Privacy Policy

1. Who we are

IgThreadly is operated by FUSIONSYNC AI (OPC) PRIVATE LIMITED (GSTIN 06AAGCF1914P1ZF, PAN AAGCF1914P), in connection with the broader RecallSync platform brand. The data controller for information described in this policy is FUSIONSYNC AI (OPC) PRIVATE LIMITED unless we say otherwise.

IgThreadly is a product that helps businesses and creators manage Instagram engagement: comment routing, automated direct messages, public comment replies, inbox messaging, and optional AI-assisted replies. If you use IgThreadly with an organizational account, your organization may be the controller for certain employee data; we process it as described here and in your agreement with us.

2. What we collect

We collect information in these main categories:

• Account and profile. For example: name, email address, password hash, session identifiers, authentication events, and business identifiers associated with your workspace (including IgThreadly “owner” business and, where applicable, agency relationships).
• Instagram and Meta-related data. When you connect an Instagram Professional account through Instagram API with Instagram Login, Meta may share tokens and identifiers with us consistent with the permissions you approve (for example, depending on your connection: profile basics, messaging, and comment-related capabilities you grant). We store and use tokens securely on our servers; we do not expose long-lived tokens to your browser. We may process comment text, commenter identifiers, message text, sender/recipient identifiers, media and post identifiers you scope for automations, timestamps, webhook payloads, and related metadata needed to run features you enable.
• Product configuration and content. Rules you create (for example keywords, automation scope, templates, AI prompts, routing settings), internal identifiers for leads and conversations, logs of product actions where needed for support and security, and billing-related records when you subscribe.
• AI and LLM processing. When you use AI features (for example intent routing or AI-assisted replies), we may send limited text and structured instructions to model providers you configure (such as prompts, comment or message excerpts, and automation context) to generate outputs. We do not use those outputs to train our own models unless we separately notify you and, where required, obtain valid consent.
• Usage, device, and log data. IP address, approximate location derived from IP, device/browser type, pages and features used, error and security logs, and diagnostics to operate and protect the service.
• Payment data. Payments may be processed by Razorpay (or other processors we disclose at checkout). We receive subscription status, identifiers, and related billing metadata; we do not store full payment card numbers on our servers.

3. How we use information

We use personal information to:

• Provide, operate, secure, and improve IgThreadly;
• Authenticate users, prevent fraud, enforce rate limits, and protect accounts;
• Deliver Instagram-linked features you request: receiving webhooks, displaying inbox threads, sending messages and public comment replies according to your settings, and maintaining automation and lead records;
• Run AI-powered features you enable, using the model providers and keys you supply or that we host on your behalf as part of the product;
• Bill, invoice, and manage subscriptions; communicate transactional notices (for example receipts, security alerts, or policy updates where appropriate);
• Comply with law, respond to lawful requests, and enforce our Terms;
• Analyze usage in aggregate or de-identified form to improve reliability and product design.

We do not sell your personal information as that term is commonly defined in U.S. state privacy laws, and we do not use Instagram or Meta data to build unrelated advertising profiles outside operating IgThreadly for your account.

4. Legal bases (EEA, UK, Switzerland)

Where the GDPR or similar laws apply, we rely on one or more of: performance of a contract (providing IgThreadly); legitimate interests (security, improving the product, limited analytics, fraud prevention), balanced against your rights; consent where we expressly ask for it (for example optional marketing communications, or cookies where required); and legal obligation where we must retain or disclose data.

5. Sharing and subprocessors

We share information with service providers who process data on our instructions and are contractually bound to protect it, including providers for: hosting and infrastructure, databases, background jobs and queues, email delivery, error/crash reporting, analytics where configured, payment processing, and customer support tooling. We also share data with Meta Platforms, Inc. and affiliates as required for Instagram Login, API calls, and messaging/comment features you enable. When you enable AI features with third-party model APIs (for example OpenRouter, Groq, Google AI, or others available in the product), content needed to generate responses is sent to those providers under their terms and your configuration.

We may disclose information if required by law or to protect the rights, property, or safety of our users, RecallSync, or the public, and in connection with a merger, acquisition, or asset sale with notice where the law requires.

6. International transfers

We may process and store data in the United States and other countries where we or our vendors operate. If we transfer personal data from the EEA, UK, or Switzerland, we use appropriate safeguards (such as Standard Contractual Clauses) where required.

7. Retention

We retain information only as long as necessary for the purposes described, including legal, tax, accounting, and security needs. Account and billing records may be retained longer where required by law. When you disconnect Instagram or delete content in the product, some derived records may remain for a period in backups, analytics aggregates, or logs before automatic deletion. We may anonymize data for analytics after retention windows expire.

8. Security

We implement administrative, technical, and organizational measures designed to protect personal information, including encryption in transit (HTTPS), access controls, and separation of production access. No method of storage or transmission is 100% secure; you use the service at your own risk as further described in our Terms.

9. Your choices and rights

• Instagram connection. You can disconnect or refresh your Instagram connection in product settings where supported; some features will stop working without a valid connection or permissions.
• Account data. Depending on your jurisdiction, you may have the right to access, correct, delete, port, or restrict processing of your personal information, and to object to certain processing. Contact us using the details below. We may need to verify your request.
• U.S. state privacy rights. Residents of certain states may have additional rights (for example opt-out of sale/sharing, appeal decisions). We describe “sale” consistent with applicable law; we do not sell personal information for money.
• Marketing. You can opt out of marketing emails using the unsubscribe link where provided.

10. Automated processing and AI

Some features use automated systems or AI models to classify intent, compose suggested replies, or route conversations based on your rules. You are responsible for reviewing automated actions for compliance with law, Instagram/Meta policies, and your own brand standards. You may turn off or constrain AI features where the product allows.

11. Third-party sites and Meta policies

IgThreadly interacts with Instagram and related Meta services subject to Meta’s Platform Terms, Instagram’s Community Guidelines, and other Meta policies that may apply to your use. Meta may process data under its own privacy policy when you use Instagram. We do not control Meta’s services.

12. Children

IgThreadly is not directed to children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe we have collected a child’s information, contact us and we will take appropriate steps to delete it.

13. Changes

We may update this Privacy Policy from time to time. We will post the new version on this page and update the “Last updated” date. For material changes, we may provide additional notice (for example an email or in-product notice) where the law requires. Continued use after the effective date constitutes acceptance unless applicable law requires otherwise.

14. Contact and data requests

For privacy questions, to exercise rights, or to request deletion of account data (subject to legal retention), contact RecallSync using the details below. We may ask you to verify your identity before processing certain requests.

If you are a Meta reviewer or user verifying this policy, this page is available without authentication at the public HTTPS URL registered in our Meta app settings (non-geoblocked and crawler-accessible).