Last updated: June 1, 2026
This Policy describes how ResponDM collects, uses, shares, and protects your personal data. By using ResponDM, you acknowledge that you are aware of and agree to the practices described here.
ResponDM is an Instagram automation platform that operates exclusively via the official Meta Platforms Inc. API, established in Catalão, State of Goiás, Brazil. For the purposes of this Policy, "ResponDM," "we," or "our" refer to this operation.
To exercise any of the rights provided in this Policy or under the Brazilian General Data Protection Law (Lei 13.709/2018 — LGPD), please contact us at contato@respondm.com. We will respond within 15 (fifteen) calendar days from receipt of the request, as recommended by the National Data Protection Authority (ANPD).
3.1. Registration and account data: name, email, phone (when provided), access credentials, account identifiers.
3.2. Payment data: card data and transactions are processed by Stripe; ResponDM does not store complete card data on its servers.
3.3. Service usage data: configured automations, flows, keywords, linked Instagram accounts, execution history, technical logs.
3.4. Third-party data processed via automations: when the user, as a ResponDM customer, configures automations that process data of their followers and leads (captured comments, DM content, Story replies, data collected in Flow Input fields). For this data, see clause 7.
3.5. Browsing data on respondm.com: cookies, IP address, device identifiers, pages visited, time spent — collected via Google Analytics.
3.6. Media uploaded by users: images, audio, and videos uploaded by the user for use in automations, stored on UploadThing.
We process your data based on:
(a) Performance of contract (art. 7, V) — to operate the contracted service;
(b) Compliance with legal obligation (art. 7, II) — to meet tax, regulatory, and judicial requirements;
(c) Legitimate interest (art. 7, IX) — for fraud prevention, service improvement, and aggregate usage analysis;
(d) Consent (art. 7, I) — for email marketing communications and use of non-essential cookies.
(a) Operate the service and its features;
(b) Process payments and manage your subscription;
(c) Provide support and respond to requests;
(d) Send transactional communications (billing, alerts, service updates);
(e) Send marketing emails, with the option to unsubscribe at any time (see clause 9);
(f) Prevent fraud, abuse, and violations of these Terms;
(g) Comply with legal and regulatory obligations.
ResponDM does not sell personal data. To operate the service, we share data with the following providers, all acting as processors under our instructions:
Hivelocity — VPS (main server and database)
UploadThing — Storage for media uploaded by users
Stripe — Card payment processing
Google Analytics — Traffic and usage analysis for respondm.com
We may also share data with competent public authorities, in compliance with a court order or legal requirement.
7.1. When the user, as a customer, connects their Instagram account to ResponDM and configures automations that process data of their followers and leads, the user is the controller of that data and ResponDM acts as a processor, processing it exclusively in accordance with their instructions and for the purpose of the contracted automation.
7.2. It is the responsibility of the user, as controller, to inform and obtain the appropriate legal bases from their followers and leads, especially for flows that collect personal data through the Flow "Input" node.
8.1. To provide the service, some data is stored and processed on servers located outside Brazil, by the providers listed in clause 6.
8.2. These transfers occur based on the provisions of art. 33 of the LGPD, in particular through specific contractual clauses with international processors and compliance with security standards equivalent to those required by Brazilian law.
9.1. ResponDM may send marketing email communications to registered users, based on consent and/or legitimate interest in the existing commercial relationship.
9.2. Every marketing email contains:
(a) a one-click unsubscribe link, without the need to log in or provide a reason;
(b) a clear and honest subject line, without clickbait;
(c) sender identification (ResponDM, Catalão/GO — Brazil).
9.3. Revocation of marketing consent does not affect the sending of transactional communications (billing, alerts, service updates), which are necessary for the performance of the contract.
10.1. respondm.com uses cookies and similar technologies for:
(a) Essential cookies: authentication, session, security — necessary for the site to function;
(b) Analytical cookies: Google Analytics, to measure aggregate site usage;
(c) Preference cookies: to remember language and user settings.
10.2. Users can manage cookies through browser settings and, when available, through the consent banner displayed on their first visit to the site.
10.3. Refusing non-essential cookies does not prevent use of the service, but may limit certain features.
You may, at any time and free of charge, request by email at contato@respondm.com:
(a) confirmation of the existence of processing;
(b) access to your data;
(c) correction of incomplete, inaccurate, or outdated data;
(d) anonymization, blocking, or deletion of unnecessary, excessive, or non-compliant data;
(e) data portability to another service provider;
(f) deletion of data processed based on consent;
(g) information about who we share your data with;
(h) information about the possibility of not providing consent and its consequences;
(i) revocation of consent.
12.1. Active account (paid or Free): data is kept as long as the account exists. Upon canceling a paid plan, the account is moved to the Free plan and remains active until the user expressly requests deletion.
12.2. After account deletion by the user:
(a) Registration and subscription data: retained for up to 5 (five) years to comply with tax and fiscal obligations;
(b) Lead data collected via automation (Inputs, CSVs): deleted within 90 (ninety) days;
(c) Media stored on UploadThing (images, audio, videos): deleted within 30 (thirty) days;
(d) Access and technical logs: retained for up to 6 (six) months, pursuant to art. 15 of the Brazilian Internet Civil Framework.
12.3. Anonymized data may be retained indefinitely for statistical and service improvement purposes.
13.1. ResponDM adopts reasonable and proportionate technical and administrative measures to protect your data against unauthorized access, loss, alteration, or destruction.
13.2. No system is 100% secure. In the event of a security incident that may cause relevant risk or harm to data subjects, ResponDM will notify the ANPD and affected data subjects within the timeframes and in the manner required by the LGPD.
ResponDM is not intended for individuals under 18 years of age and does not intentionally collect data from minors. If we become aware of a minor's registration, the account will be deleted.
This Policy may be changed at any time. Significant changes will be communicated by email and in the user dashboard. Continued use of the service after notice constitutes acceptance of the new version.
This Policy is governed by Brazilian law, in particular the LGPD, the Consumer Protection Code (CDC), and the Internet Civil Framework. The courts of Catalão, State of Goiás, are elected as the venue for dispute resolution.