DirectYar Go to app →
Legal

Privacy Policy

Last updated: June 2026

This Privacy Policy explains how DirectYar, a service operated by TECNOLOGIA GLOBAL EN LA NUBE SLU (Málaga, Spain), collects, uses, stores, and protects personal data when you use our website (directyar.com), our application (app.directyar.com), and related services. It also describes your rights under the EU General Data Protection Regulation (GDPR).

1 Data Controller

The data controller responsible for your personal data is:

TECNOLOGIA GLOBAL EN LA NUBE SLU (trading as “DirectYar”)
Location Málaga, Spain
Email info@directyar.com

2 About the Service

DirectYar is an Instagram automation SaaS that enables businesses to automatically reply to Instagram direct messages (DMs) and comments. With your authorization, DirectYar connects to your Instagram Business account through the Meta Graph API and receives messages and comments via webhooks. It then sends automated responses on behalf of the connected account according to the rules and settings you configure.

3 Personal Data We Collect

Account & authentication data

  • Your name and email address used to register for DirectYar.
  • Authentication tokens and account identifiers provided via Instagram/Meta OAuth when you connect an account.
  • Your Instagram Business account ID, username, and profile information accessible through the API.

Instagram messaging & comment data

  • Direct messages and comments received by your connected account through Meta webhooks.
  • Sender identifiers (such as Instagram-scoped user IDs) and message metadata (timestamps, message type).
  • Automated responses generated and sent on your behalf.

Configuration & usage data

  • Automation rules, reply templates, keywords, and other settings you create in the app.
  • Subscription, billing status, and plan information.
  • Technical data such as IP address, browser type, device information, and access logs collected for security and diagnostics.

4 Meta & Instagram API Usage

DirectYar integrates with Meta Platforms using the Meta Graph API and the Instagram API. We access and process data only with the permissions you explicitly grant during the Instagram/Meta OAuth authorization flow, and only to the extent necessary to deliver the messaging-automation features you enable.

We request only the following Meta permissions (scopes):

  • instagram_business_basic — basic profile and account information for your connected Instagram Business account.
  • instagram_business_manage_messages — to receive and send direct messages on your behalf.
  • instagram_business_manage_comments — to receive and respond to comments on your behalf.

Our use and transfer of information received from Meta APIs adheres to the Meta Platform Terms and Developer Policies, including all applicable limited-use requirements. We do not sell data obtained through the Meta APIs, and we do not use it for advertising, profiling, or any purpose unrelated to operating the DirectYar service for you.

Your use of Instagram and Facebook remains subject to Meta's own Privacy Policy and terms. DirectYar is an independent service and is not endorsed by or affiliated with Meta Platforms, Inc.

5 How We Use Your Data

  • To provide, operate, and maintain the DirectYar platform and your account.
  • To receive incoming Instagram DMs and comments via webhooks and send the automated replies you have configured.
  • To authenticate you and keep your connected Instagram accounts linked and secure.
  • To process payments and manage subscriptions.
  • To monitor, troubleshoot, secure, and improve the reliability and quality of the service.
  • To communicate with you about your account, support requests, and important service updates.
  • To comply with legal obligations and enforce our Terms of Service.

7 Data Storage & Security (AWS)

Personal data is stored and processed on cloud infrastructure provided by Amazon Web Services (AWS). We rely on AWS's security and compliance controls together with our own technical and organizational measures — including encryption in transit (HTTPS/TLS), access controls, and least-privilege practices — to protect your data against unauthorized access, loss, alteration, or disclosure.

Where data is transferred outside the European Economic Area (EEA), such transfers are safeguarded by appropriate legal mechanisms, such as the European Commission's Standard Contractual Clauses. No method of transmission or storage is completely secure, and while we work hard to protect your data, we cannot guarantee absolute security.

8 Data Sharing

We do not sell your personal data. We share data only in the following limited circumstances:

  • Service providers (processors) — such as AWS (hosting/storage), Meta (message delivery via the API), and payment processors, who act on our instructions.
  • Legal requirements — when required to comply with applicable law, regulation, legal process, or enforceable governmental request.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this Privacy Policy.

9 Data Retention

We retain personal data only for as long as necessary to provide the service, comply with our legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, it is deleted or anonymized. If you close your account or disconnect your Instagram account, associated data is deleted within a reasonable period, except where retention is required by law.

10 Your Rights Under the GDPR

If you are in the EU/EEA, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct inaccurate or incomplete data.
  • Erasure — request deletion of your personal data (“right to be forgotten”).
  • Data portability — receive your data in a structured, commonly used, machine-readable format.
  • Restriction & objection — restrict or object to certain processing.
  • Withdraw consent — withdraw consent at any time, without affecting prior lawful processing.

To exercise any of these rights, contact us at info@directyar.com. You also have the right to lodge a complaint with your local supervisory authority — in Spain, the Agencia Española de Protección de Datos (AEPD).

11 Data Deletion Requests

You can request deletion of your personal data — including data obtained through the Instagram/Meta API — at any time by submitting a ticket from within your account at app.directyar.com. Verified requests are completed within 30 days, and we send a confirmation email once your data has been deleted.

For full step-by-step instructions, see our Data Deletion Instructions page.

How to request deletion

12 Cookies & Similar Technologies

Our website and app use cookies and similar technologies. Essential cookies are required for authentication, security, and core functionality. Analytics and preference cookies help us understand usage and remember your settings; these are used only with your consent where required.

You can manage or disable cookies through your browser settings. Disabling essential cookies may prevent parts of the service — including signing in — from working properly.

13 Children's Privacy

DirectYar is a business tool and is not directed to children. We do not knowingly collect personal data from individuals under the age of 16. If you believe a minor has provided us with personal data, please contact us at info@directyar.com and we will delete it promptly.

14 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify you. Your continued use of the service after changes take effect constitutes acceptance of the updated policy.

15 Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

TECNOLOGIA GLOBAL EN LA NUBE SLU (DirectYar)
Location Málaga, Spain
Email info@directyar.com
Website directyar.com