BroDM

Privacy Policy

Last updated: April 2026

1. Introduction

BroDM ("we", "our", "us") is operated by Liveupx Pvt. Ltd. We are committed to protecting your privacy and personal data in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data We Collect

  • Account Data: Name, email address, and profile information when you sign up.
  • Instagram Data: Instagram username, profile picture, and content you authorize via Meta's API (comments, messages).
  • Usage Data: Pages visited, features used, automation performance metrics.
  • Payment Data: Processed securely by our payment processors (Stripe and/or Paddle, who acts as Merchant of Record where applicable). We do not store card details. Billing address and tax-residency data may be collected by the processor to comply with EU/UK VAT and global sales tax obligations.
  • Cookies: Essential and analytics cookies as described in our Cookie Policy.

2a. Instagram Data — Specific Disclosures

When you connect an Instagram Business or Creator account, we receive and process the following data via the official Meta Graph API:

  • Profile metadata: Instagram user ID, username, account type, profile picture URL.
  • Long-lived access token: Stored encrypted at rest using authenticated symmetric encryption (pgcrypto + Vault-managed key). Used only to perform actions you explicitly automate.
  • Comments on your posts: Author username, comment text, and timestamp — fetched only when an automation rule matches.
  • Direct messages we send on your behalf: Recipient ID, message body, delivery status. We do not read inbound DMs unless you enable a feature that requires it.
  • Media references: IDs of posts/reels you target with automations (no media content is downloaded).

Token lifecycle: Tokens are auto-refreshed daily and you can revoke them at any time from Connections or directly in your Meta account settings. Disconnecting deletes the token from our database immediately and purges all derived data within 30 days.

Use of Meta Platform Data: We comply with the Meta Platform Terms and Developer Policies. We do not sell, license, or transfer Instagram data to data brokers, ad networks, or any third party. Data is used solely to deliver the automation features you configure.

3. How We Use Your Data

  • To provide and improve our DM automation services
  • To process payments and manage subscriptions
  • To send transactional emails (receipts, alerts)
  • To provide customer support
  • To analyze service usage and improve features

4. Legal Basis (GDPR)

We process data under: (a) Consent — for optional cookies and marketing; (b) Contract — to deliver our services; (c) Legitimate Interest — for analytics and fraud prevention.

5. Your Rights

Under GDPR/CCPA, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion of your data
  • Data portability (export your data as CSV)
  • Withdraw consent at any time
  • Object to processing
  • Lodge a complaint with a supervisory authority

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion or disconnection of an Instagram account, all related personal data — including access tokens, cached comments, conversation logs, and automation runs — is permanently removed within 30 days. You can request immediate deletion via our Data Deletion page.

7. Data Security

We use industry-standard encryption (TLS/SSL), secure data centers, and regular security audits. Payment data is handled by Stripe (PCI DSS Level 1 certified).

8. Third-Party Services

  • Meta (Instagram API): For DM and comment automation
  • Stripe: For payment processing
  • Analytics: For usage tracking (anonymized)

9. Cookies & Consent Management

We use a granular consent model with three categories: Essential (always on), Analytics, and Marketing. You can update your preferences any time from the "Manage cookies" link in the footer or read the full Cookie Policy.

10. Contact

For privacy inquiries or data requests, contact us at: privacy@brodm.com

Liveupx Pvt. Ltd. — liveupx.com