Privacy Policy
Effective date: 28 October 2025
Controller: CVP CHAT LTD, 1 Ridgeside Avenue, Brighton, England, BN1 8WD (“CVP Chat”, “we”, “us”).
We respect your privacy. This Privacy Policy explains how we collect, use, share, and protect personal data when you use our websites, apps, and services that integrate with Instagram and other Meta platforms (collectively, the “Services”). We process personal data in accordance with the UK GDPR and the Data Protection Act 2018.
1) Scope & Who this policy applies to
- Visitors to our websites and landing pages.
- Registered users and their authorised team members.
- Instagram account owners who connect their accounts to CVP Chat.
- Individuals who interact with our users’ Instagram accounts (e.g., send DMs, comments, mentions) where data flows through our systems on our users’ behalf.
2) What we collect
Account & Contact Data
- Name, email, password (hashed), profile details, organisation info, role, invitation status.
- Billing/contact info for paid features (handled via PCI-compliant payment processors; we do not store full card numbers).
Service & Technical Data
- Log data, IP address, device and browser info, timestamps, referral URLs, event logs, crash reports.
- Cookies and similar technologies (see “Cookies & Analytics”).
Instagram / Meta-Related Data
- Instagram user/page IDs, IG-scoped IDs, usernames, post and media IDs, comment/DM/message metadata and content (where processed to deliver automations configured by our users).
- Access tokens, permissions, webhook events (messages, comments, postbacks, follow status, etc.).
- Automation configuration (e.g., keywords, buttons, ice breakers, persistent menu, competitions, templates).
Support & Communications
- Tickets, emails, in-app messages, call recordings (if applicable), and feedback you provide.
3) Sources
- Directly from you (forms, dashboard, API).
- Automatically (cookies, logs, telemetry).
- From Meta/Instagram APIs and webhooks when you connect your account and grant permissions.
4) Purposes & Lawful Bases
| Purpose | Examples | Lawful Basis |
|---|---|---|
| Provide & operate Services | Login, automations, webhooks, message routing | Contract (Art. 6(1)(b)) |
| Improve & secure | Debugging, analytics, anti-abuse, rate limiting | Legitimate interests (Art. 6(1)(f)) |
| Billing & compliance | Invoices, fraud prevention, tax | Legal obligation (Art. 6(1)(c)); Contract |
| Communications | Service emails, product updates | Legitimate interests; Consent for marketing |
| Legal & safety | Enforce Terms, detect illegal use | Legitimate interests; Legal obligation; Vital interests where applicable |
5) Sharing & Recipients
- Processors: trusted vendors for hosting, storage, analytics, emails, payments, and customer support under data-processing agreements.
- Meta/Instagram: when you connect your account, we process and transmit data via Meta’s APIs strictly per their policies and your configuration.
- Corporate: business transfers (merger, acquisition) with appropriate safeguards.
- Legal & Safety: courts, regulators, and law enforcement where required or permitted by law. See “Illegal Content & Law Enforcement”.
6) International Transfers
Your data may be processed outside the UK. Where we transfer personal data internationally, we rely on an adequacy decision or appropriate safeguards (e.g., UK IDTA/standard contractual clauses) and implement technical and organisational measures.
7) Retention
- Account data: for the life of the account + up to 6 years for compliance and record-keeping.
- Operational logs: typically 90–365 days, unless required longer for security, fraud, or legal reasons.
- Instagram tokens: stored only as needed and rotated/removed upon disconnect or expiry.
- Backups: time-limited rolling backups (duration varies by system).
8) Security
- Encryption in transit (TLS) and at rest where applicable.
- Least-privilege access, audit logging, secret management, and separation of environments.
- Hashing of passwords using industry-standard algorithms.
- Ongoing monitoring, rate limiting, and abuse detection.
9) Your Rights (UK)
Subject to limits, you can request access, rectification, erasure, restriction, objection, and data portability; and withdraw consent at any time (for consent-based processing). You also have the right to complain to the UK ICO.
10) Children
Our Services are not intended for children under 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided data, contact us to remove it.
11) Cookies & Analytics
Cookie categories
| Type | Purpose | Examples | Control |
|---|---|---|---|
| Strictly Necessary | Auth, security, session | Session ID, CSRF | Required |
| Analytics | Usage, performance | Page views, funnels | Consent/opt-out where applicable |
| Functional | Preferences | Language, layout | Browser controls |
12) Third-Party Links
Our Services may link to third-party sites. Their privacy practices are governed by their own policies.
