Privacy Policy — smm.aldushin.ru
Last updated: April 19, 2026
1. Who We Are
smm.aldushin.ru (“the Service”, “we”) is operated by Individual Entrepreneur Vladimir Viktorovich Aldushin (ИП Алдушин Владимир Викторович), INN 773127700980, OGRNIP 319325600027407, registered in the Russian Federation. Contact: privacy@aldushin.com.
2. What Data We Collect Through Instagram API
We process data through the official Instagram Graph API in compliance with Meta Platform Terms and Developer Policies. Specifically, we collect:
- Instagram account metadata: username, Instagram User ID, profile picture URL, account type (Business or Creator).
- Media metadata: post IDs, captions, timestamps, permalinks, media types.
- Comment data on posts of connected accounts: comment text, comment ID, commenter username, commenter Instagram User ID, timestamp.
- Direct message data: message text, sender username, sender Instagram User ID, recipient ID, timestamp, message thread ID, story mention references.
- Access tokens provided by Instagram for continued API access, stored encrypted (AES-256-GCM).
We do NOT collect: passwords, email addresses, phone numbers, location data, or any data not explicitly provided by Instagram API.
3. Why We Collect This Data
- To display the connected Instagram account in the user's dashboard.
- To route incoming comments and direct messages to the correct conversation thread in our unified inbox interface.
- To allow the business owner (our user) to view and respond to customer inquiries received through their Instagram Business account.
- To enable keyword-based reply templates configured by the business owner — responses are pre-configured by the owner and delivered only in response to customer-initiated engagement (comments on the owner's posts or messages sent to the owner's account).
4. How We Store and Protect This Data
Data is stored on our servers located in the Russian Federation. We employ:
- AES-256-GCM encryption at rest for Instagram access tokens.
- TLS 1.2+ encryption in transit (HTTPS only).
- Role-based access control within our team.
- Annual security review of our infrastructure.
5. How Long We Keep This Data
- Messages and comments: up to 12 months after the last activity.
- Account metadata: while the account is connected to our service.
- Access tokens: while they remain valid; invalidated tokens are deleted within 30 days.
- All data associated with a user is deleted within 30 days of account deletion, except where retention is required by applicable law.
6. Who We Share This Data With
We do NOT sell, rent, or share user data obtained through the Instagram API with third parties for advertising purposes.
Limited sharing occurs only with:
- Our hosting and infrastructure providers for storage and compute.
- Error tracking services for troubleshooting.
- Law enforcement when legally required.
7. Your Rights
You have the right to:
- Access the data we hold about you.
- Request correction or deletion of your data.
- Export your data in a portable format.
- Withdraw consent and disconnect your Instagram account at any time.
To exercise these rights, use the “Settings → Delete all my data” action in your dashboard, or email privacy@aldushin.com.
8. Data Deletion
When you disconnect your Instagram account or delete your smm.aldushin.ru account, we initiate deletion of all associated Instagram data from our systems within 30 days.
For deletion requests, visit https://smmbot.aldushin.ru/data-deletion/status or email privacy@aldushin.com. Response within 30 days.
9. Changes to This Policy
We will notify users of material changes via email at least 30 days before they take effect. The current version is always available at this URL.
10. Contact
Data Protection contact: privacy@aldushin.com
General support: support@aldushin.com
Legal entity: ИП Алдушин Владимир Викторович
ИНН: 773127700980
ОГРНИП: 319325600027407