Privacy Policy

Last updated: June 4, 2026

This Privacy Policy explains how Superdm ("we", "us", "our") collects, uses, and protects information when you use our website and services (the "Service") at https://superdm.cc. Superdm helps Instagram professional (Business/Creator) account holders automatically reply to comments and send Direct Messages based on rules they configure.

1. Information we collect

• Account information: name, email address, and authentication credentials provided when you sign up or sign in (including via Google).
• Instagram data: when you connect an Instagram Business or Creator account through Meta's authorization flow, we receive your Instagram Business Account ID, username, account type, and an access token issued by Meta. We may read media you have posted (Reels, posts) and, where you grant the relevant scopes, comments and direct messages required to operate the auto-reply features you configure.
• Configuration data: the reply flows, triggers, keywords, and messages you create.
• Usage data: basic logs (IP address, user agent, timestamps) used for security and service operation.

2. How we use information

• To provide, maintain, and improve the Service.
• To send DMs and comment replies on your behalf, only as configured by you.
• To authenticate you and secure your account.
• To respond to support requests and communicate service updates.
• To comply with legal obligations.

We only act on a connected Instagram account in response to user-initiated events (for example, a person commenting on your post or messaging your account). We do not use Instagram permissions for unsolicited broadcasts or spam.

3. Sharing of information

We do not sell your personal information. We share data only with:

• Meta Platforms (Instagram): required to read your media and comments and to send messages on your behalf.
• Infrastructure providers (Cloudflare, Inc.) that host and process data for the Service in the United States and India.
• Authorities when required by law or to protect rights, safety, and security.

4. Data retention

We retain your account and configuration data for as long as your account is active. Instagram access tokens are stored encrypted at rest and refreshed as permitted by Meta. You can disconnect an Instagram account or delete your entire Superdm account at any time — see our Delete Account page for instructions. When you delete your account, we remove your personal data and stored tokens within 30 days, except where retention is required by law.

5. Security

We use industry-standard technical and organisational measures, including TLS in transit and encryption at rest for sensitive credentials. No system is 100% secure; please use a strong, unique password.

6. Your rights

Depending on where you live, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise these rights, contact us at the address below.

7. Children

The Service is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

8. International transfers

Your information may be processed in countries other than your own, including the United States and India. We rely on appropriate safeguards (such as standard contractual clauses) where required.

9. Changes to this policy

We may update this policy from time to time. Material changes will be announced in-product or via email. Continued use of the Service after changes take effect constitutes acceptance.

10. Contact

Questions about this policy? Email us at dhirajkadam.official@gmail.com.