Social Replies

Privacy Policy

Last updated:

Social Replies (“we”, “us”, or “our”) is committed to protecting your privacy and complying with all applicable data protection laws, including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Meta's Platform Terms.

1. Overview

Social Replies is an AI-powered service that drafts responses to Instagram Direct Messages on your behalf. We access your Instagram messages solely to provide this functionality. This policy explains what data we collect, how we use it, and the controls you have over it.

2. Data We Collect

We collect only the minimum data necessary to operate the service:

  • Instagram Messages: The text content of incoming Direct Messages sent to your connected Instagram Business account, and the AI-drafted reply text we generate.
  • Instagram Profile Basics: Your Instagram username, profile name, and account ID — used to identify your account within our platform.
  • Account Information: Your name, email address, and billing information collected when you register for Social Replies.
  • Usage Data: Aggregated, anonymised metrics such as number of replies drafted and approved — used solely to improve the service.

3. How We Use Instagram Data

We use Instagram message data for one purpose only: to draft AI-suggested replies for your review. Nothing else.

Specifically, we use the content of incoming DMs to:

  • Generate a contextually relevant AI reply draft.
  • Display the conversation thread in your Social Replies dashboard.
  • Learn your preferred reply style after you approve examples (voice training feature).

We do not use Instagram data for advertising, profiling, market research, or any purpose unrelated to drafting your replies.

4. We Do Not Sell Your Data

We do not sell, rent, trade, share, or transfer your Instagram data — or any personal data — to any third party for their independent use. This includes data brokers, advertisers, analytics companies, and any other commercial third parties.

The only third-party processor that touches Instagram message content is the Anthropic Claude API, used strictly to generate reply drafts (see Section 6).

5. Data Retention

  • Instagram messages: Stored for 30 days, then automatically and permanently deleted from our systems.
  • Approved reply examples: Retained for as long as your account is active to maintain your trained voice profile. Deleted immediately upon account closure or your request.
  • Account data: Retained while your account is active and for 30 days after closure for legal and billing purposes, then permanently deleted.
  • Billing records: Retained for 7 years as required by applicable law.

6. AI Processing

Reply drafts are generated using the Anthropic Claude API. When a new DM arrives, the message text is sent to Anthropic's API to produce a draft reply. Please note:

  • Anthropic does not use your messages to train its models.
  • Message content is transmitted over encrypted TLS connections.
  • No Instagram data is stored by Anthropic beyond the duration of a single API call.
  • We do not use any AI provider that trains on user data without explicit consent.

7. Your Rights (GDPR & CCPA)

Depending on your jurisdiction, you have the following rights over your personal data:

  • Access: Request a copy of all personal data we hold about you.
  • Rectification: Ask us to correct inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data (see Section 8).
  • Portability: Receive your data in a structured, machine-readable format.
  • Restriction: Ask us to restrict processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests.
  • Non-discrimination: (CCPA) We will not discriminate against you for exercising your privacy rights.

To exercise any of these rights, email privacy@socialreplies.app. We will respond within 30 days.

8. Data Deletion Request

You can request complete deletion of your data at any time. Here is exactly how:

  1. 1Email us: Send a deletion request to privacy@socialreplies.app with the subject line "Data Deletion Request" and include the email address associated with your account.
  2. 2Identity verification: We will verify your identity within 2 business days to protect against unauthorized deletion requests.
  3. 3Deletion executed: Within 7 business days of verification, all your Instagram message data, voice training examples, and account data will be permanently deleted from our systems and backups.
  4. 4Confirmation: We will email you a deletion confirmation once complete.

Note: Billing records required by law (7 years) are excluded from personal-data deletion but are kept isolated from all other data.

9. Security

We use industry-standard measures to protect your data: TLS 1.2+ encryption in transit, AES-256 encryption at rest, access controls limited to authorised personnel, and regular security reviews. No method of transmission over the internet is 100% secure; in the event of a data breach that affects your rights, we will notify you within 72 hours as required by GDPR.

10. Children's Privacy

Social Replies is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, contact us immediately at privacy@socialreplies.app and we will delete it promptly.

11. Changes to This Policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top and, for material changes, notify you by email. Continued use of the service after the effective date constitutes acceptance of the revised policy.

12. Contact

For any privacy-related questions, rights requests, or concerns:

Social Replies

Email: privacy@socialreplies.app