Privacy policy for DM Flow - Direct Message Assistant
DM Flow - Direct Message Assistant by Rahad Sheikh
Privacy Policy for DM Flow - Direct Message AssistantLast Updated: July 8, 2026
DM Flow ("we", "our", "us") values your privacy. This Privacy Policy details how the DM Flow - Direct Message Assistant
browser extension ("Extension") handles user data. We are committed to transparency and compliance with browser store
policies. 1. Information We Collect (Collection)
The Extension operates locally and follows a strict data-minimization approach. We only collect and process the
following information necessary for the Extension's core functionalities:
* Message Templates & Campaigns: Custom text templates and messaging variants created by you.
* Target Recipient Lists: The list of Instagram usernames/handles you input to receive direct messages.
* Outreach Logs & Sent History: Local history recording which usernames have been messaged, along with timestamps, to
prevent duplicate outreach.
* Instagram Session Cookies & Access Tokens: The active session tokens required to authenticate direct message API
requests to Instagram.
* Licensing & Billing Verification Details: If you purchase a premium plan, we process your License Key and Customer
Email (e.g., user@example.com). 2. Data Handling & Processing (Handling)
All data collection is strictly client-side. We handle the data as follows:
* Outreach Automation: We process your recipient list, message templates, and Instagram cookies strictly to route
personalized direct messages to your targets.
* Personalization: The recipient's username is processed to dynamically substitute variables (e.g., #USERNAME#) in your
templates.
* Subscription Check: Your license key and email are securely transmitted to our licensing provider, Polar.sh (api.
polar.sh), to check subscription validity and activate Pro features.
* Zero Telemetry/Analytics: The Extension does not log, track, or transmit your usage logs, browsing history, or
analytics to any tracking servers. 3. Data Storage & Retention (Storage)
We store user data locally on your device to maintain high privacy standards:
* Local Storage: All settings, message templates, target lists, and outreach logs are stored in your browser's isolated
database using chrome.storage.local.
* Session Cache: Instagram session cookies remain securely in browser memory and are handled inside Chrome's security
sandbox.
* Retention Policy: Your settings and outreach history are retained on your device indefinitely to prevent sending
duplicate messages. You can delete all data at any time by clicking "Clear Data" or "Deactivate" in the options panel,
clearing your browser cache, or uninstalling the Extension. 4. Data Sharing & Disclosure (Sharing)
We enforce a strict policy against selling or distributing user data:
* No Selling or Trading: We do not sell, rent, lease, trade, or transfer any user data, templates, or logs to third
parties.
* Restricted API Calls: Data transmission is exclusively limited to:
1. Direct, secure communications between your browser and the official Instagram API endpoints.
2. Direct validation requests between your browser and the Polar.sh billing engine (api.polar.sh). 5. User Rights & Controls
You maintain complete ownership and control of your data:
* Access & Portability: You can view all templates, recipient queues, and local logs in the Extension's options panel.
* Deletion: You can permanently delete all local data, settings, and logs by clicking "CLEAR" in the history box,
clearing local extension storage, or uninstalling the Extension. 6. Contact & Support
If you have any questions, concerns, or requests regarding this Privacy Policy, please contact us at
rahad@purpleslash.com.