Privacy Policy
Last updated: May 2026
1. Who We Are
DMFlare (operated by Spirit Edutech Private Limited) ("we", "our", "us") is an Instagram DM automation platform. This policy explains how we collect, use, and protect your personal data when you use our service.
2. Data We Collect
- Account Data: Email address, name, password (hashed)
- Platform Data: Instagram username, profile picture, access tokens (encrypted with AES-256-GCM)
- Automation Data: Messages, trigger keywords, lead information
- Usage Data: Analytics events, page views, feature usage
- Payment Data: Processed by Razorpay — we never store card details
3. How We Use Your Data
- To provide and operate the DM automation service
- To send automated messages on your behalf via Instagram/WhatsApp
- To generate analytics and performance reports
- To process payments via Razorpay
- To improve our service based on aggregated usage patterns
4. Third-Party Processors (Sub-processors)
| Service | Purpose | Data Location |
|---|---|---|
| Meta (Instagram/WhatsApp) | Message delivery | Global |
| OpenAI | AI-generated replies | USA |
| Supabase (PostgreSQL) | Database | ap-south-1 (Mumbai) |
| Upstash (Redis) | Caching, rate limiting | ap-south-1 |
| Razorpay | Payment processing | India |
| Inngest | Background job processing | USA |
5. Your Rights
Under India DPDPA 2023 (भारत DPDPA 2023 के तहत अधिकार)
- Right to access your personal data (व्यक्तिगत डेटा तक पहुँच का अधिकार)
- Right to correction of inaccurate data (अशुद्ध डेटा को सुधारने का अधिकार)
- Right to erasure / account deletion (डेटा मिटाने / खाता हटाने का अधिकार)
- Right to nominate someone to exercise rights on your behalf (अपनी ओर से अधिकारों का प्रयोग करने के लिए किसी को नामित करने का अधिकार)
Under EU GDPR (यूरोपीय संघ GDPR के तहत अधिकार)
- Right to access, rectification, erasure, restriction, portability (पहुँच, सुधार, विलोपन, प्रतिबंध, और डेटा पोर्टेबिलिटी का अधिकार)
- Right to object to automated processing (स्वचालित प्रसंस्करण पर आपत्ति का अधिकार)
- Right to withdraw consent at any time (किसी भी समय सहमति वापस लेने का अधिकार)
- Right to lodge a complaint with a supervisory authority (पर्यवेक्षी प्राधिकरण के पास शिकायत दर्ज करने का अधिकार)
Under USA CCPA (California)
- Right to know what data is collected
- Right to delete personal information
- Right to opt-out of sale of personal information
- Right to non-discrimination for exercising rights
We do not sell your personal information.
6. Data Retention
We retain your data for as long as your account is active. You can configure automatic data deletion in Settings → Compliance. After account deletion, data is permanently purged within 30 days.
7. Cookie Policy
We use essential cookies for authentication. With your consent, we may use analytics cookies. You can manage preferences at any time via the cookie consent banner.
8. Data Security
- Access tokens encrypted with AES-256-GCM
- Passwords hashed with bcrypt (12 rounds)
- All connections over HTTPS/TLS
- JWT tokens with Redis-backed blacklist on logout
- HMAC signature verification on all webhooks
9. Children's Privacy
DMFlare is not intended for users under 18 years of age. We do not knowingly collect data from minors.
10. Grievance Officer (India DPDPA)
For any privacy concerns, contact our Grievance Officer at: privacy@dmflare.com
11. Changes to This Policy
We will notify you of material changes via email or in-app notification at least 30 days before they take effect.
12. Contact
Email: privacy@dmflare.com