Last updated: May 11, 2026
AskAnyone is operated by The OpenMined Foundation, a 501(c)(3) non-profit foundation ("we", "us", "our"). This policy describes how we collect, use, and protect data when you use our AI-powered Instagram and Facebook Messenger DM auto-reply service.
| Data type | Source | Purpose | Retention |
|---|---|---|---|
| Instagram DM content | Meta webhook API (Instagram) | Message classification and response generation | Retained while the account owner uses the Service; retained for up to 30 days after account disconnection, then permanently deleted |
| Facebook Messenger DM content | Meta webhook API (Messenger) | Message classification and response generation | Retained while the account owner uses the Service; retained for up to 30 days after account disconnection, then permanently deleted |
| Sender identifiers | Meta webhook API | Conversation threading and reply delivery | Stored with message records; deleted with them |
| Semantic message representations | Derived from message text | Pattern analysis and analytics | Deleted alongside message records on request |
| Instagram and Facebook Page access tokens | Meta OAuth flow | Sending replies via Meta's API | Stored securely on the server; refreshed before expiry; deleted on disconnection |
| Aggregated analytics | Derived from messages | Volume trends, topic patterns, response quality | Retained only as long as necessary to fulfil the purposes described in this policy |
We process personal data on the following legal bases:
| Service | Data shared | Purpose |
|---|---|---|
| Meta (Instagram and Messenger APIs) | Reply text, recipient ID | Delivering automated replies |
| AI service provider | Message text, retrieved context | Message classification and answer generation |
Our AI service provider is bound by a data processing agreement that restricts their use of data solely to providing services to us and prohibits any other use, in compliance with Meta's Platform Terms.
We do not sell, rent, or share personal data with any other third parties.
We use reasonable administrative, technical, and physical safeguards to protect your information, including:
No method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security. In the event of a data security incident that affects your personal data, we will notify affected users and, where required by applicable law, the relevant supervisory authority, as soon as practicable.
Message content is processed by our AI service provider (based in the United States) to generate automated responses. Replies are delivered via Meta's API, which is also operated from the United States. If you are located in the European Economic Area (EEA) or United Kingdom, these transfers are covered by the standard contractual clauses included in the applicable provider agreements.
As an account owner using our Service, you can:
The Service also processes DM content sent by third parties (your audience) as part of its core function. Any individual whose personal data has been processed may contact us at privacy@openmined.org to exercise rights under applicable data protection law. We will respond within 30 days. If you are located in the EEA or UK, you also have the right to lodge a complaint with your local data protection authority.
The Service is not intended for use by anyone under the age of 18. We do not knowingly collect data from minors. If you believe a minor has submitted personal information to us, please contact us immediately.
Our use of Instagram and Facebook data complies with Meta's Platform Terms and Developer Policies. We request only the permissions necessary for the Service to function:
We:
We may update this Privacy Policy from time to time. We will notify connected users of material changes via email. The "Last updated" date at the top reflects the most recent revision.
For privacy-related questions or data requests, contact us at privacy@openmined.org.