Privacy Policy

1. Introduction

Welcome to ReplyAstra ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at replyastra.online.

Please read this policy carefully. If you disagree with its terms, please discontinue use of our platform immediately.

2. Information We Collect

We collect information that you provide directly to us, including:

• Account Information: Name, email address, and password when you register.
• Instagram Account Data: We access your Instagram Business or Creator account via Meta's official API. This includes your Instagram user ID, username, and messaging permissions.
• Message Metadata: We process incoming DM content solely to trigger automated responses. We do not store the content of your followers' messages beyond what is necessary for automation.
• Billing Information: Payment details processed securely through our payment provider (Razorpay). We do not store your card details.
• Usage Data: Information about how you use our platform, including features accessed and automation rules configured.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the ReplyAstra platform
• Process and deliver automated DM replies on your behalf via Meta's API
• Manage your account and subscription
• Send transactional emails (account confirmation, billing receipts, support responses)
• Monitor and analyze usage patterns to improve our service
• Comply with legal obligations

We do not sell your personal data to third parties. We do not use your Instagram data for advertising purposes.

4. Meta / Instagram Data

ReplyAstra integrates with Meta's Messaging API. By connecting your Instagram account, you authorize us to:

• Read incoming Direct Messages to detect keyword triggers
• Send automated replies on your behalf
• Access your follower list to support "Ask to Follow" features

We access only the permissions you explicitly grant through Meta's OAuth flow. You can revoke access at any time from your Meta Business Settings or from your ReplyAstra dashboard.

Our use of Meta data complies with Meta's Platform Policy.

5. Data Retention

We retain your account data for as long as your account is active or as needed to provide you services. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain it.

Instagram message metadata used for automation is retained for a maximum of 90 days for analytics purposes, after which it is permanently deleted.

6. Data Security

We implement industry-standard security measures including:

• TLS/SSL encryption for all data in transit
• AES-256 encryption for sensitive data at rest
• Secure OAuth 2.0 token storage — we never store your Instagram password
• Regular security audits and vulnerability assessments

7. Third-Party Services

We use the following third-party services:

• Supabase — Database and authentication
• Meta (Facebook) API — Instagram messaging integration
• Razorpay — Payment processing
• Vercel — Website hosting

Each third-party service has its own privacy policy governing their use of data.

8. Your Rights

You have the right to:

• Access — Request a copy of the data we hold about you
• Correct — Update inaccurate personal information
• Delete — Request deletion of your personal data
• Withdraw consent — Disconnect your Instagram account at any time
• Data portability — Request your data in a machine-readable format

To exercise any of these rights, visit our Data Deletion page or email us at privacy@replyastra.online.

9. Children's Privacy

ReplyAstra is not directed to children under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by updating the "Last updated" date at the top of this page and, for significant changes, sending an email notification to your registered address.

11. Contact Us

If you have questions about this Privacy Policy, please contact us: