Privacy Policy for MagicDM
Last Updated: March 19, 2026
1. Introduction
MagicDM ("we," "our," or "us") is a software tool that enables creators, businesses, and brands to automate and manage Instagram direct messages (DMs) and interactions.
We are committed to protecting your privacy and ensuring transparency in how your information is collected, used, and safeguarded. This Privacy Policy explains how we handle your data when you access or use our services.
By using MagicDM, you agree to the collection and use of information in accordance with this Privacy Policy.
2. Information We Collect
We follow the principle of data minimization and only collect data necessary to provide our services.
2.1 Information from Instagram (via Meta APIs)
When you connect your Instagram account to MagicDM, we access certain information via official Meta APIs based on the permissions you grant. This may include:
- Instagram User ID
- Username and profile information
- Messages and conversations (only when required to enable automation features)
- Comments on your posts
- Media metadata (e.g., post IDs, timestamps)
- Permissions and access tokens granted via Meta OAuth
Important:
- We do not collect or store your Instagram password.
- All data access is performed through official Meta APIs only.
- We do not use scraping or unauthorized data collection methods.
2.2 Account Information
We may collect:
- Email address
- Account credentials (securely stored)
- Subscription and billing details (if applicable)
2.3 Automation & Usage Data
To provide our services, we store:
- Automation rules (keywords, triggers, workflows)
- Message templates and responses
- Interaction logs (for debugging, performance, and reliability)
2.4 Technical & Device Information
We may automatically collect:
- IP address
- Browser type and version
- Device information
- Operating system
- Cookies and session data
Cookies and Tracking
We use cookies and similar technologies for:
- Authentication and session management
- Service performance and reliability
- Analytics (e.g., Google Analytics) to understand user behavior
- Marketing purposes to provide tailored experiences (applies only to website visitors, not Instagram data)
You can manage your cookie preferences via your browser settings.
3. How We Use Your Information
We use your data only for legitimate and limited purposes necessary to operate MagicDM. This includes:
- Providing Instagram DM automation features requested by you
- Sending automated responses to messages or comments on your behalf
- Managing workflows and triggers configured by you
- Improving system performance, reliability, and security
- Preventing abuse, spam, or misuse of the platform
- Providing customer support
Important Usage Limitation: MagicDM only uses Instagram data to provide user-requested automation features. We do not use Instagram data for advertising, profiling, or unrelated purposes.
User-Initiated Interactions Only: MagicDM only sends automated messages in response to user-initiated interactions (e.g., when a user sends a message or comments on a post), in compliance with Instagram Platform policies.
We do NOT:
- Sell, rent, or trade your personal data
- Use Instagram data for advertising purposes
- Share your data with unauthorized third parties
4. Legal Basis for Processing
Depending on your jurisdiction, we process your data based on:
- Your consent (when connecting your Instagram account)
- Performance of a contract (providing services)
- Legitimate interests (security, fraud prevention, service improvement)
6. Data Retention
We retain data only as long as necessary:
- Account data — until account deletion
- Automation data — while features are active
- Logs and analytics — retained for up to 90 days for debugging, security, and performance monitoring
Message Retention: We do not store the text content of messages for long periods. Message content is only read and processed temporarily to generate automated replies and is discarded immediately after the response is sent. We only retain interaction metadata (e.g., timestamps, user IDs) for statistical purposes.
After the retention period, data is deleted or anonymized.
7. Data Security
We implement industry-standard safeguards, including:
- HTTPS encryption (TLS)
- Secure storage of access tokens
- Access control and authentication systems
- Continuous monitoring and updates
However, no system is completely secure.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your data
- Correct inaccurate data
- Request deletion
- Restrict or object to processing
- Withdraw consent
You can exercise these rights by contacting us.
GDPR Rights (for EU Residents)
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Deletion: Request deletion of your data
- Restriction: Request restriction of processing
- Data Portability: Request your data in a portable format (e.g., CSV)
- Withdrawal of Consent: Withdraw consent at any time
CCPA Rights (for California Residents)
- Right to know, access, and delete personal information collected about you
- We do not "sell" or "share" your personal information as defined by the CCPA
- You may request data portability to receive your data in a portable format
9. Data Deletion Instructions
You may request deletion of your data at any time.
Method 1: Remove Access via Instagram
- Go to Instagram → Settings
- Navigate to "Apps and Websites"
- Locate MagicDM
- Click "Remove Access"
Once access is revoked:
- We automatically detect the revocation
- All associated data will be deleted within 7 days
- All access tokens will be immediately invalidated
Method 2: Delete Your MagicDM Account
- Log in to your MagicDM account
- Go to Settings
- Click "Delete Account"
This permanently deletes:
- Your account
- Automation data
- Instagram-related data
Method 3: Request via Email
Email: [email protected]
Subject: Data Deletion Request
Please include:
- Your Instagram username
- Your registered email
We will:
- Process your request within 7 days
- Delete all associated data
- Revoke access tokens
- Confirm completion
What Data Will Be Deleted
- Instagram User ID and profile data
- Automation rules and workflows
- Message-related metadata
- API access tokens
We may retain anonymized data for legal or analytical purposes.
Important Notice: Deleting data from MagicDM does not delete your data from Instagram or Meta. You must manage that directly via your Instagram account.
10. Compliance with Meta Platform Policies
MagicDM complies with:
- Meta Platform Terms
- Instagram Graph API Terms
- Meta Developer Policies
We ensure:
- Data is accessed only with user authorization
- Only official APIs are used
- No scraping or unauthorized collection occurs
- Messaging complies with platform rules
11. International Data Transfers
Your data may be processed outside your country, including in the United States. Where required, we use appropriate safeguards such as standard contractual clauses.
12. Children's Privacy
MagicDM is not intended for users under 13 (or applicable minimum age). We do not knowingly collect data from children.
13. Third-Party Links
We are not responsible for third-party websites or their privacy practices.
14. Changes to This Policy
We may update this policy periodically. Updates will be posted with a revised "Last Updated" date.
15. Contact Information
If you have any questions about this Privacy Policy or your data:
MagicDM is operated by:
ZINGKODE LIMITED
Strovolou, 77, STROVOLOS CENTER, Flat/Office 301, Strovolos, 2018, Nicosia, Cyprus
Email: [email protected]
Website: magicdm.ai