13) Changes
We may update this Policy from time to time. Material changes will be highlighted in-app or by email where appropriate.
14) Contact
For privacy requests, please contact: privacy@cvpchat.org
CVP CHAT LTD, 1 Ridgeside Avenue, Brighton, England, BN1 8WD
Terms & Conditions
Effective date: 28 October 2025
1) Acceptance
By accessing or using the Services, you agree to these Terms. If you use the Services on behalf of an organisation, you represent that you have authority to bind that organisation. If you do not agree, do not use the Services.
2) Eligibility
You must be at least 13 years old (or the age of digital consent in your jurisdiction, if higher). You must comply with all applicable laws, Meta/Instagram policies, and these Terms.
3) Account
- Provide accurate information and keep credentials secure.
- You are responsible for all activity under your account.
- We may refuse, suspend, or terminate accounts for any breach, risk, or unlawful use.
4) Licence & Acceptable Use
We grant you a limited, non-exclusive, non-transferable licence to use the Services as intended. You agree not to:
- Reverse engineer, scrape at scale, or misuse APIs.
- Circumvent technical limits, rate limits, or security measures.
- Upload or transmit malware, spam, or deceptive content.
- Use for pornography, sexual exploitation, illegal drugs, criminal activity, hate or harassment, or violation of others’ rights.
- Violate Meta/Instagram platform terms or applicable laws.
5) User Content & Instagram Data
- You retain ownership of your content. You grant us a worldwide, limited licence to process content and data solely to provide and improve the Services and to comply with law.
- You are responsible for obtaining rights/permissions and for your content’s legality and accuracy.
- You must not store or export Instagram data in a way that violates Meta policies. You agree we may remove, disable, or refuse content at our discretion.
6) Third-Party Services
Integrations (e.g., Meta/Instagram, email, payments) are subject to third-party terms. We are not responsible for third-party services, outages, or changes.
7) Service Availability & Maintenance
We strive for reliable service but do not guarantee uninterrupted or error-free access. We may modify, suspend, or discontinue features at any time. We are not responsible for server interruptions, maintenance windows, network failures, data centre issues, DDoS, force majeure, or other outages.
8) Security & Incidents
We implement safeguards as described in our Privacy Policy. However, no system is perfectly secure. We are not liable for unauthorised access, hacks, or data breaches beyond obligations required by law. You must promptly notify us of any suspected compromise.
9) Plans, Fees & Taxes
- Some features may require paid subscriptions. Fees are billed as agreed and are non-refundable except where required by law.
- You authorise us and our payment processors to charge your payment method and you remain responsible for applicable taxes.
- We may change prices with prior notice where required.
10) Beta/Experimental Features
Beta features are provided “as is,” may change or be withdrawn at any time, and may be less reliable than generally available features.
11) Warranties & Disclaimers
To the maximum extent permitted by law, the Services are provided “as is” and “as available” without warranties of any kind, whether express, implied, or statutory, including merchantability, fitness for a particular purpose, and non-infringement.
12) Limitation of Liability
To the fullest extent permitted by law, in no event will CVP Chat, its directors, employees, or suppliers be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages; or for loss of profits, revenue, data, goodwill, or business interruption, even if advised of the possibility. Our aggregate liability arising out of or related to the Services shall not exceed the amounts paid by you to us in the 12 months preceding the event giving rise to the claim.
13) Indemnity
You agree to defend, indemnify, and hold harmless CVP Chat from claims, damages, liabilities, costs, and expenses (including reasonable legal fees) arising from your content, your use of the Services, or your breach of these Terms or of laws or third-party rights.
14) Suspension & Termination
- We may suspend or terminate access for breach, risk, non-payment, illegal use, or to comply with law.
- Upon termination, your licence ends and we may delete or disable access to your content according to our retention policy and legal obligations.
15) Changes to Terms
We may update these Terms. Material changes will be notified in-app or by email where appropriate. Continued use after the effective date constitutes acceptance.
16) Governing Law & Venue
These Terms are governed by the laws of England and Wales. The courts of England and Wales shall have exclusive jurisdiction, subject to any mandatory consumer protection rules.
17) Contact
Legal notices and questions about these Terms: legal@cvpchat.org
CVP CHAT LTD, 1 Ridgeside Avenue, Brighton, England, BN1 8WD
Meta Platforms, Inc. and Instagram are trademarks of their respective owners. CVP Chat is an independent service and is not endorsed by or affiliated with Meta.