Privacy Policy
Last updated: April 14, 2026
This Privacy Policy explains what data is collected and processed by the internal software tool (the "App") developed by the marketing agency MOVE Agency (the "Company", "We") for automated processing of Instagram Direct messages using artificial intelligence.
1. Company Information
Marketing agency MOVE Agency
Website: https://move.marketing
Contact email: new.biz.move@gmail.com
2. Purpose of the App
The App integrates with the Company's Instagram business account through official Meta Platforms APIs and helps the Company's employees promptly respond to incoming Direct messages, using an artificial intelligence model (OpenAI). The App is not a standalone product and is not used to sell services to third parties.
3. Data We Process
To operate the App, we may receive and process the following categories of data:
- The content of messages a user sends to the Company's Instagram business account in Direct.
- The user's public Instagram identifier (Instagram User ID) and account name.
- Timestamps of sent and received messages.
- Technical metadata required for the integration to operate (conversation identifiers, delivery statuses).
We do not collect passwords, payment card data, identity documents, residential addresses, or other sensitive information unless the user voluntarily sends it in a message.
4. Purposes of Data Processing
- Generating relevant responses to user inquiries in Direct.
- Ensuring continuous communication with the Company's clients and prospective clients.
- Internal quality control of customer service.
- Compliance with applicable laws.
5. Legal Basis for Processing
Data processing is carried out on the basis of the Company's legitimate interest in providing high-quality communication with clients, as well as on the basis of the user's consent, which they provide by initiating correspondence with the business account.
6. Sharing Data with Third Parties
To operate the App, data may be shared with the following service providers:
- Meta Platforms, Inc. — source of the data (Instagram Graph API). Processing is governed by Meta's Privacy Policy.
- OpenAI, L.L.C. — processing of message text to generate responses. Processing is governed by OpenAI's Privacy Policy.
6.1. Meta API Permissions Used by the App
Through the Meta Graph API, the App requests the following permissions:
instagram_basic— basic access to the Instagram business profile;instagram_manage_messages— reading and sending Direct messages;pages_messaging— handling messages on the linked Facebook Page;pages_show_list— retrieving the list of Facebook Pages for linking;business_management— integration with Meta Business Manager.
6.2. International Data Transfers
OpenAI is registered in the United States of America. Personal data is transferred on the basis of the European Union's Standard Contractual Clauses (SCC) and the Data Processing Addendum published by OpenAI. Meta Platforms processes data in accordance with its own global infrastructure and policies.
We do not sell or transfer your data to other third parties for commercial purposes.
7. Data Retention Period
Conversation contents are stored in Meta's business tools (Instagram Inbox) according to the platform's settings. Additionally, in the Company's systems, messages are retained no longer than necessary for the purposes described in section 4, and no more than 12 (twelve) months, after which they are deleted or anonymized.
8. Your Rights
Under the applicable law of Ukraine, the GDPR, and Meta's policies, you have the right to:
- obtain information about the processing of your data;
- request correction of inaccurate data;
- request deletion of your data (see Data Deletion Instructions);
- withdraw your consent for processing;
- file a complaint with a competent supervisory authority.
8.1. Right to Opt Out of Automated Processing
You may, at any time, request that your communication be handled exclusively by a human (without AI). Send the message "operator" (or «оператор» in Ukrainian) in Direct, and we will immediately transfer the conversation to a MOVE Agency employee for manual handling.
9. Security
We apply organizational and technical measures to protect data: limited employee access, encryption of connections (HTTPS/TLS), and account access controls. Complete security of data transmission over the Internet cannot be guaranteed; however, we make every effort to ensure it.
10. Children
The App is not intended for individuals under the age of 13. We do not knowingly collect data of such users.
11. Changes to This Policy
We may update this Policy. The current version is always available at this URL. The date of the last revision is shown at the top of the document.
12. Contact
For questions regarding this Policy, contact: new.biz.move@gmail.com