Effective June 2026
Account data: your email, password (hashed with bcrypt), and organization details.
Operational data you provide: Instagram account credentials (encrypted at rest), proxy details, message sequences, campaign targets, conversations, and resulting activity logs and statistics.
Billing data: handled by Stripe. We store your Stripe customer/subscription identifiers and plan status, never your full card number.
Solely to operate the Service for you: running campaigns, showing your dashboard and stats, sending transactional email (verification, password reset, billing), and providing support. We do not sell your data or use it for third-party advertising.
We rely on a small set of sub-processors: Stripe (payments), Brevo (transactional email), and our hosting provider (Hetzner). Each processes data only to provide its function, under its own privacy terms.
Instagram credentials are encrypted at rest; the app is served over TLS. We retain your data while your account is active and delete your organization's data on account deletion, subject to legal retention requirements (e.g. invoicing records).
You can request access, export, correction, or deletion of your personal data, and object to certain processing, by emailing rk@coldabry.com. Deleting your account removes your organization's operational data.
Baseline document, not legal advice. Have counsel review before relying on it.