IG Business Manager

Privacy Policy

Last updated: February 25, 2026

1. Introduction

IG Business Manager ("we", "our", or "the App") is a web application that helps businesses manage their Instagram Business account comments and direct messages. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

2. Information We Collect

When you connect your Facebook account, we collect:

  • Facebook Profile Information: Your name, email address, and Facebook user ID.
  • Facebook Page Data: Page names, IDs, and Page Access Tokens for pages you manage.
  • Instagram Business Account Data: Username, profile picture, media posts, comments on your posts, and direct messages sent to your business account.
  • Access Tokens: OAuth tokens provided by Facebook to access the above data on your behalf.

3. How We Use Your Information

We use the collected information exclusively to:

  • Display your Instagram Business posts, comments, and messages in our dashboard.
  • Enable you to reply to, hide, or delete comments on your posts.
  • Enable you to read and respond to direct messages sent to your Instagram Business account.
  • Maintain your authenticated session within the App.

We do not use your data for advertising, profiling, or any purpose beyond providing the described functionality.

4. Data Storage and Security

  • All access tokens are encrypted at rest using AES-256-GCM encryption before being stored in our database.
  • We use Supabase (PostgreSQL) as our database provider with Row-Level Security (RLS) enabled.
  • Session tokens are stored in secure, httpOnly cookies and are not accessible via JavaScript.
  • All communication between your browser and our servers is encrypted via HTTPS/TLS.

5. Data Sharing

We do not sell, rent, or share your personal information or Instagram data with any third parties. Your data is used solely to provide the App's functionality to you.

6. Data Retention

We retain your data only as long as your account is active. When you disconnect your Facebook account or request data deletion, we remove all your stored data, including access tokens, page information, and session data, from our systems within 48 hours.

7. Data Deletion

You can request the deletion of all your data at any time by visiting our Data Deletion page. We also support Meta's data deletion callback, which automatically removes your data when you remove our app from your Facebook settings.

8. Facebook Permissions

Our App requests the following Facebook/Instagram permissions:

  • pages_show_list: To list Facebook Pages you manage.
  • pages_read_engagement: To read engagement data on your Pages.
  • pages_manage_metadata: To manage Page metadata (required for webhook subscriptions).
  • instagram_basic: To read basic Instagram Business account information.
  • instagram_manage_comments: To read, reply to, hide, and delete comments on your Instagram posts.
  • instagram_manage_messages: To read and send direct messages on your Instagram Business account.
  • business_management: To access business information associated with your Pages.

9. Your Rights

You have the right to:

  • Access the data we store about you.
  • Request correction of inaccurate data.
  • Request deletion of all your data.
  • Revoke our App's access at any time through your Facebook settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at support@igbusinessmanager.com.