Privacy Policy

Last updated: 13 June 2026

This Privacy Policy describes how ViralDM ("we", "us", "our") collects, uses, and shares information when you use our services available at viraldm.app (the "Service").

Quick summary: We collect minimal data needed to provide the Service. We never sell your data. You can delete your account anytime.

1. Information We Collect

Account Information

Name, email address, password (hashed)
Profile picture (if provided)
OAuth IDs (Google, GitHub) if you sign up via OAuth

Social Media Account Data

When you connect Instagram, Facebook, or YouTube, we receive (with your permission):

Account ID, username, profile picture
Access tokens to perform authorized actions on your behalf
Messages and comments from your connected accounts (only what you've authorized)

Subscriber Data

When users interact with your automations, we collect:

Their platform user ID and username
Messages they send to your accounts
Custom fields you collect via flows (email, phone if provided)

Usage Data

IP address, browser type, device info
Pages visited, features used, time on site
Error logs and diagnostic data

Payment Information

Payments are processed by Razorpay. We don't store your full credit card details. We retain transaction IDs, amounts, and dates for billing/tax purposes.

2. How We Use Your Data

Provide and operate the Service
Process automations on your behalf
Generate AI-powered replies using third-party AI providers
Send service emails (account, billing, security)
Improve and analyze the Service
Comply with legal obligations
Prevent fraud and abuse

3. Data Sharing

We share data only with:

Meta (Instagram/Facebook) and Google (YouTube) — to perform automations you've authorized
AI providers (AWS Bedrock, OpenAI) — message text for AI reply generation (no personal data sent unnecessarily)
Razorpay — for payment processing
Cloud hosting (Render, Neon Database) — to operate infrastructure
Legal authorities — when required by valid legal process

We never sell your personal data.

4. Data Retention

Account data: until you delete your account
Automation logs: 90 days (free), 1 year (paid)
Subscriber data: until you delete them or close account
Payment records: 7 years (Indian tax law)

5. Your Rights (GDPR + Indian DPDPA)

You have the right to:

Access your data — download from dashboard
Correct inaccurate data
Delete your account and data anytime
Port your data to another service
Object to certain processing
Withdraw consent for OAuth integrations

To exercise rights, email privacy@viraldm.app

6. Security

All connections use HTTPS/TLS encryption
Passwords are bcrypt-hashed (never stored plain)
Access tokens are encrypted at rest
Regular security audits
Database backups encrypted

7. Cookies

We use essential cookies for authentication and analytics cookies (you can opt out). See our Cookie Policy.

8. Children's Privacy

Service is not intended for users under 18. We don't knowingly collect data from minors.

9. International Transfers

Your data may be processed in: India, USA (AWS), Singapore (Neon), EU (Meta). All transfers comply with applicable data protection laws.

10. Changes to This Policy

We'll notify you via email/dashboard for material changes. Continued use after changes means acceptance.

11. Contact

Privacy questions: privacy@viraldm.app
Data Protection Officer: dpo@viraldm.app