Privacy Policy

Zaprep (“we”, “our”, “us”) operates zaprep.com, a social media automation platform. This policy explains what data we collect, why, and how we protect it.

• Account data: email address and hashed password when you sign up.
• Social account data: your Instagram Business account ID, username, and an encrypted access token obtained via Meta OAuth. We never store your Instagram password.
• Automation data: rules you configure, comment/DM trigger events received via Meta Webhooks, and message delivery logs.
• Contact data: email addresses voluntarily provided by your followers through DM flows you create.
• Billing data: subscription status synced from Stripe. We do not store full payment card details — those are held by Stripe.
• Usage data: page views and feature usage for product analytics (no third-party tracking scripts).

• Authenticate you and protect your account.
• Send automated replies on your behalf via the Meta Graph API.
• Deliver collected contact emails to you through the Contacts dashboard.
• Process billing and manage your subscription.
• Improve the platform based on aggregate, anonymised usage patterns.

We do not sell your data. We share data only with:

• Meta Platforms: to send messages and read webhooks on your behalf.
• Stripe: to process payments.
• AWS: cloud infrastructure (database, compute).

We request the following Meta permissions: instagram_basic, instagram_manage_messages, instagram_manage_comments, pages_show_list, pages_read_engagement, pages_manage_metadata, pages_messaging. These are used solely to operate your automation rules. You can revoke access at any time from your Instagram account settings or from the Zaprep Settings page.

We retain your data for as long as your account is active. On account deletion, your personal data, access tokens, automation rules, and collected contacts are permanently deleted within 30 days.

Access tokens are encrypted at rest using AES-256-GCM. Passwords are hashed with bcrypt (cost 12). All data in transit is protected by TLS.

Depending on your jurisdiction you may have rights to access, correct, or delete your data. Email us at privacy@zaprep.com to exercise these rights.

Zaprep is not directed at children under 13. We do not knowingly collect their data.

Material changes will be announced by email or in-app notice at least 7 days before they take effect.