Trigwise

Privacy Policy

Last updated: May 9, 2026

1. Introduction

Trigwise ("we", "our", "us") operates the website trigwise.com and provides Instagram automation services (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and profile picture through Google OAuth. We do not store your Google password.

Instagram Data

When you connect your Instagram Business account, we access data permitted by the Instagram Graph API, including:

  • Your Instagram Business account ID and username
  • Direct messages sent to your account (for automation triggers)
  • Comments on your posts (for keyword-based automation)
  • Basic profile information of users who interact with your content

We encrypt your Instagram access token at rest using AES-256-GCM encryption. We never store your Instagram password.

Usage Data

We automatically collect usage metrics such as DMs sent, broadcasts created, and automations triggered to enforce plan limits and improve the Service.

3. How We Use Your Information

  • To provide and maintain the Service (processing automations, sending broadcasts)
  • To authenticate your identity and manage your account
  • To enforce usage limits based on your subscription plan
  • To detect and prevent fraud, abuse, or security incidents
  • To communicate with you about your account or the Service
  • To comply with legal obligations

4. Data Sharing

We do not sell, rent, or trade your personal data. We share information only with:

  • Meta / Instagram: to process automations via the Instagram Graph API
  • Service providers: Vercel (hosting), Neon (database), Upstash (caching), Sentry (error monitoring), Razorpay (payments) — each bound by their own privacy policies
  • Law enforcement: if required by applicable law or valid legal process

5. Data Retention

We retain your data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law. Aggregated, anonymized analytics data may be retained indefinitely.

6. Data Security

We implement industry-standard security measures including:

  • AES-256-GCM encryption for Instagram tokens at rest
  • HMAC signature verification for all incoming webhooks
  • HTTPS enforcement on all endpoints
  • Content Security Policy headers
  • Rate limiting on all public API endpoints

7. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Disconnect your Instagram account at any time
  • Export your data in a portable format

To exercise these rights, contact us at trigwise@gmail.com.

8. Instagram Platform Policy Compliance

Our use of Instagram data is governed by Meta Platform Terms. We access only the data necessary to provide the Service and do not use Instagram data for advertising, data brokerage, or surveillance purposes.

9. Cookies

We use essential cookies for authentication (session management via NextAuth.js). We do not use advertising or third-party tracking cookies.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top. Continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact

For questions about this Privacy Policy, contact us at: trigwise@gmail.com