Privacy Policy

converrt. · Last updated 9 June 2026

converrt. (“converrt.”, “we”, “us”) is a tool that lets Instagram creators set up automatic replies to comments on their own posts. A creator connects their own Instagram account, defines keywords, and we send an automatic reply or direct message on their behalf when someone comments with a matching keyword. This policy explains exactly what data we handle, why, how we protect it, and how you can have it deleted. It specifically covers data obtained through Instagram and the Meta Platform.

1. Who this policy is for

There are two groups of people whose data we handle:

• Creators — people who sign up and connect their Instagram account to use converrt.
• Audience members — people who comment on, or send a message to, a creator’s Instagram post and trigger an automatic reply.

2. What we collect

From creators (via Instagram Login):

• Your Instagram user ID and username.
• An Instagram access token, used only to read comments on your posts and to send replies and direct messages on your behalf. It is stored encrypted (see Security).
• The keywords, reply text, and automation settings you configure.

From audience members (via Instagram webhooks):

• The Instagram-scoped user ID and username of the person who commented or messaged.
• The content of the comment or message, the comment ID, and the post (media) ID — so we can match keywords and reply correctly.
• An email address only if the creator enables email capture for an automation and the audience member voluntarily provides it in reply.

We do not collect passwords, payment card details, contact lists, or any data beyond what is needed to run the automation described above. We do not scrape Instagram or build audiences from accounts that did not interact with the creator.

3. How we use data

• To detect comments matching a creator’s keywords and send the configured reply or DM.
• To prevent sending the same person duplicate replies.
• To interpret the intent of a comment, the comment text may be processed by an automated language model (Anthropic’s Claude API) solely to decide whether it matches a keyword. This text is not used to train any model and is not retained by that provider beyond the request.
• To show the creator their own automation activity in their dashboard.
• To keep access tokens valid (automatic refresh) so automations don’t silently stop.

We do not sell personal data, and we do not use it for advertising or share it with advertisers.

4. Instagram and Meta Platform data

Data obtained through the Instagram Graph API and Meta Platform is used only to provide the features described in this policy. Our use of information received from Meta APIs follows the Meta Platform Terms and Developer Policies. We do not transfer Instagram data to data brokers, ad networks, or any party for purposes unrelated to running a creator’s own automations. A creator can revoke converrt.’s access at any time from Instagram → Apps and Websites; doing so stops all data collection for that account.

5. How we store and protect data

• Instagram access tokens are encrypted at rest using AES-256.
• Data is stored on managed infrastructure with access restricted to our service.
• Transport is encrypted over HTTPS.
• Incoming webhooks are signature-verified to reject forged requests.

6. Service providers we use

We rely on a small set of processors that handle data strictly to run the service, under their own security and privacy commitments:

• Supabase — database storage.
• Railway — application/server hosting.
• Redis — temporary message queue for rate-limited sending.
• Vercel — dashboard hosting.
• Anthropic — optional comment-intent classification (see Section 3).

7. Data retention

We keep data only as long as needed to provide the service. Creator account data is kept while the account is connected. Conversation and comment records are kept to operate and report on automations and are deleted when the related automation or account is deleted. Raw webhook logs are kept short-term for reliability and troubleshooting, then removed.

8. How to delete your data

Creators can disconnect at any time from Instagram → Apps and Websites. To request full deletion of your data — or, for an audience member, deletion of records tied to your interactions — email psharma8780@gmail.com with the Instagram username involved. We will delete the associated data within 30 days and confirm by email.

9. Children

converrt. is not directed to children under 13, and we do not knowingly collect data from them. If you believe a child’s data has reached us, contact us and we will delete it.

10. Changes to this policy

If we change this policy, we will update the date at the top of this page. Material changes will be reflected here before they take effect.

11. Contact

Questions or requests about privacy: psharma8780@gmail.com.