Public policy
Privacy Policy
This Privacy Policy explains how LeadPaw collects, uses, stores, shares, and deletes information when a business connects an Instagram professional account and uses comment-to-Direct-message automation.
1. Who We Are
LeadPaw is a service for businesses that want to respond to Instagram comments with configured private replies or Direct messages. The service is operated by the LeadPaw project owner. For privacy, access, or deletion questions, contact ia.karnauhov@gmail.com.
2. What LeadPaw Does
LeadPaw receives Instagram webhook events for connected Instagram professional accounts, checks comment text against campaign keywords or matching rules, and sends a configured message with a destination link when a campaign matches. The business that connects the Instagram account controls the campaigns, message text, button title, and destination URL.
3. Information We Process
Depending on how the service is used, LeadPaw may process:
- Business workspace data, such as workspace name, invite status, and client email address.
- Connected Instagram professional account data, including account ID, username, account type, connection status, and granted permissions.
- OAuth connection data, including token status, token expiry, refresh metadata, and access tokens needed to call Instagram APIs.
- Instagram webhook data, including media IDs, comment IDs, commenter IDs, usernames, comment text, timestamps, message echo events, and read receipts.
- Campaign configuration, including keywords, matching mode, media scope, dedupe mode, response text, button title, and destination URL.
- Lead and delivery records, including dedupe keys, delivery status, sanitized API errors, and Meta response IDs.
- Operational logs, request IDs, health checks, security events, and limited diagnostic data needed to operate and protect the service.
LeadPaw does not intentionally collect payment card data, government ID numbers, or sensitive profile categories through this service.
4. How We Use Information
- To authenticate and connect Instagram professional accounts through Instagram OAuth.
- To receive and process Instagram webhook events for connected accounts.
- To match comments against configured campaign keywords, rules, and media scope.
- To send configured private replies or Direct messages when a campaign rule matches.
- To prevent duplicate replies according to the campaign dedupe setting.
- To show business users account status, token status, campaigns, comments, deliveries, and recent activity.
- To debug failures, monitor reliability, protect the service, and prevent abuse or unauthorized access.
- To comply with Meta Platform requirements, Instagram API requirements, and applicable legal obligations.
5. Instagram and Meta Data
LeadPaw uses Instagram and Meta APIs only to provide functionality requested by the connected business account owner. We do not sell Instagram data, use it to build unrelated advertising profiles, or share it for unrelated analytics or credit decisions.
If a business disconnects LeadPaw or revokes access in Instagram or Meta settings, LeadPaw will stop using the revoked token for future API requests. Previously processed operational records may remain until deleted under this policy or a verified deletion request.
6. Sharing and Service Providers
LeadPaw does not sell personal information. We share information only as needed to operate the service, including with infrastructure, hosting, database, email, logging, security, and API providers, or when required by law. Service providers are used only to support LeadPaw operations.
7. Retention
We keep information only as long as needed for service operation, debugging, security, compliance, and deletion handling. OAuth tokens are retained while an Instagram account remains connected and the token is active. Comments, leads, delivery records, and logs may be retained for operational history and then deleted or anonymized when no longer needed.
Records may also be manually deleted during resets, troubleshooting, or verified deletion requests.
8. Security
We use reasonable safeguards, including HTTPS, restricted server access, environment-based secrets, database access controls, structured logging, and avoiding intentional logging of access tokens, app secrets, or raw credentials. No internet service can be guaranteed perfectly secure.
9. Your Choices
You may request deletion of data processed by LeadPaw using the Data Deletion Instructions. You may also remove LeadPaw from your Instagram or Meta connected apps settings, where available.
10. Children
LeadPaw is intended for businesses and is not directed to children. We do not knowingly collect information from children through the service.
11. International Processing
Information may be processed in countries where LeadPaw, its infrastructure providers, or service providers operate. We take reasonable steps to protect information according to this policy.
12. Changes
We may update this Privacy Policy as the service evolves. The effective date above will be updated when material changes are made.
13. Contact
Email ia.karnauhov@gmail.com for privacy, access, or deletion questions.