Privacy Policy

Last updated: April 26, 2026

1. Introduction

DMPilot ("we", "us", "our") provides Instagram and WhatsApp messaging automation services. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

We collect the following categories of information:

  • Account information: Name, email address, password (hashed), and optional profile picture.
  • Instagram & WhatsApp data: When you connect your accounts, we receive access tokens, account metadata (username, account type), and message content needed to power automation.
  • Contact data: Information about people who interact with your automated workflows — usernames, message content, and engagement timestamps.
  • Usage data: How you use DMPilot — features accessed, pages viewed, actions performed.
  • Payment information: Processed by Razorpay (India) or Stripe (international). We do not store full card details.

3. How We Use Information

  • To provide and maintain the service
  • To send automated replies on your behalf based on rules you configure
  • To process payments and manage subscriptions
  • To send service updates and security notifications
  • To improve our product through aggregated analytics
  • To comply with legal obligations

4. Data Sharing

We do not sell your data. We share information only with:

  • Meta Platforms (for Instagram and WhatsApp message delivery)
  • Payment processors (Razorpay, Stripe)
  • Cloud infrastructure providers (AWS, Cloudflare)
  • Email service providers (Resend) for transactional emails
  • Legal authorities when required by law

5. Data Security

Access tokens are encrypted at rest using AES-256-GCM. We use TLS 1.3 for data in transit. We follow industry best practices including 2FA, audit logging, and regular security reviews.

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data
  • Disconnect Instagram/WhatsApp accounts at any time
  • Withdraw consent

To exercise these rights, email [email protected].

7. Data Retention

We retain your data for as long as your account is active. After account deletion, we permanently delete personal data within 30 days, except where retention is required by law.

8. International Transfers

Your data may be processed in countries other than your own. We use Standard Contractual Clauses and similar safeguards to protect data in transit.

9. Children's Privacy

DMPilot is not intended for users under 18. We do not knowingly collect data from minors.

10. Changes to This Policy

We may update this policy periodically. Material changes will be notified via email and posted on this page with an updated date.

11. Contact

Email: [email protected]