Privacy Policy

1. Introduction

Flow ("we", "us", or "our") is an Instagram comment-to-DM automation service operated by Abhishek Paul, a GST-registered sole proprietorship based in Birbhum, West Bengal, India. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our service at https://flow.happen-ai.com.

By using Flow, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use of the service.

2. Data We Collect

When you connect your accounts and use Flow, we collect the following data:

2.1 Facebook Account Data

• Facebook user ID and display name
• Facebook profile picture URL
• Email address (if provided by Facebook)
• Facebook OAuth access token (short-lived and long-lived)
• Connected Facebook Page IDs and Page access tokens

2.2 Instagram Account Data

• Instagram business account ID and username
• Instagram OAuth access token (long-lived)
• Instagram media IDs, types, URLs, and captions (for posts you select for automation)

2.3 Comments and Interaction Data

• Comment text from Instagram posts covered by your automations
• Commenter Instagram user ID and username
• Automation execution logs (whether a reply or DM was sent, timestamps, errors)

2.4 Automation Configuration Data

• Trigger keywords you define
• Comment reply templates you write
• Direct message content and links you configure

3. How We Use Your Data

We use the data we collect solely to provide and improve the Flow service:

• Automation execution: To monitor Instagram comments on your selected posts and automatically send replies and DMs on your behalf.
• Account management: To authenticate you, store your preferences, and maintain your automation configurations.
• Analytics: To display activity logs and success metrics in your dashboard.
• Service reliability: To detect errors, debug issues, and improve system performance.

We do not sell your data, use it for advertising, or share it with third parties except as described in Section 4.

4. Third-Party Services

4.1 Meta (Facebook / Instagram)

Flow uses the official Meta Graph API and Instagram Graph API to interact with Instagram on your behalf. By connecting your account, you authorize us to act as an intermediary under Meta's platform policies. Your use of Meta's platforms is subject to Meta's own Privacy Policy and Terms of Service.

We request the minimum permissions necessary:

• pages_show_list — to list your connected Facebook Pages
• pages_read_engagement — to read comment activity
• instagram_manage_comments — to post replies on your behalf
• instagram_business_manage_messages — to send DMs on your behalf

4.2 Infrastructure

Our service runs on cloud infrastructure. Data is stored in a server-side SQLite database. We do not use analytics SDKs, advertising networks, or data brokers.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the service.

• Account data: Retained until you request deletion.
• Automation logs: Retained for up to 90 days to power your activity dashboard, then automatically deleted.
• Access tokens: Retained while your account is active. Revoked tokens are deleted within 30 days.

6. Data Deletion

You can request deletion of all your data at any time:

• Email us at abhishekpaul0055@gmail.com with subject "Data Deletion Request".
• Revoke Flow's access via Facebook App Settings — this triggers automatic data removal per Meta's platform requirements.
• Visit our Data Deletion page to submit a request or check deletion status.

Upon receiving a deletion request, we will delete all associated account data, automation configurations, and logs within 30 days and confirm via email.

7. Data Security

We implement industry-standard security measures to protect your data, including encrypted storage of access tokens and HTTPS for all data in transit. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your data using reasonable means.

8. Your Rights (GDPR / CCPA)

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: Request a copy of the data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your data ("right to be forgotten").
• Right to restriction: Request that we limit processing of your data.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to opt out (CCPA): California residents may opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at abhishekpaul0055@gmail.com. We will respond within 30 days.

9. Children's Privacy

Flow is not directed to individuals under the age of 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page with an updated date. Continued use of Flow after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact: