← Back to SupalanderUpdated March 15, 2026

Legal

Privacy Policy

Last updated: March 15, 2026

1. Who We Are

Supalander is a SaaS platform for Instagram creators, operated by Ecliptz Labs Pvt Limited. Our platform provides Instagram automation, AI-powered content tools, and a link-in-bio portfolio builder. This Privacy Policy explains how we collect, use, store, and protect your information when you use Supalander at supalander.com and app.supalander.com.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and any profile details you voluntarily provide (display name, profile picture). Authentication is handled through Supabase Auth using secure, industry-standard protocols.

2.2 Instagram / Meta Platform Data

When you connect your Instagram account through the Meta OAuth flow, we request and store the following data with your explicit consent:

  • Instagram User ID and username
  • Instagram access token (encrypted using AES-256-GCM at rest — never stored in plaintext)
  • Instagram Business Account details (account type, follower count, name)
  • Comment and message events delivered via Meta webhooks — used solely to trigger your configured automation rules
  • Insights data (if you grant the analytics permission) — used only to display performance metrics to you

We use the Instagram Graph API under the permissions: instagram_basic, instagram_business_basic, instagram_manage_messages, instagram_manage_comments, and related business permissions. We only request permissions required to provide the features you use.

2.3 Usage Data

We collect anonymised usage data such as feature interactions, page views, and error logs. This data never contains personally identifiable information and is used exclusively to improve the platform.

2.4 Waitlist Data

If you join the pre-launch waitlist, we collect your email address to notify you when the platform launches. We do not share this list with any third party.

2.5 AI Content Data

When you use AI-powered features (Script Writer, Caption Generator), we send your prompts and tone samples to Anthropic's API for processing. We do not store raw prompts beyond the session. Tone profiles you save are stored encrypted and are used only to personalise your AI generations. We do not use your content to train AI models.

3. How We Use Your Data

  • To provide, operate, and improve the Supalander platform and its features
  • To execute your configured AutoDM rules in response to Instagram comment and message events
  • To generate AI-powered content (scripts, captions) personalised to your tone profile — using only the samples you provide
  • To send you transactional emails (account setup, billing receipts, critical service alerts) — no marketing emails without explicit opt-in
  • To enforce plan limits, credit quotas, and billing via Cashfree Payments
  • To comply with Meta Platform Policy and applicable law

We never sell your personal data. We never use your Instagram data to train AI models. We never share your data with third parties for advertising purposes.

4. Data Storage and Security

Your data is stored in a dedicated Supabase (PostgreSQL) database hosted in the European Union. All data in transit is encrypted with TLS 1.2 or higher. All data at rest is encrypted at the database level.

Instagram access tokens are encrypted with AES-256-GCM using a key that lives only in our server environment. The token is decrypted in memory only when an API call to Instagram must be made, and is immediately discarded after use. It is never written to logs.

Access to production data is restricted to authorised Ecliptz Labs Pvt Limited engineers via role-based access control. Row-Level Security (RLS) is enforced at the database layer so that each user can only access their own data, even in the event of an application-layer error.

5. Meta Platform Policy Compliance

Supalander is built on the Meta (Instagram) Platform and adheres to the Meta Platform Terms and Developer Policies. Specifically:

  • We only access Instagram data that users explicitly grant permission for via the OAuth consent screen
  • We only send automated DMs to users who have engaged with your account within the past 24 hours (Meta's messaging window policy)
  • We enforce Meta's 200 DM-per-hour rate limit at the infrastructure level with a built-in 20 DM safety buffer (180 DMs/hour max)
  • We never send duplicate automated DMs to the same person for the same trigger event
  • Instagram data is used solely to deliver the platform features described in this policy — not for profiling, resale, or advertising
  • Users can disconnect their Instagram account and delete all associated data at any time from the dashboard

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data is deleted within 30 days. Anonymised, aggregated analytics data may be retained indefinitely.

Instagram message and comment events received via webhook are retained only for operational purposes (DM deduplication and job queue management) and are purged after 90 days.

7. Third-Party Services

Supalander integrates with the following third-party services. Each service processes only the minimum data necessary:

ServicePurposeData shared
SupabaseDatabase & AuthAccount & app data
Meta / InstagramInstagram Platform APIInstagram account token
Anthropic ClaudeAI script generationYour tone samples & prompts
AssemblyAIVideo transcriptionAudio from URLs you submit
Cashfree PaymentsBilling & subscriptionsEmail, payment details
Upstash RedisJob queue & cachingTemporary job data only
VercelFrontend hostingAnonymised request logs

8. Your Rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that inaccurate data be corrected
  • Deletion — request that your account and all associated personal data be deleted
  • Portability — request an export of your data in a machine-readable format
  • Disconnect Instagram — revoke Supalander's access to your Instagram account at any time from your dashboard or directly from your Instagram settings

To exercise any of these rights, email us at hello@ecliptz.com. We will respond within 30 days.

9. Cookies

We use only essential session cookies required for authentication (managed by Supabase Auth). We do not use advertising or third-party tracking cookies. We do not use Google Analytics or any behavioural tracking service.

10. Children's Privacy

Supalander is not directed at individuals under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at hello@ecliptz.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify you via email if the change is significant. Continued use of the platform after changes are posted constitutes your acceptance of the updated policy.

12. Governing Law and Jurisdiction

This Privacy Policy and any disputes arising from it shall be governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the competent courts located in Bengaluru, Karnataka, India.

13. Limitation of Liability

To the maximum extent permitted by applicable law, Ecliptz Labs Pvt Limited shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or related to your use of the Supalander platform or this Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Ecliptz Labs Pvt Limited

Email: hello@ecliptz.com

Website: https://ecliptz.com

© 2026 Ecliptz Labs Pvt Limited. All rights reserved.

← Back to home