Privacy Policy

Autogram is a content automation tool that helps an operator publish news posts to Instagram accounts they own. We are operated as an invite-only beta product; this policy describes what data we collect and how we handle it.

Account data. Your name, email address, and any account-level settings you provide (timezone, posting cadence, voice description).

Credentials. Instagram access tokens, image-generation provider keys (fal.ai, OpenAI, Replicate, Stability), and any other API keys you connect. All credentials are encrypted at rest using AES; we never display them back to you after submission.

Content data. Articles ingested from public RSS feeds you configure; AI-generated post drafts, captions, hashtags, and images; the Instagram posts published from your account.

Usage data. Per-call costs for the AI providers we route to (Anthropic, fal.ai, etc.) — used to display your spend in the admin panel.

Operational data. Server logs (no IP address or personal details beyond your email), job queue state, error traces.

• To run the content pipeline you've configured.
• To publish to Instagram Graph API using credentials you authorized.
• To show you spend dashboards so you can manage costs.
• To respond to support requests.

We do not sell your data, use it to train any models, or share it with anyone except the third-party services you've explicitly configured.

Autogram routes data through these providers as part of your pipeline:

• Anthropic (Claude) — article text + your topic/voice are sent for classification and post drafting. Anthropic's privacy: anthropic.com/legal/privacy
• fal.ai / OpenAI / Replicate / Stability — image prompts sent at your account's chosen provider.
• Meta (Instagram Graph API) — generated posts published using your IG token.
• Resend — transactional email (magic-link sign-in, invites).
• Neon — Postgres database hosting.
• Upstash — Redis queue hosting.
• Railway — application hosting.
• Cloudflare — DNS and edge proxy.

When you connect an Instagram Business account, we store the encrypted long-lived access token and your IG Business Account ID. We use the token only to publish posts you've approved. We do not read your DMs, followers, or any data beyond what's required to publish (which is content you provide).

You can disconnect at any time by clearing the IG fields in Accounts settings. We will stop using the token immediately; revoke it on Meta's side to be sure.

We keep your data as long as your account is active. If you ask us to delete it, we'll remove your User row, account configurations, encrypted credentials, and associated ingested articles within 30 days.

You can:

• Request a copy of your data (email us).
• Correct any of your data through the admin panel directly.
• Request deletion of your account and all associated data.
• Disconnect Instagram or any provider at any time.

We use TLS for all traffic, AES encryption for stored credentials, and standard session security. We are a small operation; we don't pretend to be enterprise-grade but we follow current best practices for this stack.

Email privacy@tryautogram.app with any privacy questions, deletion requests, or concerns.