Legal

Privacy Policy

The short version: ReplyIG stores your username, your automations, and a 30-day activity log. It never reads your inbox, and you can delete everything yourself. Last updated July 5, 2026.

Who we are

ReplyIG (“we”, “us”) provides comment-to-DM automation for Instagram at replyig.com. This policy describes what data we collect when you use the service, why we collect it, and how to get rid of it. Questions go to support@replyig.com.

What we collect

When you connect an Instagram account, we store:

  • Account basics — your Instagram username and Instagram user ID.
  • An access token — issued by Meta when you approve ReplyIG via Instagram’s official login. It is scoped to reading your posts, managing comments, and sending messages. We never see or store your Instagram password.
  • Your automations — the posts you selected, trigger keywords, the DM template, and the optional public reply you wrote.
  • An activity log — when Instagram notifies us about a comment (or message event) on your account, we record the event: sender username, a short text preview, and what ReplyIG did with it (matched, replied, skipped, failed). Entries are deleted automatically after 30 days.
  • Billing records — if you subscribe, we store your Stripe customer and subscription identifiers and the subscription status. Your card details go directly to Stripe and never touch our servers.
  • A session cookie — a single essential cookie that keeps you logged in. We store only a hashed form of it.

What we deliberately do not collect

  • We do not read, sync, or store your Instagram inbox or conversations. The only messages we handle are the ones your automations send.
  • We do not use advertising trackers or third-party analytics.
  • We do not sell, rent, or share your data with anyone for marketing.

How we use it

Everything above serves one purpose: detecting comments on the posts you chose and sending the reply you wrote. The activity log exists so you can audit what happened; billing records exist so your plan works; the session cookie exists so you stay logged in.

Who processes data on our behalf

  • Meta Platforms — comment and message delivery via the official Instagram API, under your authorization.
  • Stripe — payment processing for paid plans.
  • Cloudflare — hosting; requests are processed on Cloudflare’s edge network.
  • PlanetScale — managed Postgres database where the data above lives.
  • Google Fonts — the site loads its typefaces from Google’s CDN, which sees your IP address like any web request.

Retention and deletion

Activity log entries are pruned automatically after 30 days. Expired sessions are cleaned up daily. Everything else is kept while your account exists. When you delete your account (Settings → Delete account), your sessions are removed immediately, automations stop, and your access token is no longer used; see the data deletion page for the exact mechanics. You can also revoke ReplyIG’s access at any time from Instagram’s own settings under Apps and Websites, which invalidates the token on Meta’s side.

Security

All traffic is encrypted in transit (HTTPS). Session tokens are stored only as SHA-256 hashes. Access tokens are stored server-side and used exclusively to call the Instagram API on your behalf.

Your rights

You can access what we hold (it’s visible in the app), export your automations by asking, delete your account yourself, or email support@replyig.com for anything else — including access, correction, or deletion requests under GDPR, CCPA, or similar laws.

Changes

If this policy changes in a way that matters, we’ll note it here with a new date. We won’t quietly expand what we collect.

Your next post will get comments.

Set the reply once and let it run. The first automation is free, forever.

Continue with Instagram