Privacy Policy

We collect the following categories of information so we can provide and improve the Service:

• Account data — your name, email address, password (stored hashed) and billing details when you create an account or subscribe to a paid plan.
• Connected-channel data — when you connect an Instagram, Facebook, WhatsApp or YouTube account through that platform’s official login, we receive the access tokens and the specific data the platform grants, such as your profile, posts, comments and the messages our automations send and receive on your behalf.
• Automation & contact data — keywords, message templates and the contacts (commenters and message recipients) that interact with your automations, including their public username, message content and timestamps.
• Usage data — how you use the Service, including pages viewed, features used, device and browser type, IP address and diagnostic logs.
• Cookies & similar technologies — used to keep you signed in, remember preferences and measure performance (see “Cookies & Tracking”).

We use your information to:

• Provide, operate and maintain the Service and run the automations you configure.
• Send public replies and direct messages on your behalf through the connected platform’s official API.
• Process payments, manage subscriptions and send service-related communications.
• Provide support, respond to your requests and improve features, security and performance.
• Detect, prevent and address fraud, abuse and violations of our Terms or platform policies.
• Comply with legal obligations.

We do not sell your personal data, and we do not use data obtained through the Meta APIs for advertising or to build user profiles for purposes unrelated to the Service.

Our automations operate strictly through the official APIs of the platforms you connect. Your use of those platforms through MyDMFlow is also subject to the platform’s own terms and policies — for Meta, the Meta Platform Terms and Instagram Platform Policy.

We only request the minimum permissions needed to run comment-to-DM automation (for example, reading comments and sending messages). You can revoke our access at any time from within the connected platform’s settings or by disconnecting the account in MyDMFlow.

We share information only as needed to run the Service:

• Service providers — vetted processors that host our infrastructure, process payments, send email and provide analytics, acting on our instructions under contract.
• Connected platforms — the platform APIs you authorize, in order to deliver replies and messages.
• Legal & safety — when required by law, to enforce our Terms, or to protect the rights, property or safety of PlanMyTrip LLC, our users or the public.
• Business transfers — in connection with a merger, acquisition or sale of assets, in which case we will notify you.

We retain personal data only for as long as necessary to provide the Service and for legitimate business or legal purposes. When you delete your account, we delete or anonymize your personal data within 90 days, except where we are required to retain it by law.

Depending on where you live, you may have the right to access, correct, export or delete your personal data, to object to or restrict certain processing, and to withdraw consent. You can exercise most of these directly in your account settings or by contacting us at support@mydmflow.com. We will not discriminate against you for exercising your rights.

You can delete your data at any time:

• In-app — sign in and delete individual automations and contacts, or delete your entire account from Account → Settings.
• Disconnect a channel — removing a connected account in MyDMFlow, or revoking MyDMFlow from the platform’s app settings, stops further data access.
• By request — email support@mydmflow.com with the subject “Data Deletion” and we will permanently delete your personal data within 90 days and confirm by email.

We use industry-standard safeguards — encryption in transit, hashed credentials, access controls and regular review — to protect your information. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

We use essential cookies to operate the Service and optional analytics and marketing technologies to understand usage and measure campaigns. You can control cookies through your browser settings; disabling some cookies may affect functionality.

The Service is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect their data. If you believe a child has provided us personal data, contact us and we will delete it.

We may process and store your information in countries other than your own. Where we transfer data internationally, we use appropriate safeguards consistent with applicable law.

We may update this Privacy Policy from time to time. We will post the updated version here with a new “Last updated” date and, for material changes, notify you by email or an in-app notice.

Questions about this policy or your data? Email us at support@mydmflow.com and we will be happy to help.