1. Who we are

This Privacy Policy describes how DM Automation ("we", "us") processes personal data when you use our software service (the "Service") that helps businesses manage Instagram and Facebook direct messages, automation, and related sales workflows. DM Automation is operated in connection with the website and application where this policy is published.

2. Data we collect

Account and identity: information you provide when you register or sign in (for example, email address and authentication data from your identity provider). Service and integration data: when you connect Meta (Instagram/Facebook), we receive and store tokens and identifiers needed to operate messaging features, webhooks, and API calls on your behalf, as permitted by your connection and Meta's terms. Messaging and CRM data: content and metadata from conversations, leads, campaigns, bookings, and settings you configure in the Service, to the extent needed to provide the product. Technical data: logs, diagnostics, and security information (for example, IP address, device/browser type, timestamps) to run, secure, and improve the Service.

3. How we use data

We use personal data to provide and maintain the Service; authenticate users; process integrations with Meta and other third-party tools you enable; operate automation and AI-assisted features you configure; analyze usage in aggregate to improve reliability and performance; comply with law; and enforce our terms and protect users.

4. AI and automated processing

Where enabled, the Service may use automated systems (including large language models) to generate suggested replies or classify conversations based on content you receive through connected channels. You remain responsible for your use of automated messaging and for complying with Meta's Platform Terms, advertising policies, and applicable laws (including consent and transparency requirements where they apply).

5. Meta / Instagram / Facebook

When you connect Instagram or Facebook, your use of Meta products is also governed by Meta's terms and policies. We access and process data through Meta's APIs only as authorized by you and as permitted by Meta. We do not control Meta's own processing; please review Meta's privacy materials for how Meta handles data on its platforms.

6. Subprocessors and transfers

We use trusted infrastructure and service providers to host and operate the Service (for example, cloud hosting, database and authentication, email, analytics, and payment processing). Providers may process data in countries other than your own. We take steps designed to protect personal data through contractual and technical safeguards appropriate to the risk.

7. Retention and security

We retain personal data for as long as needed to provide the Service, meet legal obligations, resolve disputes, and enforce agreements. We implement technical and organizational measures intended to protect data against unauthorized access, loss, or alteration. No method of transmission or storage is completely secure.

8. Your rights and contact

Depending on your location, you may have rights to access, correct, delete, or export certain personal data, or to object to or restrict certain processing. To exercise rights or ask questions about this policy, contact us using the contact method shown in the Service or on our website. If we act as a processor on behalf of your organization, your administrator may be the right contact for some requests.