Privacy Policy

Last updated: May 30, 2026

SocialAgent ("we", "us", "our") provides AI-assisted Instagram customer-service automation for businesses ("Business Customers"). A Business Customer connects its Instagram Business or Creator account and uses our dashboard to view and reply to customer direct messages, optionally with AI-drafted replies that a human approves before sending. This policy describes what data we process and how.

1. What we collect

When a Business Customer connects their Instagram account to SocialAgent:

• Business profile data: Instagram Business User ID, username, account type, and display name, so the Business Customer can confirm the correct account is connected and we can label conversations.
• Direct message content: inbound and outbound DMs between the Business Customer and the people who message them, including text, timestamps, and attachment references.
• End-customer profile data: the public profile information (Instagram username, display name, profile-picture URL) of users who message the Business Customer, to provide conversation context.
• OAuth access token: the access token issued when the Business Customer authorizes the connection, stored encrypted at rest.

2. How we use it

• Display incoming customer messages in the Business Customer's dashboard.
• Generate optional AI-assisted reply drafts using Anthropic Claude.
• Apply content-safety and policy checks before any message is sent.
• Send the Business Customer's replies back to the customer via the Instagram Messaging API.
• Track conversation state, including Instagram's 24-hour reply window and human escalations.

We respond only to customers who message the Business Customer first, and only within Instagram's 24-hour standard messaging window. We do not send unsolicited, bulk, or promotional messages. We do not use end-customer message content to train AI models, and we do not sell data or use it for advertising.

3. How we store it

• Conversation data is stored in an access-controlled PostgreSQL database.
• Profile pictures and media are cached server-side with limited retention (≤ 30 days).
• OAuth access tokens are encrypted at rest.

4. How we share it

• Anthropic (Claude API): inbound message context is sent to Anthropic for AI inference, governed by Anthropic's data-handling terms.
• Meta: outbound messages are sent through Meta's Instagram Messaging API per the connection the Business Customer authorized.
• No other third parties receive Business Customer or end-customer data. We do not share data with advertisers.

5. Data retention and deletion

• A Business Customer can disconnect their account in the SocialAgent dashboard at any time, which revokes our access token and stops all message processing.
• A Business Customer can remove SocialAgent at any time via Instagram → Settings → Apps and Websites.
• On request, or on offboarding, all stored messages, conversation history, and access tokens for the account are deleted within 30 days.
• End-customers can request removal of their data by contacting the Business Customer or SocialAgent directly.

See our Data Deletion page for step-by-step instructions.

6. Your rights (GDPR / CCPA where applicable)

• Right to access, correct, delete, or export your data.
• Right to object to processing.
• Right to lodge a complaint with a supervisory authority.

7. Contact

SocialAgent · privacy@quantumseo.com