Syft Influencer is operated by OpenMined ("we", "us", "our"). This policy describes how we collect, use, and protect data when you use our AI-powered Instagram DM auto-reply service.
2. Data We Collect
Data type
Source
Purpose
Retention
Instagram DM content
Meta webhook API
Message classification and response generation
Stored in database for admin review and analytics
Sender identifiers
Meta webhook API
Conversation threading and reply delivery
Stored with message records
Message embeddings
Generated locally
Semantic search and question clustering
Stored in vector database
Instagram access tokens
Meta OAuth flow
Sending replies via Graph API
Stored encrypted; refreshed before expiry
Analytics data
Derived from messages
Volume trends, topic clusters, response quality
Aggregated; stored indefinitely
3. How We Use Your Data
Message processing: Incoming DMs are classified (knowledge-base question, spam, business inquiry, fan mail) and routed accordingly
AI response generation: Knowledge-base questions are answered using retrieval-augmented generation (RAG) based on the account owner's provided content
Admin dashboard: Message logs, analytics, and pending queues are displayed to the account owner for monitoring and manual intervention
Quality improvement: Message clustering and analytics help the account owner understand what their audience is asking about
4. Third-Party Services
Service
Data shared
Purpose
Meta (Instagram Graph API)
Reply text, recipient ID
Delivering automated replies
Anthropic (Claude API)
Message text, retrieved context
Message classification and answer generation
We do not sell, rent, or share personal data with any other third parties.
5. Data Storage and Security
Data is stored on a secured Azure virtual machine with HTTPS encryption (TLS)
The admin dashboard is protected by authentication
Instagram access tokens are stored securely and refreshed automatically
Webhook payloads are verified via HMAC-SHA256 signature validation
6. Data Retention and Deletion
Message data is retained for as long as the account owner uses the Service
Webhook event records are automatically purged after 24 hours
Upon account disconnection or termination, we will delete all associated message data, embeddings, and tokens within 30 days
Aggregated, anonymized analytics may be retained after deletion
7. Your Rights
As an Instagram account owner using our Service, you can:
Access: View all stored messages and analytics through the admin dashboard
Delete: Request deletion of all your data by contacting us
Revoke access: Disconnect your Instagram account at any time through Instagram settings or Meta Business Suite
Data portability: Request an export of your stored data
DM senders can request deletion of their message data by contacting the account owner or by emailing us directly.
Only access data necessary for the Service's functionality
Do not use Instagram data for advertising or profiling purposes
Do not transfer Instagram data to data brokers or third parties beyond what is described in this policy
Will delete all platform data if our access is revoked by Meta
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify connected users of material changes via email. The "Last updated" date at the top reflects the most recent revision.
10. Contact
For privacy-related questions or data requests, contact us at info@openmined.org.