The short version: ReplyIG stores your username, your automations, and a 30-day activity log. It never reads your inbox, and you can delete everything yourself. Last updated July 5, 2026.
ReplyIG (“we”, “us”) provides comment-to-DM automation for Instagram at replyig.com. This policy describes what data we collect when you use the service, why we collect it, and how to get rid of it. Questions go to support@replyig.com.
When you connect an Instagram account, we store:
Everything above serves one purpose: detecting comments on the posts you chose and sending the reply you wrote. The activity log exists so you can audit what happened; billing records exist so your plan works; the session cookie exists so you stay logged in.
Activity log entries are pruned automatically after 30 days. Expired sessions are cleaned up daily. Everything else is kept while your account exists. When you delete your account (Settings → Delete account), your sessions are removed immediately, automations stop, and your access token is no longer used; see the data deletion page for the exact mechanics. You can also revoke ReplyIG’s access at any time from Instagram’s own settings under Apps and Websites, which invalidates the token on Meta’s side.
All traffic is encrypted in transit (HTTPS). Session tokens are stored only as SHA-256 hashes. Access tokens are stored server-side and used exclusively to call the Instagram API on your behalf.
You can access what we hold (it’s visible in the app), export your automations by asking, delete your account yourself, or email support@replyig.com for anything else — including access, correction, or deletion requests under GDPR, CCPA, or similar laws.
If this policy changes in a way that matters, we’ll note it here with a new date. We won’t quietly expand what we collect.
Set the reply once and let it run. The first automation is free, forever.
Continue with Instagram