DM run

Legal

Privacy Policy

How DM run, a product of SourceStrong AI, collects, uses, and protects your information.

Effective June 14, 2026

1. Overview

DM run (“DM run,” “we,” “us,” or “our”) is an AI-powered Instagram direct-message automation platform operated by SourceStrong AI. This Privacy Policy explains what information we collect, how we use it, and the choices you have. It applies to dmrun.com, the DM run dashboard, and our Instagram integration.

By creating an account or connecting an Instagram account, you agree to the practices described here. If you do not agree, please do not use the service.

2. Data we collect

  • Account data. Name, email address, password hash, and billing details processed by our payment provider when you subscribe to a paid plan.
  • Connected accounts. The Instagram Professional account(s) you connect, including the access tokens issued by Meta and basic profile metadata.
  • Conversation data. Comments, Story replies, and direct messages your AI Agent handles, plus the replies it sends, so we can deliver and improve the service.
  • Configuration. Brand voice notes, FAQs, product details, automation flows, and triggers you create.
  • Usage & device data. Log data, IP address, browser type, and product analytics used to operate, secure, and improve DM run.

3. Instagram & Meta data

DM run connects to your Instagram Professional account only through the official Instagram Graph API and Meta’s approved authentication flow. We never ask for or store your Instagram password, and we do not scrape Instagram or use unofficial clients.

With your authorization, we access the messaging and comment permissions required to read incoming messages, post replies, and manage automations on your behalf. We use this data solely to provide the features you enable. Our use of information received from the Meta platform adheres to the Meta Platform Terms and Developer Policies. You can revoke DM run’s access at any time from your Instagram or Facebook settings, or by following our data deletion instructions.

4. How we use data

  • To deliver the core service: reading messages and sending AI-generated replies.
  • To capture leads and surface conversations in your inbox and CRM.
  • To authenticate you, process payments, and provide support.
  • To monitor, secure, debug, and improve the platform.
  • To send service and account communications you can opt out of where applicable.

We do not sell your personal data, and we do not use your conversation content for advertising.

5. AI processing

To generate replies, the relevant message content, your brand voice notes, and recent conversation context are sent to our third-party AI model provider for processing. This content is used only to produce a response for that conversation. We instruct our AI provider not to use your content to train their foundation models, in line with their enterprise data terms. AI replies may be imperfect; you remain responsible for the messages sent from your account and can pause or take over any conversation at any time.

6. Sharing & processors

We share data only with service providers who help us operate DM run, under contracts that limit their use of the data to providing services to us. These include:

  • Cloud hosting and database providers that store your data.
  • Our AI model provider, used to generate replies as described above.
  • Our payment processor, used to handle subscriptions.
  • Meta / Instagram, to send and receive messages on your behalf.

We may also disclose information when required by law or to protect the rights, safety, and security of DM run, our users, or the public.

7. Retention & deletion

We keep personal and conversation data for as long as your account is active and as needed to provide the service. When you delete data, disconnect an Instagram account, or close your account, we delete or de-identify the associated data within 30 days, except where we must retain limited records to comply with legal obligations. See Data Deletion for how to request removal of your Instagram data.

8. Security

We protect your data with encryption in transit and at rest, access controls, and least- privilege practices. Access tokens are stored encrypted. No system is perfectly secure, but we work continuously to safeguard your information and will notify affected users of a material breach as required by law.

9. Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can exercise these rights from your account settings or by emailing hi@sourcestrongai.com. We will respond within the timeframe required by applicable law. DM run is designed with GDPR-ready data handling in mind.

10. Changes & contact

We may update this policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, notify you in-product or by email.

Questions about privacy? Email hi@sourcestrongai.com or visit our contact page. DM run is a product of SourceStrong AI.