Tregr

Privacy Policy

Last updated: July 8, 2026

This Privacy Policy explains how Tregr (“Tregr,” “we,” “us”) collects, uses, stores, shares, and deletes information when you use our Instagram comment-to-DM automation service (the “Service”). Tregr is an independent tool and is not affiliated with, endorsed by, or operated by Meta Platforms, Inc. or Instagram.

1. Who this policy covers

It covers two groups: (a) account owners who sign in to Tregr and connect their own Instagram professional (Business or Creator) account, and (b) the people who comment on or message those connected accounts, whose interactions Tregr processes on the account owner’s behalf.

2. Information we collect

  • Account & sign-in data. Your email address, used to create your Tregr account and send magic-link sign-in emails.
  • Instagram connection data. When you connect an account we store your Instagram professional-account ID, username, the long-lived access token issued by Meta, and its expiry. The token is used only to call Meta’s APIs on your behalf (read comments, send DMs, check a follow relationship, manage webhook subscriptions).
  • Automation content. The flows you build — keywords, message text, buttons, and configuration.
  • Conversation data (from commenters). To run your automations we process: the text and ID of comments left on your posts, the commenter’s Instagram-scoped user ID, the media ID of the post, the text of DM replies the commenter sends, and button taps. Where a flow asks a question, we store the answer the commenter provides (for example a name or email) as a captured field on a lead record.
  • Follow-relationship check. For a “must follow to unlock” step, and only after the commenter has messaged your account, we read from Meta whether that commenter follows you. We store the resulting step decision (met / not met), not a standalone follow record.
  • Technical logs. Standard operational logs (timestamps, event outcomes, errors) used to run and debug the Service.

3. How we use information

We use the information above solely to provide the Service, specifically to:

  • authenticate you and maintain your Tregr account;
  • detect keyword comments on your posts and trigger your automations;
  • send the private reply, DMs, and optional public comment reply you configured;
  • advance a conversation based on replies and button taps, and evaluate a follow-gate step;
  • record captured answers as leads for you to review and export;
  • maintain security, prevent abuse, and debug problems.

We do not sell your data, use it for advertising, or send messages that a user’s own comment or reply did not initiate.

4. How we store and protect it

Data is stored in a managed PostgreSQL database hosted on Railway. All traffic to and from Tregr travels over HTTPS/TLS, and the application reaches the database over Railway’s private network. Access tokens are stored so we can call Meta’s APIs for you and are never exposed to other users. Access to production systems is limited to Tregr’s operators.

5. Third parties we share with

We share data only with the providers needed to run the Service:

  • Meta Platforms (Instagram Graph API). We send and receive the messages, comments, and profile data described above through Meta’s APIs, subject to Meta’s Platform Terms and policies.
  • Railway. Our hosting and database provider, which stores the data on our behalf.
  • Email delivery provider. Used to send sign-in magic-link emails.

We may also disclose information if required by law.

6. Data retention

We keep connection and automation data for as long as your account is active and the Instagram account remains connected. If you disconnect an Instagram account, its access token is removed and it stops receiving events. Conversation and lead records are retained until you delete them or request account deletion, after which they are removed as described below.

7. Accessing and deleting your data

You can remove your data at any time:

  • Disconnect an account from your Tregr dashboard to revoke and delete that Instagram account’s stored token and stop processing.
  • Request full deletion. Email relayautopilot@gmail.com from your account email with the subject “Delete my data.” We will delete your Tregr account and associated stored data (connections, flows, conversations, and leads) within 30 days and confirm when done.

You can also revoke Tregr’s access to your Instagram account at any time from Instagram’s settings (Apps and Websites); doing so stops all further data processing for that account.

8. Children

Tregr is intended for businesses and creators and is not directed to children under 13 (or the minimum age in your jurisdiction).

9. Changes to this policy

We may update this policy as the Service evolves. We will revise the “last updated” date above and, for material changes, take reasonable steps to notify account owners.

10. Contact

Questions or requests: relayautopilot@gmail.com.