Privacy Policy

FromKorea Automation Service

This Privacy Policy describes how FromKorea Automation Service ("we", "our", or "the service") collects, uses, and protects information when you connect an Instagram Business account to our service.

1. Information We Collect

When an Instagram Business account is connected to our service, we collect and process the following data:

• Instagram username and user ID of accounts that interact with the connected Business account (commenters and message senders).
• Content of comments left on posts of connected Business accounts.
• Content of direct messages sent and received through our application.
• Basic profile information of connected Instagram Business accounts, including username, account type, and profile picture URL.

2. How We Use the Data

• To detect trigger keywords in comments and generate automated replies.
• To send direct messages with product information to users who express interest through their comments or messages.
• To display the status of connected accounts in our internal admin dashboard.
• Comment text is sent to the Anthropic Claude API, a third-party AI service, in order to generate personalized reply suggestions.

3. Data Retention

• Interaction data such as comments and messages is stored for up to 90 days for operational purposes.
• Account connection data (tokens, account identifiers) is stored as long as the Instagram Business account remains connected to our service.
• Users may request deletion of their data at any time by contacting us using the email address listed below.

4. Third-Party Services

To deliver our functionality we rely on the following third-party providers, each governed by their own privacy policies:

• Anthropic Claude API - used to generate reply text from comment context.
• Meta / Instagram Graph API - used to read comments, read messages, and send messages on behalf of connected Business accounts.

5. Data Security

• All data is stored on encrypted servers.
• Access is restricted to authorized personnel only.
• All data in transit is protected with HTTPS encryption.
• Incoming webhook payloads are verified using HMAC signature checks.

6. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

• The right to access the personal data we hold about you.
• The right to request correction of inaccurate data.
• The right to request deletion of your data.
• The right to receive a copy of your data in a portable format.

To exercise any of these rights, please contact us at the email address below. We aim to respond to all requests within 30 days.

7. Contact

For any privacy-related requests or questions, please contact: romajustin30@gmail.com.

8. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page with an updated revision date.