This page explains how EachReach (‘we’, ‘us’) handles data when automating DMs on Instagram and Facebook Pages. Last updated: August 9, 2025.
We believe in transparency. Here’s what information we process and how we protect your privacy at EachReach. Use the links at left to browse the policy.
Who we are & Contact
EachReach provides automation for Instagram and Facebook DMs. We help businesses manage messages efficiently, while protecting privacy.
For any privacy request, email support@eachreach.io or write to our postal address [Company address].
We respond to privacy inquiries promptly and as required by law.
Data we process
From Meta APIs: message text, attachment metadata, sender/recipient IDs, profile names/handles, timestamps, and conversation IDs.
Operational data: IPs, device/agent details, logs, and error traces for reliability.
Client-provided: FAQs, pricing, business/product info, and CRM identifiers stored securely.
How we use data
We receive DMs via webhooks, classify intent, look up business info, and generate replies—sometimes with AI, sometimes by a human.
Replies are sent back through Meta APIs. We also use operational data for reliability, debugging, analytics, abuse prevention, and to meet legal obligations.
All processing is done securely and for service functionality.
Legal bases
We rely on legitimate interests, contract performance, and consent where required to process your data.
Data sharing & processors
EachReach acts as the controller for its services. Vendors are processors under DPAs. We do not sell personal data.
n8n — workflow/runtime automation. Supabase — database & vector storage for client knowledge. OpenAI — message inference for crafting replies.
Our partners meet strict privacy and security standards.
Retention
Conversation metadata: kept up to 90 days (client-configurable).
Message content: kept up to 30 days for troubleshooting/model quality, then deleted or anonymized.
Tokens/credentials: encrypted at rest; rotated regularly.
Security
All data uses TLS in transit and encryption at rest where possible.
We employ least-privilege access, maintain audit logs, and rotate keys regularly.
Security is a foundation of our service design.
Your rights
Depending on jurisdiction, you have rights to access, correct, delete, or restrict use of your data.
To exercise rights, email support@eachreach.io with your Instagram handle and request.
We will honor requests as required by applicable law.
International transfers
Where data moves outside your country, we implement safeguards such as Standard Contractual Clauses to keep your information secure.
Children
Our service is not intended for children under 13.
Data deletion
You can request data deletion at any time. Use the button below to start the process.
We aim to respond within 30 days, unless retention is required by law or for security.
Changes
We may update this policy. The ‘Last updated’ date at the top will reflect the latest version.
Policy
Privacy Policy
Data Deletion
Contact Email
Meta Resources
Meta Platform Policy
Meta Developer Docs