Privacy Policy

Last Updated: August 12, 2025

1. Introduction

This Privacy Policy explains how SendNext ("we," "our," or "us") collects, uses, and protects your information when you use our service.
Our platform connects to Instagram’s API to enable comment automation and playlist-based messaging. We do not use Instagram for authentication — authentication is done through OAuth providers such as Google or Facebook.

By using our service, you agree to the practices described in this policy.

2. Information We Collect

We collect the minimum information required to provide our service:

From OAuth Sign-In

  • Your name and email address
  • Profile image (if provided by the OAuth provider)

From Instagram Connection

When you connect your Instagram Business account, we request the following permissions:

  • instagram_business_basic → Access to your public Instagram profile and basic media fields (e.g., ID, caption, thumbnail) to link your account to our platform.

  • instagram_business_manage_comments → Read and respond to comments on your own posts. We use this to detect “part requests” and reply publicly (e.g., “Sent Part 2 via DM”).

  • instagram_business_manage_messages → Send one direct message with a playlist link when a valid comment trigger is detected. We do not use this permission for bulk messaging or marketing.

We may also store:

  • Instagram User ID and profile URL (public profile information)
  • Access token to allow API interaction
  • Public media details (e.g., post IDs, captions, and thumbnails)

From Your Use of the Service

  • Playlist configurations and message templates
  • Service analytics (aggregated and not tied to an individual user)
  • Log data for system monitoring and abuse prevention

We do not access or store the content of your private Instagram messages.

3. How We Use Your Information

We use your data solely to:

  • Provide the Instagram automation features you request
  • Maintain and improve our service
  • Monitor service usage for performance and abuse prevention
  • Comply with legal and API provider requirements

We do not sell, rent, or share your personal data with third parties.

4. Data Storage and Security

All data is stored securely in Postgres databases hosted on AWS.
We implement industry-standard security measures, including encryption in transit (HTTPS) and access controls.

5. Data Retention and Deletion

  • Access tokens and sensitive data are deleted immediately if you revoke access or delete your account.
  • Non-sensitive data (e.g., playlists, templates, email) may be retained for up to 30 days for internal audit and abuse prevention before being permanently deleted.

You may request full deletion of your data through our contact form at https://sendnext.app/contact.

6. Children’s Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected such data, please contact us immediately.

7. Your Rights

Depending on your location, you may have the right to:

  • Access, update, or delete your personal data
  • Withdraw consent for data processing
  • Receive a copy of your data in a portable format

To exercise these rights, please reach out through our contact form at https://sendnext.app/contact.

8. Third-Party Services

We integrate with:

  • Instagram API (Meta Platforms, Inc.) — to retrieve and interact with your public profile data and DM messaging
  • OAuth providers (Google, Facebook, etc.) — for authentication
  • Stripe — for payment processing (we never store full payment details)

Each third-party service has its own privacy policy.

9. Changes to This Policy

We may update this Privacy Policy from time to time.
If we make material changes, we will notify you via email or an in-app notice.

10. Contact Us

If you have any questions or concerns about this Privacy Policy, please use our contact form at https://sendnext.app/contact.