Privacy Policy

Last updated: 2026-05-08

1. Who we are

BoostBirga (“we”, “our”, “us”) is an Instagram Business Messaging automation tool for small businesses. We are operated by Oybek Ustemirov from Tashkent, Uzbekistan. You can reach us at privacy@ustemirov.uz.

2. What data we collect

• Account information: when you sign in with Google we receive your name, email address, and profile picture.
• Instagram Business account data: when you connect an Instagram Business account, we receive your IG user ID, username, the linked Facebook Page ID, and a long-lived page access token.
• Direct Messages (DMs): incoming DMs from your followers, including the message text, attachments, and sender metadata. We use these to match against your auto-reply rules and display them in your Inbox.
• Automation rules: the keyword triggers, reply templates, and workflow graphs you create.
• Diagnostic data: error reports (via Sentry) and aggregated usage analytics. No DM content is sent to third-party services.

3. How we store data

All data is stored on servers located in Frankfurt, Germany. Long-lived Instagram access tokens are encrypted at rest with AES-256-GCM using per-tenant initialization vectors. Database backups are encrypted and retained for 30 days.

4. How we use data

• To match incoming DMs against the rules you have configured.
• To send auto-replies on your behalf via the Instagram Send API.
• To display your Inbox and analytics in the dashboard.
• To diagnose errors and improve the product.

We do not sell your data. We do not train machine-learning models on your DM content. We do not share your data with advertisers.

5. Third parties

We use Meta’s Graph API to receive and send Instagram messages, Sentry for error reporting (DM content is scrubbed before transmission), and Vercel for hosting the dashboard. None of these parties have direct access to your stored DM content.

6. Data retention

• DM events: 90 days, then archived to cold storage and purged after one year.
• Automation rules: until you delete them.
• Account data: until you request deletion.

7. Your rights

You can:

• Access your data via the dashboard at any time.
• Request a full export by emailing privacy@ustemirov.uz.
• Delete your account and all associated data via the Data Deletion page or by revoking BoostBirga in your Facebook settings (Apps and Websites → BoostBirga → Remove).

8. Compliance

This policy aligns with the Meta Platform Terms of Service and the Uzbekistan Personal Data Protection Act (UZ-PDPA). For users in the European Economic Area, the lawful basis for processing is contract performance and legitimate interest under Article 6(1)(b) and 6(1)(f) of the GDPR.

9. Changes

We may update this policy. Material changes will be announced via email and/or in-app banner at least 14 days before they take effect.

10. Contact

Questions, complaints, or data-related requests: privacy@ustemirov.uz.