This Privacy Policy describes how Comments Studio ("we", "us", "our") collects, uses, stores, and shares information when you use our Instagram comment moderation service available at commentsstudio.com (the "Service"). We are committed to protecting your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws.
1. Who we are
Comments Studio is operated from India. For the purposes of the DPDP Act, 2023, we act as a Data Fiduciary in relation to personal data of our users (creators) and as a processor of comment data submitted by Instagram users who interact with your content.
You can reach us at:
- General: hello@commentsstudio.com
- Support: support@commentsstudio.com
- Legal & Grievance: legal@commentsstudio.com
2. Information we collect
2.1 Account information
When you sign up via Meta OAuth, we receive your name, email address, profile picture, and the list of Instagram Business or Creator accounts and Facebook Pages you manage. We also receive an access token that allows us to read and moderate comments on your behalf.
2.2 Instagram comment data
When new comments are posted on your content, Meta sends us the comment text, the commenter's username and public profile data, the parent post or media ID, and timestamp metadata via webhooks. We process this data to classify, hide, like, or reply to comments according to your settings.
2.3 Configuration data
We store the moderation settings you configure: auto-like sensitivity, auto-reply rate, reply tone, custom blocked keywords, and per-post overrides.
2.4 Payment information
If you subscribe to our paid plan, payment is processed by Razorpay Software Private Limited. We do not store your full card number, UPI PIN, or netbanking credentials on our servers. We receive limited transaction metadata (amount, status, payment method type, last 4 digits of card if applicable) from Razorpay for record-keeping.
2.5 Usage and technical data
We collect standard server logs including IP address, browser type, device information, pages accessed, and timestamps. These are used for security, fraud prevention, and product improvement.
3. How we use your information
- Comment moderation: classifying incoming Instagram comments as genuine, vulgar, predatory, spam, or matching your custom blocked keywords, and hiding them on your behalf.
- AI-generated replies: using large language models to draft reply text in the tone you select, which is then sent as a reply from your Instagram account.
- Auto-likes: liking genuine comments at the sensitivity threshold you configure.
- Audience insights: clustering comments by topic to produce aggregate analytics (e.g. percentage of comments asking for specific content).
- Account management: creating and maintaining your Comments Studio account, processing payments, sending service-related emails.
- Security & compliance: detecting fraud, abuse, and policy violations; complying with legal obligations.
- Service improvement: analyzing aggregate usage patterns to improve features. We do not use the content of your individual comments to train external machine-learning models.
4. Important notes on how we moderate
We hide comments — we never delete them. Hidden comments remain visible to the original commenter and to you, but are removed from public view. You can review and restore any hidden comment from your Comments Studio dashboard. We do not block, mute, or report Instagram users on your behalf without your explicit action.
AI classification is not perfect. False positives and false negatives can occur. You retain ultimate authority over what appears on your Instagram account.
5. Third parties we share data with
We share limited data with carefully chosen service providers ("Data Processors") strictly for the purposes of operating the Service:
| Provider | Purpose | Data shared |
|---|---|---|
| Meta Platforms, Inc. | Instagram Graph API access; comment hide/reply actions | Access tokens, comment IDs, actions taken |
| OpenAI, L.L.C. | Comment classification and AI reply generation | Comment text, your selected reply tone (no PII attached) |
| Razorpay Software Pvt. Ltd. | Subscription billing and payment processing | Name, email, billing details |
| MongoDB, Inc. (Atlas) | Database hosting | All stored account and comment data (encrypted at rest) |
| Vercel, Inc. | Web application hosting | Request logs, IP addresses |
| Railway / Modal | Background workers and machine-learning service hosting | Comment text during processing |
We do not sell your personal data. We do not share data with advertisers. We do not use comment content for any purpose other than delivering the Service.
6. Cross-border data transfer
Some of the Data Processors listed above (notably OpenAI, MongoDB Atlas, and Vercel) operate servers outside India. Where data is transferred outside India, we ensure it is to jurisdictions that have not been notified as restricted by the Government of India under Section 16 of the DPDP Act, 2023, and that the processor is bound by contractual data protection obligations.
7. Data retention
- Account data: retained for the life of your account, deleted within 30 days of account deletion.
- Comment data: retained for 90 days from the date of processing for review and audit purposes, then automatically deleted from our database.
- Aggregate insights: anonymized topic-cluster data may be retained indefinitely as it contains no personal identifiers.
- Payment records: retained for a minimum of 8 years as required under Indian tax and accounting law.
- Server logs: retained for 30 days, then deleted.
8. Your rights under the DPDP Act, 2023
As a Data Principal, you have the following rights:
- Right to access: request a copy of the personal data we hold about you.
- Right to correction: request correction of inaccurate or incomplete personal data.
- Right to erasure: request deletion of your personal data, subject to legal retention requirements.
- Right to withdraw consent: withdraw consent at any time. This may limit your ability to use the Service.
- Right to grievance redressal: raise concerns about how we handle your data.
- Right to nominate: nominate another individual to exercise these rights in the event of your death or incapacity.
To exercise any of these rights, email legal@commentsstudio.com. We will respond within 30 days.
9. Security
We protect your data using industry-standard security measures including AES-256-GCM encryption of access tokens at rest, TLS encryption in transit, role-based access controls, regular security audits, and monitoring for unauthorized access. No system is perfectly secure; we cannot guarantee absolute security but we work hard to maintain a high standard.
In the event of a personal data breach that is likely to cause significant harm to you, we will notify you and the Data Protection Board of India in accordance with the DPDP Act, 2023.
10. Children's privacy
Comments Studio is intended for use by creators aged 18 and above. We do not knowingly collect personal data of individuals under 18 as registered users. If you believe we have collected such data, please contact us and we will delete it.
We are mindful that comments processed by the Service may include those from minors who interact with your content. We do not profile, track, or target minors; comments are processed only for the purpose of moderation actions you have configured.
11. Cookies and similar technologies
We use only essential cookies required for authentication and session management. We do not use advertising cookies or third-party tracking cookies.
12. Grievance officer
In accordance with the DPDP Act, 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, our Grievance Officer can be contacted at:
Grievance Officer
Comments Studio
Email: legal@commentsstudio.com
We respond to grievances within 15 days of receipt.
13. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email and a notice on the dashboard at least 7 days before they take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.
14. Contact us
For any questions about this Privacy Policy, email legal@commentsstudio.com.