Eightinity ("we", "us", or "our") operates the UnlockDM platform accessible at tryunlockdm.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Information you provide directly

Account data: name, email address, and password when you create an account.
Instagram connection: your Instagram Business or Creator account username and access tokens when you connect your account.
Campaign content: campaign names, keywords, reward URLs, and DM message templates you configure.
Waitlist data: email and optional Instagram handle if you join our waitlist.

Information collected automatically

Instagram data via API: comment text, commenter usernames, follower status, and DM delivery receipts — received through the Meta Graph API when your campaigns are active.
Referral and participant data: Instagram usernames of people who comment on your Reels, follow verification status, referral codes, and reward delivery events.
Usage data: pages visited, features used, browser type, and IP address, collected via standard server logs.

2. How We Use Your Information

We use the information we collect to:

Create and maintain your UnlockDM account.
Operate your campaigns: detect keyword comments, verify follows, send DMs, and track referrals via the Meta Graph API on your behalf.
Send you transactional emails (account confirmation, approval notifications, fraud alerts).
Improve and develop the platform based on usage patterns.
Respond to your support inquiries.
Comply with legal obligations.

We do not sell your personal information or your participants' data to third parties. We do not use participant data for advertising purposes.

3. Data Shared with Third Parties

Supabase: We use Supabase for authentication and database storage. Your data is stored on Supabase-managed PostgreSQL servers. See Supabase's Privacy Policy.
Meta Platforms (Instagram): We interact with the Meta Graph API on your behalf. Participant Instagram usernames and comment data are received from Meta. We do not share your data back to Meta beyond what is required to operate the API. See Meta's Privacy Policy.
Service providers: We may share data with vendors who assist in operating our platform (e.g., email delivery, infrastructure), under strict confidentiality obligations.

4. Instagram / Meta Platform Data

When you connect your Instagram account, we access your data under the permissions you grant via the Meta Login flow. Specifically:

instagram_business_basic — to identify your account and verify follower relationships.
instagram_business_manage_comments — to read comments on your Reels and detect your campaign keyword.
instagram_business_manage_messages — to send automated DMs to campaign participants on your behalf.

We only store the minimum data required to operate your campaigns. Comment and DM data for participants is used solely to deliver rewards and track referrals on your behalf. We do not retain raw Instagram message content beyond what is necessary.

5. Data Retention

We retain your account and campaign data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it by law.

Participant data (Instagram usernames, referral records) is retained for the lifetime of the associated campaign, or until you request deletion.

6. Your Rights

Depending on your location, you may have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your data ("right to be forgotten").
Object to or restrict processing of your data.
Data portability — receive a copy of your data in a machine-readable format.

To exercise any of these rights, email us at hello@tryunlockdm.com. We will respond within 30 days.

7. Cookies and Tracking

We use session cookies required for authentication. We do not use third-party advertising cookies or cross-site tracking technologies.

8. Security

We implement industry-standard security measures including HTTPS-only connections, encrypted storage for access tokens, and role-based access controls. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

9. Children's Privacy

UnlockDM is intended for users aged 18 and over. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child, contact us immediately at hello@tryunlockdm.com.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice on the platform. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this Privacy Policy? Contact us:

Email: hello@tryunlockdm.com
Company: Eightinity, India