Privacy Policy

Last updated: February 20, 2026

ConvertDM ("we", "our", or "us") operates the convertdm.com website and the ConvertDM platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Information You Provide

  • Account Information: Name, email address, and password when you create an account.
  • Payment Information: Billing details processed securely through Stripe (globally) and Razorpay (India). We do not store your full credit card number.
  • Instagram Account Data: When you connect your Instagram Business or Creator account via Meta's official OAuth, we access your public profile information, comments on your media, and the ability to send DMs on your behalf — as permitted by Meta's Instagram Graph API.

Information Collected Automatically

  • Usage Data: Pages visited, features used, triggers created, DMs sent, and interaction patterns within the platform.
  • Device Information: Browser type, operating system, IP address, and device identifiers.
  • Cookies: We use essential cookies for authentication and analytics cookies (Plausible Analytics — a privacy-focused, cookieless analytics tool).

2. How We Use Your Information

  • To provide and maintain the ConvertDM service
  • To send automated DMs on your behalf when triggered by Instagram comments
  • To process payments and manage your subscription
  • To communicate with you about your account, updates, and support
  • To improve our platform based on usage patterns
  • To detect and prevent fraud or abuse

3. Data Sharing

We do not sell your personal data. We share information only with:

  • Meta/Instagram: To facilitate API-based DM automation as authorized by you.
  • Payment Processors: Stripe and Razorpay for payment processing.
  • Analytics: Plausible Analytics (privacy-focused, no personal data shared) and PostHog (self-hosted/EU).
  • Legal Requirements: If required by law, regulation, or legal process.

4. Data Security

We implement industry-standard security measures including encryption in transit (TLS/SSL), encryption at rest, secure OAuth token storage, and regular security audits. Access to user data is restricted to authorized personnel only.

5. Data Retention

We retain your account data for as long as your account is active. Instagram interaction data (comments, DM logs) is retained for 90 days for analytics purposes and then automatically deleted. Upon account deletion, all your data is permanently removed within 30 days.

6. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate information
  • Delete your account and all associated data
  • Export your data in a portable format
  • Withdraw consent for Instagram API access at any time
  • Opt out of non-essential communications

7. Instagram API Compliance

ConvertDM is an official Meta Technology Partner. We comply with Meta's Platform Terms, Instagram API Terms of Use, and all applicable developer policies. We only access Instagram data that you explicitly authorize through Meta's OAuth flow.

8. International Data Transfers

Your data may be processed in servers located outside your country of residence. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

9. Children's Privacy

ConvertDM is not intended for users under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes via email or a prominent notice on our platform.

11. Contact Us

If you have questions about this Privacy Policy, contact us at: privacy@convertdm.com

← Back to Home