Legal
Privacy Policy
digi-talk is committed to protecting the privacy of our users and their customers. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with the digi-talk Service.
Overview
digi-talk ("digi-talk", "we", "us", "our") is committed to protecting the privacy of our users and their customers. This Privacy Policy explains how we collect, use, store, and protect personal data in connection with the digi-talk Service.
This Privacy Policy is required under:
- Bangladesh's Personal Data Protection Ordinance 2025 (Ordinance No. 61 of 2025, gazetted November 6, 2025), which recognizes personal data as the property of the individual and requires explicit, informed, and revocable consent for its processing
- Bangladesh's Cyber Security Act 2023, which governs the lawful collection and use of identity information
- Meta's Platform Terms, which require all Instagram Graph API applications to maintain a publicly accessible, accurate privacy policy
By using the Service, you consent to the practices described in this Policy. You may withdraw consent at any time by contacting us at support@digi-talk.com, though withdrawal may affect the functionality of the Service.
1. Who We Are and What We Do
digi-talk provides an Instagram DM automation platform for Instagram Business Account holders operating primarily in Bangladesh. The Service enables sellers to respond automatically to comments, manage direct message conversations, track leads, and coordinate human handoff workflows through Meta's official Instagram Graph API.
In the context of data protection law:
- digi-talk is the data controller for data collected directly from our users (sellers who register for the Service).
- digi-talk is the data processor for data about Instagram customers (End Users) processed on behalf of our users (sellers).
2. What Personal Data We Collect
2.1 Data You Provide to Us
When you register for or use digi-talk, we collect:
- Account information: name, email address, business name, contact details
- Authentication data: Instagram Business Account identifiers obtained through Meta's OAuth flow (we do not collect or store Instagram passwords)
- Payment information: billing details, payment method identifiers (processed by our payment provider; full card data is not stored by digi-talk)
- Configuration data: trigger keywords, product catalog entries, automation flow settings, reply templates
- Support communications: messages you send us via email, Instagram, or WhatsApp
2.2 Data We Collect Through the Instagram Graph API
When you connect your Instagram Business Account and use the Service, we access and process:
- Instagram comment content and metadata (for trigger detection)
- Direct message content and conversation threads (for automated reply and handoff workflows)
- Instagram user identifiers and profile data of accounts that interact with your content (End User data)
- Engagement metrics and story interaction data where API permissions allow
This data is accessed only within the scope of permissions you authorize through Meta's OAuth flow.
2.3 Data We Collect Automatically
When you access our website or dashboard:
- Usage data: pages visited, features used, time spent, clicks
- Device and connection data: IP address, browser type, operating system, device identifiers
- Cookies and tracking: session cookies for login authentication; analytics cookies for improving the Service (see Section 7)
3. Legal Basis for Processing
Under the Personal Data Protection Ordinance 2025, we process personal data on the following lawful bases:
| Data Type | Legal Basis |
|---|---|
| Account and registration data | Your explicit consent at registration; contractual necessity |
| Instagram API and conversation data | Your explicit consent via OAuth authorization; contractual necessity to deliver the Service |
| Payment data | Contractual necessity; legal obligation |
| Usage and analytics data | Your consent (where required); our legitimate interest in improving the Service |
| Data processed on behalf of End Users | Your instructions as data controller; our contractual obligation to you as processor |
You have the right to withdraw consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
4. How We Use Personal Data
We use collected data for the following purposes:
- Delivering the Service: processing Instagram comments, triggering automated DM replies, managing conversations, creating and tracking lead records, coordinating human handoff
- Account management: maintaining your account, processing payments, communicating service updates
- Security: detecting and preventing unauthorized access, fraud, and abuse
- Legal compliance: meeting obligations under Bangladesh law, including the Cyber Security Act 2023 and the Personal Data Protection Ordinance 2025
- Improving the Service: analyzing usage patterns to fix issues and develop features
- Communications: sending transactional emails, support responses, and (with your consent) service announcements
We do not use your data or End User data for advertising, behavioral profiling, or sale to third parties.
5. End User Data — Your Customers
When digi-talk sends or receives messages through your connected Instagram Business Account, it processes the personal data of your customers ("End Users"), such as their Instagram usernames, message content, and interaction history.
You, as the seller, are the data controller for End User data. digi-talk processes this data only under your instructions and only as necessary to provide the Service.
As a seller using digi-talk, you are independently responsible for:
- Informing your End Users that automated tools are used in your Instagram communications
- Maintaining your own privacy notice or policy visible to your customers, as required by Meta's Platform Terms
- Complying with all applicable data protection obligations toward your End Users under Bangladesh law
digi-talk will not process End User data for any purpose beyond delivering the Service to you, and will not sell, share, or disclose End User data to third parties except as required by law or as described in Section 6.
6. Data Sharing and Disclosure
We do not sell personal data. We share data only in the following circumstances:
- Service providers: with trusted third-party providers who assist in operating the Service (e.g., cloud hosting, database providers, payment processors), strictly under data processing agreements and only to the extent necessary
- Meta Platforms: data is necessarily shared with Meta via the Instagram Graph API to deliver the Service; Meta's own privacy practices govern their data use
- Legal requirements: when required by Bangladesh law, court order, or regulatory authority under the Cyber Security Act 2023, the Personal Data Protection Ordinance 2025, or other applicable law
- Business transfers: in connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations and notification to you
- With your consent: in any other case, only with your explicit prior consent
8. Data Retention
We retain personal data only for as long as necessary to deliver the Service and meet our legal obligations:
| Data Type | Retention Period |
|---|---|
| Account data | For the duration of your account plus 12 months after closure, or as required by law |
| Instagram conversation and message data | Up to 12 months from the date of the conversation, unless you request earlier deletion |
| Lead and automation records | For the duration of your account plus 12 months |
| Payment records | As required by Bangladesh tax and financial record-keeping law |
| Support communications | 24 months from the date of the communication |
| Server and access logs | Up to 90 days |
After applicable retention periods, data is deleted or anonymized.
9. Data Security
digi-talk implements technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction, including:
- Encrypted data transmission (TLS)
- Encrypted storage for sensitive data at rest
- Access controls limiting data access to authorized personnel only
- Regular security reviews and monitoring
No method of transmission or storage is 100% secure. In the event of a personal data breach, we will notify affected users and the relevant authority as required by the Personal Data Protection Ordinance 2025.
10. Your Rights
Under the Personal Data Protection Ordinance 2025, you have the following rights with respect to your personal data:
- Right to access: request a copy of the personal data we hold about you
- Right to rectification: request correction of inaccurate or incomplete data
- Right to erasure: request deletion of your personal data, subject to legal retention requirements
- Right to withdraw consent: withdraw any consent you have given at any time
- Right to restrict processing: request that we limit how we process your data in certain circumstances
- Right to data portability: receive your data in a structured, commonly used format where technically feasible
To exercise any of these rights, contact us at support@digi-talk.com. We will respond within a reasonable timeframe and no later than as required by applicable law. We may need to verify your identity before processing your request.
11. Children's Data
The Service is not directed at persons under the age of 18. We do not knowingly collect personal data from individuals under 18. If we become aware that personal data of a minor has been collected without verifiable parental consent, we will delete it promptly.
12. International Data Transfers
digi-talk may use cloud hosting or service providers whose infrastructure is located outside Bangladesh. Where personal data is transferred outside Bangladesh, we take steps to ensure that appropriate safeguards are in place, consistent with the requirements of the Personal Data Protection Ordinance 2025.
13. Meta Platform Compliance
Because digi-talk uses the Instagram Graph API, this Privacy Policy serves as the publicly accessible privacy policy required by Meta's Platform Terms.
In accordance with Meta's requirements:
- We process Instagram platform data only as described in this Privacy Policy
- We do not attempt to re-identify anonymized data, reverse-engineer API data, or expand API data usage beyond what is disclosed here
- We retain all versions of this Privacy Policy and will provide them to Meta upon request
- Our use of Instagram data is consistent with Meta's Platform Terms at all times
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or Meta's platform requirements. When we make material changes, we will update the "Last Updated" date and notify you by email or through the Service. Your continued use of the Service after the effective date of any update constitutes acceptance of the revised Policy.
15. Contact and Complaints
For questions, concerns, or requests regarding this Privacy Policy or your personal data:
Email: support@digi-talk.com
Instagram: @bizzookie
If you believe your data protection rights have been violated and we have not resolved your concern, you may contact the relevant regulatory authority in Bangladesh once the national data authority established under the Personal Data Protection Ordinance 2025 becomes operational.