revoke consent at any time

To exercise these rights, email privacy@glidedm.com. We respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. See our Cookie Policy for details.

9. Children's Privacy

GlideDM is not intended for users under 18. We do not knowingly collect data from minors. If you believe a minor has provided data, contact us immediately.

10. International Transfers

Your data may be transferred to and processed in the United States. We ensure adequate safeguards through Standard Contractual Clauses (SCCs) where required by GDPR.

11. Changes

We may update this policy. Material changes will be communicated via email at least 14 days in advance.

12. Contact

Data Protection Officer: privacy@glidedm.com