Privacy Policy — TamilDM
Last updated: May 18, 2026
This Privacy Policy describes how Sri Athi Mobiles, a sole proprietorship registered under the laws of India, having its registered office at Tirunelveli, Tamil Nadu, India ("Sri Athi Mobiles", "we", "us", or "our"), collects, uses, stores, discloses, and protects personal data of users of the TamilDM service ("TamilDM" or the "Service") accessible at tamildm.com.
For the purposes of the Digital Personal Data Protection Act, 2023 and the rules made thereunder (the "DPDP Act"), Sri Athi Mobiles is the Data Fiduciary in respect of personal data of natural persons ("Data Principals") who use the Service.
By accessing or using the Service, you confirm that you have read and understood this Privacy Policy.
1. Instagram API Usage
TamilDM uses the Instagram Graph API to provide automated messaging services.
Permissions we use:
- instagram_manage_messages — To read incoming comments and direct messages, and to send automated replies. We monitor comments on posts where the business owner has enabled automations and respond to direct messages containing configured keywords.
- instagram_basic — To access basic profile information (username, account ID) for displaying account information in the TamilDM dashboard and identifying the account for automation.
How we use this access:
- Read comments on posts to trigger keyword-based automations.
- Read incoming direct messages to trigger automated replies.
- Send automated direct message responses within Meta's 24-hour messaging window.
What we do NOT do:
- We do not post content to Instagram on your behalf.
- We do not access or store your Instagram password.
- We do not sell your Instagram data to third parties.
2. Information We Collect
We collect the following personal data to provide and improve the Service:
Data we store:
- Instagram User IDs (PSID) — to identify users in conversations and maintain context.
- Usernames — for logging and analytics purposes.
- Message and comment content — temporarily, for keyword matching and automation triggering.
- Conversation state — to track multi-step automation flows.
- Contact information (email or phone number) — only if voluntarily provided by a user during an automation flow.
- Account credentials — encrypted access tokens used to connect your Instagram account to TamilDM.
Data we do NOT store:
- Private media or photos.
- User passwords or credentials.
- Data from Instagram accounts not connected to TamilDM.
3. How We Use Your Information
We use the personal data we collect for the following purposes:
- To provide, operate, and maintain the Service.
- To enable keyword-based automation and automated messaging on your behalf.
- To notify you about changes or updates to the Service.
- To provide customer support and respond to grievances.
- To monitor and analyse usage trends, and to diagnose and fix technical issues.
- To develop and test new features and improvements.
- To comply with applicable legal obligations.
4. Data Retention
- Webhook event data — retained for 30 days for debugging and analytics.
- Automation logs — retained for 90 days for business analytics.
- Contact information — retained until account disconnection or a valid deletion request is received.
- Access tokens — encrypted and stored securely; deleted immediately upon account disconnection.
We retain personal data only for as long as necessary to provide the Service, fulfil the purposes for which it was collected, or comply with applicable law.
5. Sharing of Your Information
Sri Athi Mobiles values your privacy. We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes.
We share data only in the following limited circumstances:
- Meta Platforms, Inc. — We share Instagram User IDs and message content with Meta's Instagram Graph API solely to send automated messages as necessary to provide the Service.
- Razorpay Software Private Limited — If you make payments through the Service, your payment information is processed by Razorpay. Razorpay's handling of your data is governed by their own privacy policy.
- Cloud service providers — We use secure cloud hosting providers based in India to store encrypted automation configurations and logs. These providers are contractually obligated to protect your data.
- Legal obligations — We may disclose your personal data if required to do so by law, court order, or lawful request from a government authority, or where we have a good-faith belief that such disclosure is necessary to prevent fraud, protect our rights, or prevent harm to any person.
6. Data Security
We implement reasonable security safeguards as required under Section 8(5) of the DPDP Act to protect personal data against unauthorised access, alteration, disclosure, loss, or destruction. These include:
- Encryption of personal data in transit using Transport Layer Security (TLS / HTTPS) on all endpoints of the Service.
- Encrypted storage of access tokens; tokens are deleted immediately upon account disconnection.
- Role-based access controls limiting personnel access to personal data on a need-to-know basis.
- Secure communication channels for all data exchanged with Meta's API.
- Periodic review of our security practices.
No method of transmission over the internet or electronic storage is fully secure. While we use commercially reasonable means to protect personal data, we cannot guarantee absolute security against all threats.
7. Cross-Border Data Transfers
Our servers and hosting infrastructure are located in India. In the event that any of our service providers (including cloud hosting or analytics providers) operate outside India, we will ensure that:
- Personal data is not transferred to any country or territory that the Central Government of India notifies as a restricted country under the DPDP Act.
- Appropriate contractual and technical safeguards are put in place before any such transfer occurs.
8. Your Rights as a Data Principal
Under the DPDP Act, you have the following rights in respect of your personal data:
- Right to information — to obtain confirmation of whether we are processing your personal data, and a summary of the personal data being processed and the processing activities undertaken.
- Right to correction and erasure — to request correction of inaccurate or incomplete personal data, and erasure of personal data that is no longer necessary for the purpose for which it was collected.
- Right to grievance redressal — to register a grievance with our Grievance Officer regarding any act or omission by us in respect of your personal data (see Section 11 below).
- Right of nomination — to nominate, in the manner prescribed under the DPDP Act, another individual to exercise your data rights in the event of your death or incapacity.
- Right to withdraw consent — where processing is based on your consent, to withdraw such consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
How to exercise your rights or delete your data:
- Disconnect your Instagram account in the TamilDM dashboard.
- Remove the TamilDM app from your Facebook Business Integrations settings.
- Revoke TamilDM's Instagram access directly at instagram.com/accounts/manage_access.
- Email us at support@tamildm.com with the subject line "Data Rights Request" or "Data Deletion Request".
We may need to verify your identity before acting on a request.
9. Children's Privacy
TamilDM is not intended for users under the age of 18. We do not knowingly collect personal data from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at support@tamildm.com and we will take steps to delete that information.
10. Personal Data Breach Notification
In the event of a personal data breach affecting your personal data, we will notify the Data Protection Board of India and, where required, affected Data Principals in accordance with Section 8(6) of the DPDP Act and the rules made thereunder, in the form, manner, and within the timeframe prescribed under applicable law.
11. Grievance Officer
In accordance with Section 8(9) of the DPDP Act, Sri Athi Mobiles has appointed the following Grievance Officer to address concerns related to the processing of personal data:
| Name |
Sri Guru |
| Designation |
Grievance Officer |
| Email |
support@tamildm.com |
| Address |
Sri Athi Mobiles, Tirunelveli, Tamil Nadu, India |
We will endeavour to acknowledge grievances within 7 working days of receipt and to resolve them within 30 days, or such shorter period as may be prescribed under applicable law.
If you are not satisfied with our response, you may approach the Data Protection Board of India in accordance with the DPDP Act.
12. Governing Law and Jurisdiction
This Privacy Policy and any matters arising from or related to it shall be governed by and construed in accordance with the laws of India. Subject to the dispute resolution provisions of our Terms of Service, the courts at Chennai, Tamil Nadu, India shall have exclusive jurisdiction in respect of any matters arising out of or in connection with this Privacy Policy.
13. Changes to This Privacy Policy
We may modify or update this Privacy Policy from time to time. We will notify you of any significant changes by email or through a notice on the Service. Your continued use of TamilDM after any modification to this Privacy Policy will constitute your acceptance of such modification. Please review this page periodically.