Privacy Policy

SellByChat.ai ("we," "us," or "our") is an customer engagement platform operated by a Canadian corporation. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.

By using SellByChat.ai, you consent to the data practices described in this policy.

We collect the following categories of data:

• Instagram and Facebook Messenger messages sent and received through connected business accounts
• User profile information from Instagram and Facebook (name, profile picture, account type)
• Comments on posts that trigger automated responses
• Story replies from users interacting with connected accounts
• Audio messages and voice notes sent through Instagram DMs
• Account and billing information provided during registration

We use collected data to facilitate AI-assisted customer engagement responses on behalf of our business clients. Specifically:

• Facilitating timely responses to Instagram and Messenger direct messages on behalf of business clients
• Providing conversation management, analytics, and reporting tools
• Maintaining service reliability and security
• Communicating with you about your account and our services

We access Instagram and Facebook data through Meta's official APIs in compliance with Meta's Platform Terms and Developer Policies. We only access data that users have explicitly authorized through Meta's permission flow.

Data obtained through Meta APIs is used solely for the purpose of providing our DM automation services and is not used for advertising, sold to data brokers, or shared outside of our core service delivery. We do not use data received from Meta Platform APIs for advertising, marketing to third parties, or training machine learning models.

Your data is protected through the following measures:

• Conversation data is stored in MongoDB hosted on Railway with restricted access
• Meta access tokens are encrypted at rest using AES-256-GCM
• All data transmission uses TLS/SSL encryption
• Daily encrypted backups are written to Backblaze B2 with 30-day rolling retention
• Access to personal data is restricted to authorized personnel only

Conversation messages are retained for the active life of your account so the AI can reference prior context. You can request deletion at any time via the Data Deletion page; we process deletion requests within 30 days.

Daily encrypted backups in Backblaze B2 use a 30-day rolling window — backup copies of deleted data are purged on the same schedule.

Account information is retained for the duration of your account and deleted within 30 days of account closure, unless required by law.

We do not sell personal data to third parties. We share data with the following service providers who assist in delivering our services:

• OpenRouter (specifically the Grok 4 Fast model) for generating contextual reply suggestions. Conversation context is sent for inference only; it is not retained for model training under our agreement.
• MongoDB on Railway for primary conversation storage.
• Convex for application metadata, including encrypted Meta access tokens and account configuration.
• Backblaze B2 for encrypted off-site backups (30-day retention).
• Meta through Instagram and Facebook Messaging APIs for message delivery.

We may also disclose data when required by law, to protect our legal rights, or to prevent fraud or security threats.

We use minimal cookies for authentication and session management. We do not use cookies for advertising or tracking purposes. Essential cookies are required for the service to function and cannot be disabled.

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:

• Right to access your personal data
• Right to rectify inaccurate personal data
• Right to delete your personal data
• Right to restrict processing of your personal data
• Right to data portability
• Right to object to processing of your personal data

To exercise any of these rights, contact us at privacy@sellbychat.ai.

If you are a California resident, you have the right under the California Consumer Privacy Act to:

• Know what personal data we collect about you
• Request deletion of your personal data
• Opt out of the sale of your personal data (we do not sell personal data)
• Not be discriminated against for exercising your privacy rights

You have the right to request deletion of your personal data at any time. To submit a data deletion request, visit our Data Deletion Request page. You can also request data deletion through the Meta Platform by revoking our app's access in your Facebook or Instagram settings. We process deletion requests from Meta within 48 hours. Alternatively, email privacy@sellbychat.ai.

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date.

SellByChat.ai
Operated by a Canadian corporation.

Privacy inquiries: privacy@sellbychat.ai

General support: support@sellbychat.ai

Website: https://sellbychat.ai