Privacy Policy

Last updated: 11 June 2026

NoteDM is a tool for creators. You connect your Instagram and YouTube accounts, and we help you automatically reply to comments, send link DMs, schedule and cross-post videos, and track those links. This policy explains, in plain language, what data we collect, why, and the control you have over it. “We”, “us” and “NoteDM” refer to NoteDM.

By using NoteDM, you agree to this policy. If you don’t agree, please don’t use the service.

1. What we collect

Information you give us

• Your account — your email address and a password (stored only as a secure hash, never as plain text).
• What you create — videos you upload, captions, schedule times, and the automation rules you set up (keywords, reply text, DM text, links, and any follow-up or email-capture steps).
• Messages to us — anything you send when you contact support.

Information from accounts you connect

When you connect Instagram or YouTube through their official sign-in screens, you allow us to access only what the features you use need:

• Access tokens — the keys Google/Meta give us to act on your behalf. They’re stored encrypted and never shared.
• Basic profile — your account/channel ID, username, display name, and profile picture, so we can show which account is connected.
• Content & engagement — your posts, and the comments and DMs on the posts you choose to automate (including the commenter’s public username and whether they follow you).
• Replies from your audience — if your automation asks for something (like an email), what people send back, so the automation can do what you set it to do.

Information collected automatically

Like most websites, we automatically receive your IP address, device and browser type, and basic usage logs. We use a few essential cookies to keep you signed in and run the site. We don’t use cookies to store sensitive personal information, and we don’t use them for advertising.

2. How we use your information

• To run the service — sign you in, connect your accounts, schedule and publish posts, and run the comment/DM automations you set up.
• To keep it working and safe — fix bugs, prevent abuse, and understand reliability.
• To talk to you — send important account and security messages and answer your support requests.
• To meet our legal obligations.

3. How we share information

• We don’t sell your data and never use data from Google or Meta for ads or profiling.
• Service providers — we use trusted vendors to run NoteDM (for example our database/hosting providers, such as Supabase and our cloud host). They handle data only to provide the service and must keep it confidential.
• The platforms — to publish, reply, or message for you, we send the needed content to Google (YouTube Data API) and Meta (Instagram Graph API) as you direct.
• Legal reasons — if the law requires it, or to protect people’s safety and rights.

4. The permissions we ask for

Google and Meta ask for your explicit consent before we can access anything. We request only what the features you use require.

YouTube (Google)

• youtube.upload — to upload and publish the videos you schedule.
• youtube.readonly — to read your channel name, picture, and basic stats so we can show what’s connected and confirm uploads.

Instagram

NoteDM uses the “Instagram API with Instagram Login” flow — you log in directly with your Instagram professional account (no Facebook Page needed).

• instagram_business_basic — basic account information.
• instagram_business_content_publish — to publish the Reels/content you schedule.
• instagram_business_manage_comments — to read and reply to comments.
• instagram_business_manage_messages — to send the DMs your automations are set up to send.

5. Automations are optional — and you’re in control

The comment-and-DM automation is something you turn on yourself. You can pause any automation, or disconnect an account at any time from Settings. Disconnecting immediately revokes the access tokens we hold and stops every automation that relied on that account. You can also revoke access directly from your Google Account or Instagram security settings.

6. Google user data (Limited Use)

NoteDM’s use of information from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements. We only use Google data to provide the features you ask for, we never sell or transfer it for ads, and no human reads it except with your consent, for security, to follow the law, or when it’s fully anonymized.

7. How we keep your data safe

• Encryption in transit (HTTPS/TLS) and at rest.
• Access limited to authorized people only.
• Secure storage of access tokens and credentials.
• Ongoing monitoring for vulnerabilities.

No system is 100% secure, so we can’t promise perfect security — but we work hard to protect your data.

8. Keeping and deleting your data

We keep your information only as long as we need it to provide NoteDM (or as the law requires). When you disconnect an account, we delete or revoke its tokens. When you delete your account, we remove your account data, tokens, uploaded media, scheduled posts, and automation rules — except anything we must legally keep.

You can ask us to delete your data anytime by emailing support@notedm.com. This is in line with data-protection laws like the GDPR and CCPA where they apply to you.

9. Your rights

Depending on where you live, you can ask to access, correct, or delete your data, object to certain uses, or withdraw consent at any time. To do any of these, email support@notedm.com.

10. Other services and links

NoteDM connects to Google/YouTube and Meta/Instagram and may link to other sites. We don’t control their privacy practices, so please review their policies too. Your connected accounts stay governed by those platforms’ own terms.

11. Children

NoteDM isn’t for children under 13 (or the minimum age where you live), and we don’t knowingly collect their data. If you think a child gave us information, contact us and we’ll delete it.

12. International transfers

Your information may be processed in countries other than your own. Where required, we take steps to make sure it stays adequately protected.

13. Changes to this policy

We may update this policy from time to time. If we make significant changes, we’ll let you know on the site or by email. Please check back now and then.

14. Contact us

Questions about your data or this policy? Reach us at: