Last updated: May 18, 2026
Privacy Policy
heyghe is an Instagram DM automation tool for creators. We're currently in private invite-only beta. This page explains every category of data we touch, why we touch it, how long we keep it, and the rights you retain. Questions or requests: hello@heyghe.com.
1. Who we are
heyghe is operated by Pranav Bhatkar, an independent creator-developer based in Amravati, Maharashtra, India. heyghe is not (yet) incorporated as a company; it is a tool being tested with a small group of Indian creators. There is no team, no investors, and no external operators. All contact is via hello@heyghe.com.
2. What we collect, and why
The table below lists every category of data heyghe stores, where it comes from, why we need it, and how long we keep it. If a category isn't here, we don't collect it.
| Data | Source | Why | Retention |
|---|---|---|---|
| Account info: email, name, role, locale | Better Auth sign-in + invite acceptance | Identify the creator behind the dashboard | Until account deletion |
| Instagram access token | Meta OAuth on Connect IG | Call Meta APIs on your behalf to send DMs, reply to comments, fetch media metadata | Encrypted in Cloudflare KV (AES-GCM-256); deleted immediately on disconnect |
| IG account metadata: handle, IG user ID, business account ID, profile picture URL, subscribed webhook fields | Meta Graph API on connect | Display your connected account in the dashboard; route webhooks to the right automation | Refreshed each connect; deleted on disconnect or account deletion |
| Comment events: comment text, comment ID, media ID, commenter IG user ID + handle, timestamp | Meta webhooks for posts/reels you subscribed to | Match your keywords and decide whether to trigger an automation; show you the matched-comments history | 90 days, then deleted |
| DM events: recipient IGSID, message payload snapshot, delivery status, response index, error code | heyghe's send pipeline | Track DM delivery, retry safely, surface failures in your dashboard | 90 days, then deleted |
| Contacts: IGSID, display name + profile picture URL (if Meta returns them), counters, first/last triggered timestamps | Meta Graph API, lazily enriched on activity | Populate the Contacts page so you know who heyghe DM'd on your behalf | 365 days from last activity, or until you delete |
| Lead submissions: the form fields a viewer fills in response to a Lead Form DM | Submitted by your audience inside Instagram DM | Hand the leads back to you (CSV export, dashboard view) | Until you delete the parent automation, or your account is deleted |
| Waitlist applications: name, email, IG handle, follower bucket, optional message, user-agent, hashed IP | heyghe.com "Apply for early access" form | Evaluate applicants for the private beta + spam-rate-limit the form | 12 months from submission, or sooner on written request |
| Audit log entries: sensitive action, IP, user-agent | Server-side, generated by heyghe | Investigate security incidents (login from new device, IG connect/disconnect, invite use) | 90 days |
| Marketing analytics: page views, named events, hashed IP, country, device class | Google Analytics 4 + PostHog on heyghe.com | Understand which pages bring real creators (no advertising retargeting) | GA4: 14 months (default). PostHog: 7 years (provider default; we'll delete on request) |
Note: IP addresses for the waitlist form are stored as a one-way SHA-256 hash, never the raw IP. Marketing analytics use anonymized IP collection (GA4 anonymize_ip: true) and no PostHog session replay.
3. What we do NOT collect
- We do not read or store your Instagram DMs other than the ones heyghe explicitly sends on your behalf.
- We do not scrape Instagram posts, followers, hashtags, or any content outside the webhook fields you authorize at OAuth time.
- We do not collect payment information; heyghe is free during the beta.
- We do not run session-replay tooling. The marketing site uses GA4 + PostHog with autocapture and session recording both disabled.
- We do not sell, rent, or share your data with third parties for marketing or advertising. Ever.
- We do not use your data to train AI or ML models.
4. Where your data lives
heyghe runs entirely on Cloudflare. Your data resides in:
- Cloudflare D1 (Asia-Pacific region): relational data such as users, invites, IG account metadata, comment events, DM events, contacts, lead submissions, audit logs, and waitlist applications.
- Cloudflare KV: encrypted Instagram access tokens, short-lived caches (webhook dedup, OAuth state nonces), and rate-limit counters.
- Cloudflare R2: image attachments you upload inside the automation editor (used as DM media).
The marketing site (heyghe.com), dashboard (app.heyghe.com), and API (api.heyghe.com) are all served from Cloudflare's edge. Cloudflare's data processing terms apply to the underlying infrastructure.
5. Who we share data with
We do not sell your data. We never share it for advertising or marketing purposes. The only third parties that ever see any of your data are infrastructure processors strictly necessary to run heyghe:
- Meta Platforms, Inc.: to call the Instagram Graph API on your behalf (sending DMs, replying to comments, fetching profile metadata). Subject to Meta's Privacy Policy.
- Cloudflare, Inc.: hosting, edge routing, D1, KV, R2, and Workers. Cloudflare Privacy Policy.
- Resend: transactional email delivery (magic-link sign-in, account notifications). Your email address is passed to Resend only at send-time. Resend Privacy Policy.
- Google LLC: only if you choose Google OAuth as a sign-in method. Google receives the sign-in request; we receive your email + Google account ID. Google Privacy Policy.
- Google Analytics 4: page-level marketing analytics on
heyghe.comonly. IP is anonymized at collection. Google Privacy Policy. - PostHog: product and marketing analytics (no autocapture, no session replay, no surveys). On the marketing site, persistence is set to in-memory so no PostHog cookies are written. On the dashboard, a first-party PostHog cookie is used to stitch sessions. PostHog Privacy Policy.
- Sentry: server-side error monitoring. Logs are scrubbed for sensitive keys before send; no IG tokens, no DM contents. Sentry Privacy Policy.
We do not transfer data to any processor outside this list. We do not engage data brokers, ad networks, or affiliate partners.
6. How we secure your data
- Instagram access tokens are encrypted at rest with AES-GCM-256 using a versioned key envelope, stored only in Cloudflare KV, and never logged or written to D1.
- Magic-link tokens are hashed before storage and expire after 15 minutes.
- Owner accounts are required to enable TOTP-based 2FA on first sign-in.
- All Meta webhooks are HMAC-SHA256 signature-verified over the raw request bytes before any processing.
- Constant-time string comparison is used for all token, invite, and signature validations.
- Session cookies use the
__Host-prefix withSecure,HttpOnly, andSameSite=Lax. - Logger middleware scrubs sensitive keys (tokens, signatures, authorization headers) at every depth before serialization to Sentry.
- heyghe is single-tenant per Cloudflare account, so there is no shared multi-tenant database surface across operators.
heyghe is not (yet) SOC 2, ISO 27001, or HIPAA certified. We do not make compliance claims we can't back up. The full security model is documented internally and reviewed on every change.
7. Your rights and how to use them
Under India's Digital Personal Data Protection Act, 2023 and (for EU/UK users) the GDPR / UK GDPR, you have the right to access, correct, export, and delete your personal data. heyghe honors these rights regardless of your jurisdiction.
- Disconnect Instagram at any time. Revoke heyghe's access in Instagram Settings → Apps and Websites. Our server-side cleanup deletes your access token immediately and stops processing webhooks for that account.
- Delete your account. Visit
app.heyghe.com→ Settings → Danger Zone, or email hello@heyghe.com. We delete your user record, IG metadata, contacts, lead submissions, and queued DM events within 7 days. Audit log entries are retained for 90 days for security purposes, then deleted. - Withdraw from the waitlist. Email hello@heyghe.com with the email you applied with; we'll delete your application within 7 days.
- Export your data. Email us and we'll send a JSON dump of every record tied to your account within 7 days.
- Correct your data. Most fields are editable in the dashboard. For anything else, email us.
- Meta-initiated data deletion. Meta calls
https://api.heyghe.com/api/ig/oauth/data-deletionwhen an Instagram user requests deletion. We honor every such request automatically and respond with a confirmation URL per Meta's spec.
If you believe heyghe has mishandled your data, you can lodge a complaint with India's Data Protection Board (once constituted under DPDP-2023) or, for EU users, your local supervisory authority. We'd appreciate you emailing us first so we can fix it.
8. Cookies and analytics
The marketing site (heyghe.com) uses two analytics tools and a minimal set of first-party cookies:
- Google Analytics 4: writes
_gaand_ga_*cookies (first-party) for visit measurement. IP anonymization is enabled. We do not enable Google Signals, ad personalization, or remarketing audiences. - PostHog (marketing): runs with
persistence: "memory", so it writes no cookies on the marketing site. Autocapture is off, session recording is off, surveys are off. - PostHog (dashboard): on
app.heyghe.com, a first-party PostHog cookie is used to stitch authenticated sessions. No session recording.
Both GA4 and PostHog respect the browser Do Not Track header. If your browser sets navigator.doNotTrack === "1", neither tool fires.
We do not use third-party advertising cookies. We do not load Facebook Pixel, LinkedIn Insight, or any other ad-network tracker.
9. Children
heyghe is not intended for users under the age of 18, in line with Meta Platform Terms for the Instagram Graph API. We do not knowingly collect data from anyone under 18. If you believe a minor has signed up, email hello@heyghe.com and we will delete the account.
10. International data transfers
heyghe is operated from India. Your data is processed on Cloudflare's global edge network and stored primarily in their Asia-Pacific D1 region. Cloudflare may route requests through other regions for performance and reliability, covered by their data processing addendum.
For EU/UK users: where processors (Cloudflare, Resend, Google, PostHog, Sentry) are based outside the EEA, they operate under either Standard Contractual Clauses or their own GDPR-compliant transfer mechanisms.
11. Changes to this policy
We will update the "Last updated" date at the top of this page whenever the policy changes. For material changes (new categories of data, new processors, changes to retention) we will email every active beta user at least 14 days before the change takes effect.
12. Contact
Questions, concerns, or data requests: hello@heyghe.com. We aim to respond within 7 days; for urgent security or deletion requests, please write "urgent" in the subject line.