Privacy Policy

1. Introduction

RippleDM (“we,” “our,” or “us”) operates an Instagram automation platform that helps creators and businesses automate direct messages, manage leads, and analyze engagement. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at rippledm.com (the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and a hashed password. We use this information to authenticate you and operate your account.

2.2 Instagram Account Data

When you connect your Instagram account via Meta’s OAuth process, we receive and store:

• Your Instagram username and user ID
• An encrypted access token used to interact with the Instagram Messaging API on your behalf
• Instagram account metadata (follower count, account type) returned by the Meta API

We access only the permissions you explicitly grant. Your Instagram access token is encrypted at rest using AES-256-GCM encryption.

2.3 Automation and Lead Data

We store automation rules you configure, including keywords, message templates, and trigger settings. We also store information about users who interact with your automations (“leads”), including their Instagram username, messages exchanged, and engagement timestamps. This data is stored solely to provide the Service to you.

2.4 Usage and Analytics Data

We collect aggregated metrics about how your automations perform (messages sent, reply rates, lead conversions). We may also collect standard server logs including IP addresses, browser type, and pages visited for security and debugging purposes.

2.5 Payment Information

Billing is handled by Stripe, Inc. We do not store credit card numbers or full payment details. Stripe’s privacy policy governs the handling of payment data.

3. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Send automated Instagram direct messages on your behalf, as configured by your automation rules
• Generate analytics and reporting for your account
• Process payments and manage your subscription
• Send transactional emails (password resets, billing notifications)
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

We do not sell your data or your leads’ data to third parties. We do not use your data or your customers’ data to train AI models without explicit consent.

4. Meta / Instagram Platform Data

RippleDM uses the Meta (Facebook/Instagram) API in compliance with Meta’s Platform Terms and Developer Policies. By connecting your Instagram account:

• You authorize us to access your Instagram account on your behalf using the permissions you grant
• We use the Instagram Messaging API solely to send messages as configured by your automation rules
• We do not store message content beyond what is necessary to provide the Service and comply with retention obligations
• You can revoke our access at any time via your Instagram account settings or from within our platform (Settings → Instagram → Disconnect)

Data received from Meta is governed by Meta’s Platform Terms in addition to this policy. We use this data only for the purposes disclosed to Meta during app review.

5. Third-Party Services

We use the following third-party services:

• Meta (Facebook/Instagram) — Instagram API for sending messages. Subject to Meta’s Privacy Policy.
• Stripe — Payment processing. Subject to Stripe’s Privacy Policy.
• Anthropic (Claude API) — Optional AI-powered message generation (Enterprise plan only). Prompt data is processed by Anthropic and subject to their usage policies.
• Railway / Vercel — Cloud infrastructure. Your data is processed on servers in the United States.

6. Data Retention

We retain your account data as long as your account is active. Lead and message data is retained for the duration of your account. Aggregated analytics data may be retained longer in anonymized form.

When you delete your account, we permanently delete your personal data, automation configurations, lead data, and connected Instagram tokens within 30 days, except where retention is required by law.

7. Data Security

We implement industry-standard security measures including HTTPS/TLS for all data in transit, AES-256-GCM encryption for Instagram access tokens at rest, httpOnly session cookies, rate limiting, and regular security audits. However, no method of transmission over the Internet is 100% secure.

8. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (available directly via Settings → Danger Zone → Delete Account)
• Portability: Request export of your data in a machine-readable format
• Objection / Restriction: Object to or restrict certain processing

To exercise these rights, email us at privacy@rippledm.com. We will respond within 30 days.

9. Children’s Privacy

The Service is not directed to individuals under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal data, we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the “Last Updated” date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us: