Privacy Policy

Effective date: April 16, 2026

DirectMate ("DirectMate", "we", "us", or "our") provides software that helps businesses manage customer conversations and sales workflows through Instagram Direct Messages and related integrations.

This Privacy Policy explains how we collect, use, store, and share information when merchants, store owners, their team members, and end users interact with our website, platform, and services.

1. Who we are

DirectMate is operated by Oleksandr Khanas, sole proprietor, operating under the product name DirectMate.

If you have questions about this Privacy Policy or our data practices, you can contact us at:

• Email: hello@directmate.app
• Website: https://directmate.app

2. Scope of this Privacy Policy

This Privacy Policy applies to:

• visitors of our website
• merchants and businesses using DirectMate
• team members invited to use DirectMate
• customer conversations and data processed through integrations such as Instagram

This Privacy Policy does not apply to third-party platforms we integrate with, including Meta, Instagram, Shopify, payment providers, and other third-party services. Their own terms and privacy policies also apply.

3. Information we collect

a. Business account information

When a merchant signs up or uses DirectMate, we may collect:

• name
• business name
• email address
• phone number
• billing-related details
• store or company information
• connected platform identifiers

b. Authentication and account access data

We may collect:

• login credentials or authentication tokens
• user roles and permissions
• account settings
• technical access logs

c. Integration data

If you connect DirectMate with third-party services such as Instagram or e-commerce systems, we may process:

• account IDs
• page or business account identifiers
• product catalog information
• order-related information
• conversation metadata
• message content needed to provide the service

d. Customer communication data

To provide message automation and support sales workflows, we may process:

• Instagram direct messages
• customer usernames or identifiers
• product inquiries
• shopping preferences shared in conversation
• order-related details voluntarily provided by the customer

e. Website and device information

When you use our website or platform, we may collect:

• IP address
• browser type
• device information
• operating system
• pages visited
• referring URLs
• approximate usage analytics
• cookies or similar technologies

4. How we use information

We use collected information to:

• provide, operate, and maintain DirectMate
• authenticate users and secure accounts
• process and manage integrations
• generate automated responses and sales assistance features
• support product recommendations and order workflows
• improve product performance and user experience
• monitor reliability, prevent abuse, and troubleshoot issues
• communicate with users about service, support, updates, and legal matters
• comply with legal obligations
• enforce our Terms of Service

5. Legal basis for processing

Depending on the user and applicable law, we process information on the basis of:

• performance of a contract
• legitimate interests in operating and improving the service
• compliance with legal obligations
• consent, where required

6. How we share information

We do not sell personal information.

We may share information with:

• service providers that help us host, secure, maintain, and support the platform
• integration partners and APIs necessary for the service to function (including Meta/Instagram APIs for messaging)
• AI providers (such as OpenAI) to generate automated responses
• analytics, infrastructure, and communication providers
• legal or regulatory authorities when required by law
• a successor entity in the event of a merger, acquisition, or business transfer

We only share data as reasonably necessary to operate the service and fulfill legitimate business purposes.

7. Instagram and Meta integration

DirectMate integrates with the Instagram Messaging API provided by Meta Platforms, Inc. When a business connects their Instagram account to DirectMate:

• we receive and process Instagram Direct Messages sent to the connected business account
• we use page access tokens (encrypted with AES-256-GCM) to send responses on behalf of the business
• we store Instagram account identifiers and business profile information necessary to operate the service
• message content may be sent to AI providers to generate automated replies

Use of data received from Meta APIs complies with the Meta Platform Terms and Meta Developer Policies.

8. Data retention

We retain information for as long as necessary to:

• provide the service
• comply with legal, tax, accounting, or regulatory obligations
• resolve disputes
• enforce agreements
• maintain security and fraud-prevention records

When data is no longer needed, we will delete or anonymize it within a reasonable period, unless retention is required by law.

9. Data security

We take reasonable technical and organizational measures to protect information from unauthorized access, disclosure, alteration, or destruction, including encryption of sensitive tokens (AES-256-GCM), secure HTTPS connections, and access controls. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. International data transfers

Depending on the tools and providers used to operate DirectMate, data may be processed in countries other than the user's country of residence. Where required, we take reasonable steps to ensure appropriate safeguards are in place.

11. Your rights

Depending on applicable law, users may have the right to:

• request access to their data
• request correction of inaccurate data
• request deletion of data
• object to or restrict certain processing
• request data portability
• withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@directmate.app. We may need to verify your identity before processing a request.

12. Data deletion requests

If you want us to delete your data, you may submit a request by contacting privacy@directmate.app.

Please include:

• your name
• your business/store name
• your contact email
• the Instagram account or platform account connected to DirectMate
• details of the deletion request

We may retain limited information where required by law, for security, fraud prevention, dispute resolution, or legitimate recordkeeping purposes.

For more details, see our Data Deletion Request page.

13. Children's privacy

DirectMate is intended for business use and is not directed to children under the age of 13 or the minimum age required by applicable law. We do not knowingly collect personal information directly from children.

14. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Effective date" above. Continued use of the service after changes take effect means the updated version applies.

15. Contact us

If you have any questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@directmate.app
• Website: https://directmate.app