Privacy Policy

Reactly.co ("Reactly", "we", "us", "our") is a SaaS product that automates Instagram Direct Message replies when a user's follower comments a keyword on a reel or video post. We are operated by an independent developer based in India. Contact: privacy@reactly.co

• Account data — name, email address, and encrypted password when you sign up via email. If you use Google Sign-In we receive your name, email, and profile picture from Google.
• Instagram / Facebook data — when you connect your Instagram Business account we receive your Instagram username, biography, profile picture, follower count, and a Facebook Page access token. We store the access token to send DMs on your behalf.
• Automation data — the keywords and DM message templates you create.
• DM logs — we log each DM we send (recipient ID, message text, timestamp) for deduplication and analytics.
• Usage data — page views and feature usage collected via standard server logs.

• To operate the automation service — matching comments to keywords and sending DMs via Meta's official Messaging API.
• To display your analytics dashboard (DM counts, trigger stats).
• To enforce plan limits (DMs per month, pages connected).
• To send transactional emails (receipts, limit warnings). We do not send marketing emails without explicit consent.
• To comply with legal obligations.

We do not sell, rent, or share your personal data with third parties for advertising purposes.

Reactly uses the Meta Graph API under the terms of the Meta Platform Policy. We only request the minimum permissions required:

• instagram_basic — read your profile and media
• instagram_manage_comments — receive comment events via webhook
• instagram_manage_messages — send DMs on your behalf
• pages_read_engagement — link your Facebook Page to your Instagram account

We do not post on your behalf, read your private messages (only incoming message events we subscribe to), or access data beyond what is listed above. Access tokens are stored encrypted and used solely to send DMs through the official API.

• Account data is retained while your account is active.
• DM logs are retained for 90 days for deduplication, then deleted.
• If you delete your account, all your data is permanently deleted within 30 days.

We use Firebase (Google Cloud) for our database, which provides encryption at rest and in transit. Access tokens are stored with restricted access rules. We do not store payment card data — payments are processed by Razorpay.

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Disconnect your Instagram account at any time from Settings
• Revoke Reactly's Facebook permissions from your Facebook Security Settings

To exercise any of these rights, email us at privacy@reactly.co.

We use only essential cookies required for authentication (Firebase Auth session). We do not use tracking cookies or third-party advertising cookies.

Reactly is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us immediately and we will delete it.

We may update this policy and will notify you by email or by prominently posting the new policy on this page with a revised date.

Questions or requests: privacy@reactly.co