Data Retention Policy

1. Why We Store Data

We collect and keep only the information needed to run Elpidan LEAD, deliver Instagram automation features, and support your account.

2. What We Store

Account details: name, email, hashed password

Instagram connection: IG user ID, access token

Message data: incoming & outgoing DMs

Automation settings: flows, rules, tags

System logs: API requests, error traces

Backups: encrypted database snapshots (used for disaster recovery only)

3. How Long We Keep It

Account details: deleted 90 days after your last login or when you delete your account

Instagram connection: deleted 30 days after you disconnect or token expires

Message data: deleted after 30 days (default)

Automation settings: until you remove the flow or 90 days after account deletion

System logs: deleted after 60 days

Backups: deleted after 30 days (old snapshots automatically purged)

Note: We may keep data longer if required by law (e.g., tax invoices). Otherwise, we delete on the schedule above.

4. How You Can Delete Your Data

Self-service: Use the “Delete Account” button in Settings to remove your profile and all related data.

Email request: Contact us at [email protected] and we’ll erase your data within 30 days.

5. How We Protect Data

All traffic is encrypted (HTTPS).

Databases and backups are encrypted at rest.

Access is limited to staff who need it to operate the service.

6. Contact

Questions about this policy? Email [email protected]

This policy is reviewed annually. Material changes will be announced via the app or email and take effect upon posting.