ZayDM

Privacy Policy

Last updated: April 16, 2026

ZayDM ("we", "us", or "our") is a product operated by DanZay FZE, registered at Sharjah Research, Technology & Innovation Park, Sharjah, UAE. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use ZayDM at zaydm.com and dash.zaydm.com.

We comply with the UAE Personal Data Protection Law (PDPL). Where relevant, we also align with GDPR and CCPA principles regarding the collection, use, and storage of personal data.

1. Information We Collect

Instagram Account Data

When you connect your Instagram Business or Creator account, we collect:

  • Your Instagram User ID and username
  • Your profile picture URL
  • Your Instagram access token (encrypted at rest using industry-standard encryption)
  • Basic account information (account type, follower count)
  • Your Instagram-scoped User IDs of people who interact with your content

Automation Data

  • Automation rules you create (trigger keywords, response messages, settings)
  • DM delivery statistics (messages sent, trigger counts, performance metrics)
  • Comment trigger events (processed in real-time, comment text is not permanently stored)
  • Selected post/reel IDs for automation targeting

Usage Data

  • IP address, browser type, operating system
  • Pages visited and time spent on our service
  • Error logs and diagnostic information

Communications

  • Email address if you contact our support team
  • Support ticket content and correspondence

2. How We Use Your Information

We use your information to:

  • Provide and operate the ZayDM automation service
  • Send automated DMs and comment replies on your behalf via Instagram's official API
  • Display analytics and performance data for your automations
  • Improve, maintain, and develop our service
  • Detect and prevent fraud, abuse, or violations of our Terms
  • Send transactional emails (account updates, service notifications)
  • Comply with legal obligations

We do not use your Instagram data for advertising or sell it to third parties.

3. Instagram API Data & Meta Platform

ZayDM uses Meta's official Instagram API with Instagram Login. This means:

  • We access your Instagram account only with your explicit permission
  • We request only the minimum permissions needed: instagram_business_basic, instagram_business_manage_messages, instagram_business_manage_comments
  • We send messages only when triggered by a user interaction (a comment or DM) — we do not send unsolicited messages
  • Your Instagram access token is stored encrypted and never exposed to third parties

By using ZayDM, you also agree to:

4. Data Sharing

We do not sell your personal data. We share data only with:

  • Meta Platforms Inc. — to send messages and read comment events via the Instagram API
  • Infrastructure providers — cloud hosting and database services (Railway, Vercel, Neon/PostgreSQL, Redis) under data processing agreements
  • Payment processors — if you subscribe to a paid plan (Stripe), they receive only what is necessary for billing
  • Legal authorities — if required by UAE law, court order, or to protect our legal rights

5. Cookies

We use cookies to operate our service:

  • Session cookies — required to keep you logged in, discarded when you close your browser
  • Authentication cookies — JWT tokens stored to maintain your session (expire after 24 hours)
  • Preference cookies — remember your dashboard settings (last up to 1 year)

We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this may prevent you from using the dashboard.

6. Data Retention

  • Your account data is retained while your account is active
  • Instagram access tokens are refreshed automatically before expiry (60-day lifetime)
  • Upon account deletion, your Instagram access tokens are revoked immediately and all personal data is permanently deleted within 30 days
  • Anonymized usage statistics (no personally identifiable information) may be retained for service improvement

7. Your Rights

Depending on your location, you have the right to:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your account and all associated data
  • Portability — Request your data in a machine-readable format
  • Objection — Object to processing of your personal data
  • Withdrawal — Disconnect your Instagram account at any time from Settings → Connections

To exercise these rights, email us at privacy@zaydm.com or use the self-service options in your dashboard.

8. Data Deletion

You can delete your data in three ways:

  1. Dashboard — Settings → Danger Zone → Delete Account
  2. Disconnect Instagram — Settings → Connections → Disconnect
  3. Email — Send a request to privacy@zaydm.com

Full instructions at: zaydm.com/data-deletion

9. Security

We implement industry-standard security measures:

  • Encryption at rest for all access tokens and sensitive data
  • HTTPS/TLS for all data transmission
  • No storage of raw credentials — tokens are encrypted before storage
  • Regular security reviews of our infrastructure

No online transmission is completely secure. While we take strong precautions, we cannot guarantee absolute security of data transmitted over the internet.

10. Payments & Financial Data

  • We do not store credit or debit card details on our servers
  • Payments are processed by Stripe — a PCI-DSS compliant payment processor
  • We receive only a billing confirmation and subscription status from Stripe

11. Third-Party Links

Our service may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies directly.

12. International Data Transfers

ZayDM is operated from the UAE. If you access our service from outside the UAE, your data may be transferred to and processed in countries where our infrastructure providers operate. We take appropriate measures to ensure your data is protected in accordance with this policy.

13. Children's Privacy

ZayDM is not directed at children under 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal information, contact us at privacy@zaydm.com.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes via email or in-app notification at least 14 days before changes take effect. The "Last updated" date at the top will always reflect the most recent revision.

15. Contact Us

DanZay FZE (operating ZayDM)
B-43, Block B, Sharjah Research, Technology & Innovation Park
Sharjah, UAE

📧 support@zaydm.com
🌐 zaydm.com