Legal
Privacy Policy
Last updated: April 2025
1. Who we are
DMZap (“we”, “our”, “us”) is an Instagram DM automation platform operated by [Your Company Name], registered in India. Our platform enables businesses and creators to automate Instagram comment-to-DM workflows using Meta's official Instagram Graph API.
Contact: hello@dmzap.in
2. Data we collect
We collect the following categories of data:
- Account data: Your email address, name, and billing information when you create an account.
- Instagram data: Your Instagram Business account ID, page name, and access tokens — collected via Meta's OAuth when you connect your account. We do not store your Instagram password.
- Lead data: The usernames and comment text of Instagram users who trigger your automations. This data belongs to you and is stored in your dashboard.
- Usage data: Pages visited, features used, and error logs — used to improve our product.
- Payment data: Processed by Razorpay. We do not store card numbers or UPI credentials.
3. How we use your data
- To operate and deliver the DMZap service
- To process payments and manage your subscription
- To send transactional emails (account setup, billing)
- To send product updates and tips (you may unsubscribe at any time)
- To comply with Meta's Platform Policies and applicable law
- To detect and prevent fraud or abuse
4. Meta / Instagram data
DMZap is built on Meta's official Instagram Graph API. By connecting your Instagram account, you grant us the following permissions:
instagram_basic— read your profile and mediainstagram_manage_comments— read comments on your postsinstagram_manage_messages— send DMs to users who commentpages_show_list— identify your connected Facebook Page
We do not post on your behalf, access your followers list, or use your data to train AI models. You can revoke our access at any time from your Instagram → Settings → Apps and websites.
5. Data sharing
We do not sell your data. We share data only with:
- Supabase — our database provider (data stored in their India/Singapore region)
- Razorpay — payment processing (PCI-DSS compliant)
- Meta — as required by the Instagram Graph API to deliver automations
- Law enforcement — only when legally required
6. Data retention
We retain your account data for as long as your account is active. Lead data is retained for 12 months and then automatically deleted. You may request deletion of your data at any time by emailing hello@dmzap.in.
7. Your rights
Under applicable Indian data protection law and GDPR (where applicable), you have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Withdraw consent for marketing communications
- Data portability (receive your lead data as CSV)
To exercise any of these rights, email us at hello@dmzap.in.
8. Cookies
We use essential cookies only — session management and authentication. We do not use advertising or tracking cookies. You can disable cookies in your browser, but this may affect your ability to log in.
9. Changes to this policy
We may update this policy from time to time. We will notify you by email and update the “last updated” date above. Continued use of DMZap after a policy update constitutes acceptance of the new terms.
Questions about this policy? hello@dmzap.in
Read our Terms of Service →