Privacy Policy

This policy explains what data igrm ("we", "us") collects when an account holder connects their Instagram account, how we use that data, and how we protect it. Plain language. No surprises.

1. What we collect

When you authorize igrm through Instagram's official approval flow, we receive — and only receive — the following:

• Comments posted on the connected Instagram Business or Creator account's media
• The username and Instagram user ID of each commenter (public information)
• Timestamps of each comment
• The Instagram Business Account ID that was authorized
• An expiring access token issued by Instagram (rotated every 60 days)

We do not receive — and could not access even if we wanted to — passwords, direct messages, follower lists, story views, private notifications, or any data belonging to accounts that have not been authorized.

2. What we do with it

• We pass comment text through our AI sentiment classifier
• We hide comments classified as toxic, hateful, or spam using Meta-licensed tools
• We export every comment, classification, and action to a private Excel report
• We retain these records so the account holder can audit our decisions and recover any false hides

That is the full list. We do not sell data. We do not share data with third parties for advertising. We do not train public AI models on your content.

3. Where it is stored

Data sits on cloud infrastructure in an Indian region for low latency. Comment records, Excel reports, and access tokens are stored encrypted at rest. Only the deployed application can read them.

4. The AI we use

Comment text is sent to a third-party AI inference provider for classification. That provider's policy states that API content is not retained or used for training. We pass only the comment text and minimal context — never the commenter's identity beyond their public username.

5. How long we keep data

• Hidden / classified comments: kept for the duration of your subscription, plus 90 days for dispute resolution
• Access tokens: rotated every 60 days; deleted immediately on disconnection
• Excel reports: available for download for the duration of your subscription
• On disconnection: all your data is purged within 30 days, unless retained briefly to comply with law

6. Your rights

Under the Digital Personal Data Protection Act, 2023 (India), you have the right to:

• Request a copy of every record we hold about your account — we will reply within 7 days
• Correct any record that is wrong
• Withdraw consent and have us delete all your data
• Complain to the Data Protection Board of India if you believe we have mishandled your data

To exercise any of these rights, email learn.legits@gmail.com or DM @ig_reputation.

7. How to revoke our access

Anytime, in two clicks. Open Instagram → Settings → Apps and Websites → find "igrm" → Revoke. Our access disappears instantly. We then have 30 days to delete the rest of your data, which we do automatically.

8. Children

igrm is a B2B product for Instagram Business and Creator accounts. We do not knowingly process data about individuals under 18 except as it appears in public Instagram comments.

9. Changes to this policy

If we materially change this policy, we will email every active subscriber at least 14 days before the change takes effect. The current version always lives at this URL.

10. Contact

Questions, requests, complaints — all go to learn.legits@gmail.com or @ig_reputation on Instagram. We reply same day, every working day.