DMFLOW

Privacy Policy

Last updated: February 6, 2026

This Privacy Policy explains how DMFlow collects, uses, stores, and protects information when you use our website, products, and services. It applies to our app, dashboard, automations, and any integrations you connect. By using DMFlow, you agree to the practices described below.

1. Information we collect

We collect only the data needed to operate your account, connect integrations, and run the automations you configure.

  • Account data: name, email, user IDs, workspace identifiers, and authentication metadata.
  • Integration data: Instagram account ID, OAuth tokens, page IDs, and metadata required to run messaging and comment automations.
  • Automation data: triggers, keywords, prompts, delays, response settings, connected posts, and configuration you create or save.
  • Message context: user messages and comment content processed to execute automations. We do not request your Instagram password.
  • Operational data: logs, error traces, usage counts, performance metrics, and security events needed to keep the service reliable and safe.

2. How we use information

  • Provide and operate the automations you configure.
  • Authenticate users and secure accounts.
  • Enforce plan limits and protect against abuse.
  • Monitor reliability, fix bugs, and improve performance.
  • Provide support and communicate updates or incidents.

3. Official Instagram integration

DMFlow uses the official Instagram Graph API and OAuth for all Instagram connections and automation actions. We never ask for your Instagram password. You can revoke access at any time by disconnecting the integration.

4. Legal bases for processing

We process data to perform our contract with you (delivering the service), to comply with legal obligations, and to pursue legitimate interests such as security and service improvement. Where required, we rely on consent (for example, when you connect third-party integrations).

5. Data security

  • Tokens are encrypted at rest and transmitted over TLS.
  • Access to sensitive operations is restricted and logged.
  • Idempotency, rate limits, and webhooks validation protect against abuse.

6. Data retention

We retain data only as long as necessary to provide the service, meet legal obligations, or resolve disputes. You can delete automations or disconnect integrations to remove access and associated tokens. Logs are retained for a limited period for security and troubleshooting.

7. Sharing and disclosure

We do not sell your data. We share information only with service providers that help us operate the product (for example, hosting, analytics, monitoring, and security), and only to the extent required to deliver the service. We may disclose information if required by law or to protect our users and platform integrity.

8. International transfers

Your information may be processed in regions where our service providers operate. We take reasonable steps to ensure adequate protection for data transferred across borders.

9. Your choices and rights

  • Disconnect your Instagram account at any time.
  • Update or delete automation data in your dashboard.
  • Request access, correction, or deletion of your data.
  • Manage analytics and cookie preferences in your browser.

10. Children’s privacy

DMFlow is not intended for children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect children’s data.

11. Contact

If you have questions about this Privacy Policy, contact us via the support channel listed on the website.