Back to Home

Legal

Privacy Policy

Last updated: March 26, 2026

1. Introduction

ORME ("we," "our," or "us") provides an AI-powered Instagram automation platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. By using ORME, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

We collect information in the following ways:

2.1 Information from Facebook Login

When you connect your Instagram account via Facebook Login for Business, we receive access to:

  • Your Instagram Business or Creator account profile information (username, profile picture, bio)
  • Instagram comments on your posts and media
  • Instagram Direct Messages (when DM automation is enabled)
  • Your Instagram media and posts metadata
  • Page access tokens required to interact with the Instagram Graph API on your behalf

2.2 Information You Provide

  • Account registration details (email, name)
  • Brand voice configuration and knowledge base content
  • Automation rules, keyword triggers, and flow configurations
  • Any content you provide for AI training and customization

2.3 Automatically Collected Information

  • Usage data and analytics (pages visited, features used)
  • Device and browser information
  • IP address and approximate location

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the ORME service
  • Process and respond to Instagram comments and messages on your behalf
  • Train and improve AI models to match your brand voice
  • Generate automated replies and manage DM conversations
  • Provide analytics and insights about your Instagram engagement
  • Send service-related notifications and updates
  • Detect and prevent fraud, abuse, and security issues

4. Data Sharing

We do not sell your personal information. We may share your information with:

  • Meta/Instagram: We interact with the Instagram Graph API to read comments and post replies on your behalf. This is the core functionality of our service.
  • AI Service Providers: We use third-party AI providers (such as Groq and Google) to process and generate text. Comment and message content may be sent to these providers for processing. We do not share your personal account credentials with these providers.
  • Infrastructure Providers: We use cloud hosting and database services to store and process data (e.g., Supabase, Vercel, Upstash).
  • Legal Requirements: We may disclose information if required by law, court order, or governmental authority.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide our services. When you disconnect your Instagram account or delete your ORME account, we will delete your stored data within 30 days, except where we are required to retain it for legal or compliance purposes. Aggregated, anonymized data that cannot identify you may be retained indefinitely for analytics and service improvement.

6. Data Security

We implement industry-standard security measures to protect your information, including encryption in transit (TLS/SSL) and at rest, secure token storage, and access controls. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request a copy of your data in a machine-readable format.
  • Objection: Object to processing of your personal data for certain purposes.
  • Withdrawal of Consent: Withdraw consent at any time by disconnecting your Instagram account.

To exercise any of these rights, please contact us using the information provided below.

8. Third-Party Links

Our service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

9. Children's Privacy

ORME is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: privacy@orme.ai