Privacy Policy

Last updated: June 10, 2026

CyanorX Private Limited ("CyanorX", "we", "us", or "operates the CyanorX Instaflow platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

We collect information you provide directly and information generated through your use of the Service:

• Account Information: Name, email address, and password when you create an account.
• Instagram Business Account Data: When you connect your Instagram account via Meta OAuth, we receive your Instagram Business profile information (username, profile picture, follower count) and access to manage DMs and comments on your behalf.
• Automation Data: Keywords, message templates, flow configurations, and response logs you create within the Service.
• Lead Data: Names, usernames, and interaction data of users who engage with your automated flows (e.g., users who comment on your posts or send DMs).
• Payment Information: Billing details processed through Razorpay or Stripe. We do not store credit card numbers on our servers.
• Usage Data: Log data including IP address, browser type, device information, pages visited, and time spent on the Service.

2. How We Use Your Information

We use the collected information for the following purposes:

• To provide, operate, and maintain the Service.
• To send automated DMs, comment replies, and story responses on your behalf using the Instagram Graph API.
• To process payments and manage your subscription.
• To analyze usage patterns and improve the Service.
• To detect and prevent abuse, spam, or unauthorized access.
• To communicate with you about updates, security alerts, and support.

3. Instagram Data Usage

We access your Instagram account solely to perform the automation services you configure. Specifically:

• We send DMs only to users who have initiated a conversation or triggered a keyword.
• We post public comment replies only on your behalf when configured in your flows.
• We do not sell, share, or monetize your Instagram data with third parties.
• We do not access your Instagram Direct Messages beyond what is necessary for automation.

4. Data Sharing

We do not sell your personal information. We may share data only in the following circumstances:

• Service Providers: Cloudflare (hosting), Razorpay/Stripe (payments), and Meta (API access) — all bound by contractual data protection obligations.
• Legal Requirements: When required by law, court order, or governmental regulation.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice.

5. Data Security

We implement industry-standard security measures including:

• AES-256 encryption for data at rest
• TLS 1.3 encryption for data in transit
• Cloudflare Edge security with DDoS protection
• Regular security audits and access controls

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion or data deletion request, we permanently remove your personal data within 30 days, except where retention is required by law.

7. Your Rights

You have the right to:

• Access your personal data
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Withdraw consent for data processing

8. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notification at least 30 days before they take effect.

10. Contact Us

For questions about this Privacy Policy or to exercise your data rights, contact us at:

CyanorX Private Limited
Karnataka, India
Email: privacy@cyanorx.com