Privacy Policy

SimpleHQ ("we," "our," or "us") provides a shared inbox service for managing Instagram Direct Messages for Instagram Professional accounts (Business and Creator accounts). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

By using SimpleHQ, you agree to the collection and use of information in accordance with this policy. We are committed to protecting your privacy and handling your data responsibly.

Account Information

• Email address and password (hashed) for admin authentication
• Instagram Business/Creator account information (username, profile picture, account ID)
• Facebook Page information required for API access

Message Data

• Instagram Direct Messages received by your connected accounts
• Messages sent through our platform to Instagram users
• Conversation metadata (timestamps, participant IDs)

Technical Data

• Webhook event logs for debugging and security monitoring
• Access tokens (encrypted) for Instagram API access
• Session information for authentication

We use the collected information for the following purposes:

• Service Delivery: To receive, display, and send Instagram Direct Messages
• Authentication: To verify your identity and secure your account
• API Integration: To communicate with Instagram's APIs on your behalf
• Security: To verify webhook signatures and prevent unauthorized access
• Debugging: To troubleshoot issues and improve service reliability

We implement industry-standard security measures to protect your data:

• Encryption at Rest: Access tokens are encrypted using AES-256-GCM
• Password Security: Passwords are hashed using bcrypt with salt rounds
• Secure Transmission: All data is transmitted over HTTPS/TLS
• Webhook Verification: We verify all Meta webhooks using HMAC-SHA256 signatures
• Database Security: PostgreSQL database with encrypted connections

Data Retention

Messages and conversation data are retained for 30 days by default. You can request earlier deletion of your data at any time. Webhook logs are retained for debugging purposes and automatically purged after 7 days.

We do not sell, trade, or rent your personal information. We may share data only in these cases:

• Meta/Instagram: To send messages via their official APIs
• Service Providers: Database and hosting providers (with appropriate data processing agreements)
• Legal Requirements: When required by law or to protect our rights

You have the following rights regarding your data:

• Access: Request a copy of your stored data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your data (see our Data Deletion page)
• Portability: Receive your data in a portable format
• Disconnect: Revoke Instagram account access at any time

SimpleHQ operates in compliance with Meta's Platform Terms and Instagram's API Terms of Use:

• We only access Instagram Professional accounts (Business/Creator)
• We respect the 24-hour messaging window policy
• We do not support bulk messaging or automated spam
• We do not access or store data beyond what is necessary for the service
• We support user data deletion requests within 30 days

SimpleHQ is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a minor, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: