Effective Date: April 20, 2026
Brand Update ("we", "our", or "us") provides a content publishing and business profile management service that helps businesses publish content and manage their online presence across Instagram (via the Meta Business Platform) and Google Business Profile (via the Google Business Profile APIs). This Privacy Policy explains how we collect, use, store, and protect information when you use our Service.
By using Brand Update, you agree to the collection and use of information as described in this policy. We comply with the Meta Platform Terms, Meta Developer Policies, the Google API Services User Data Policy (including its Limited Use requirements), and all other applicable platform policies in our handling of all platform data.
1. Information We Collect
a. Account Information
When you interact with our WhatsApp bot, we collect:
- Your phone number and WhatsApp display name
- Your preferred language
b. Instagram Data
When you connect your Instagram Professional or Business account, we access the following through the Instagram Graph API:
- Profile information: Instagram username, account ID, profile picture, biography, follower/following count, and media count
- Access tokens: OAuth tokens required to publish content and retrieve insights on your behalf
- Insights data: Post-level metrics such as impressions, reach, likes, comments, saves, shares, and engagement counts
We do not access your Instagram direct messages, follower lists, or any content you have not explicitly sent to us for publishing.
c. Media & Content
When you send photos, videos, or text to our WhatsApp bot for publishing:
- Media files are stored on secure cloud servers for the purpose of publishing to Instagram
- Text messages and voice notes are processed to understand your instructions
- Captions may be generated using AI (see Section 5)
d. Analytics
Our website uses Google Analytics to collect anonymous usage data (pages visited, device type, approximate location). This data is not linked to your WhatsApp or Instagram accounts.
2. Instagram Permissions We Request
When you connect your Instagram account, we request specific permissions through Meta's OAuth flow. Here is exactly what each permission does and why we need it:
instagram_business_basic
What it does: Allows us to read your Instagram Business or Professional account profile information.
Data accessed: Username, account ID, profile picture, biography, follower count, following count, and media count.
Why we need it: To identify your account, display your profile info in our dashboard, and verify the connection between your WhatsApp and Instagram accounts.
instagram_business_content_publish
What it does: Allows us to create organic feed photo and video posts on your behalf.
Data accessed: None — this is a write-only permission.
Why we need it: This is our core function — publishing the content you send via WhatsApp to your Instagram feed.
instagram_business_manage_insights
What it does: Allows us to retrieve performance metrics for your posts and account.
Data accessed: Post-level metrics (impressions, reach, likes, comments, saves, shares) and account-level insights (follower growth, profile views).
Why we need it: To show you how your published posts are performing in our dashboard.
Permissions We Do NOT Request
We believe in requesting only the minimum permissions necessary. We do not request:
instagram_business_manage_comments — We do not read, reply to, or manage your Instagram commentsinstagram_business_manage_messages — We do not access your Instagram Direct Messages
2B. Google Business Profile Permissions We Request
When you connect your Google Business Profile, we request access through Google's OAuth 2.0 flow. Here is exactly what we request and why:
https://www.googleapis.com/auth/business.manage
What it does: Allows us to read your Google Business Profile data and perform management actions on your behalf.
Data accessed:
- Business Profile information: business name, address, phone number, website, hours, categories, attributes, and service areas
- Business Profile media: photos and videos associated with your listing
- Reviews: review text, ratings, reviewer names (as shown publicly on Google), and review timestamps
- Posts: existing posts on your profile and their performance
- Insights: profile views, search queries, customer actions (calls, direction requests, website clicks)
Why we need it:
- To display your business profile details in the Brand Update dashboard
- To publish photos, videos, and posts to your Google Business Profile on your instruction
- To reply to customer reviews on your behalf when you approve a reply
- To show you insights and engagement metrics for your listing
Limited Use Disclosure
Brand Update's use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We use Google user data only to provide the user-facing features of Brand Update described in this policy
- We do not transfer Google user data to third parties except as necessary to provide the Service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice
- We do not use Google user data for serving advertisements, including retargeting, personalised, or interest-based advertising
- We do not allow humans to read Google user data unless we have obtained the user's affirmative consent to view specific messages, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data has been aggregated and anonymised for internal operations
Permissions We Do NOT Request Beyond business.manage
We do not access any Google account data outside your Business Profile. We do not read your Gmail, Drive, Calendar, Photos, Contacts, or any other Google service.
3. WhatsApp Business API Data
We use the official Meta WhatsApp Business API to communicate with you. Here's how we handle your WhatsApp data:
- Messages between you and Brand Update are encrypted in transit using the WhatsApp Business API
- We store message metadata (sender phone number, timestamp, message type) in our database for service delivery and support
- We temporarily process message content (text, media, voice notes) to fulfill your publishing requests
- Voice notes are transcribed to text and then discarded — we do not retain audio files
- We do not share your WhatsApp data with any third party other than Meta (as required by the WhatsApp Business API)
For more information, see WhatsApp's Privacy Policy and WhatsApp Business Privacy Protections.
4. How We Use Your Information
- To publish photos and videos to your connected Instagram account upon your request
- To generate AI-powered captions for your posts (which you can review and edit before publishing)
- To retrieve and display Instagram post insights and engagement metrics
- To authenticate your WhatsApp and Instagram accounts securely
- To send you notifications about your post status (published, failed, scheduled)
- To detect and prevent duplicate posts
- To improve the Service and fix issues
- To publish photos, videos, and posts to your connected Google Business Profile upon your request
- To reply to customer reviews on your Google Business Profile when you approve a reply through our dashboard or WhatsApp
- To retrieve and display Google Business Profile insights, review activity, and engagement metrics
- To authenticate your Google Business Profile connection securely using OAuth 2.0
- To notify you of new reviews, questions, or significant changes on your Google Business Profile
5. Payment & Billing Data
When you subscribe to a paid plan, your payment is processed securely by Razorpay, a PCI-DSS compliant payment gateway. Here's how we handle billing data:
- What we collect: Your name, phone number, and email address for billing and invoice purposes
- What we do NOT store: We do not store your credit/debit card numbers, UPI IDs, or bank account details. All payment credentials are handled exclusively by Razorpay
- What we retain: Transaction IDs, payment amounts, subscription status, and billing dates for our records and your invoices
For more information on how Razorpay handles your payment data, see the Razorpay Privacy Policy.
6. AI-Generated Content
We use AI/LLM services to generate captions for your Instagram posts. When you send a photo or video:
- Your media and any context you provide may be sent to an AI provider to generate a caption
- You always have the opportunity to review, edit, or reject AI-generated captions before they are published
- We do not use your content to train AI models
7. Third-Party Platform Policies
Brand Update integrates with several third-party platforms to deliver the Service. When you use Brand Update, your data may be processed by these platforms according to their own privacy policies. We encourage you to review them:
8. Data Sharing
We do not sell, rent, or trade your personal data. We share data only with the following, solely to provide the Service:
- Meta Platforms, Inc.: To send/receive WhatsApp messages and to publish content to Instagram via their APIs. This includes your phone number, message content, and Instagram account data as required by the respective APIs.
- AI service providers: To generate captions for your posts. Only your media and caption context are sent — no personal information such as your phone number or Instagram credentials.
- Cloud infrastructure providers: To securely store your media files and application data. These providers act as data processors under our instructions.
- Razorpay: To process subscription payments. Only billing-related information (name, phone, email) is shared — never your Instagram data or media files.
- Google LLC: To read and manage your Google Business Profile via the Google Business Profile APIs. This includes your Business Profile details, media, posts, reviews, and insights as required by the API. Google user data is never shared with third parties outside the scope of providing the Service.
All third-party providers are used solely for service delivery. Your Instagram data is never shared with third parties for advertising, analytics, or any purpose unrelated to providing the Service.
9. Data Retention
- Uploaded media: Stored until 30 days after the post is published or cancelled, then deleted from our servers
- Instagram access tokens: Stored as long as your account is connected; deleted when you disconnect or delete your account
- Post history & insights: Retained as long as your account is active
- WhatsApp message logs: Retained for up to 90 days for debugging and support, then deleted
- Google Business Profile access tokens: Stored securely (encrypted at rest) as long as your account is connected; deleted immediately when you disconnect or delete your account
- Google Business Profile content (fetched posts, reviews, insights): Cached for up to 90 days to improve dashboard performance; refreshed or deleted on user request
- Google OAuth refresh tokens: Revoked and deleted within 24 hours of account disconnection
- Media files uploaded for GBP publishing: Stored until 30 days after the post is published or cancelled, then deleted from our servers
10. Data Security
We take reasonable steps to protect your data:
- All API communications are encrypted via HTTPS/TLS
- Instagram access tokens are stored securely and never exposed to the client
- Media files are stored in access-controlled cloud storage
While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
11. Your Rights
You can exercise the following at any time:
- Access your data: Contact us to receive a copy of the data we hold about you
- Delete your data: Send the
DELETE command in WhatsApp, or email us (see Data Deletion) - Disconnect Instagram: Revoke Brand Update's access from your Instagram Settings at any time
- Opt out of analytics: Use browser-level tools to block Google Analytics
- Disconnect Google Business Profile: You can revoke Brand Update's access at any time at myaccount.google.com/permissions. Revocation immediately terminates our ability to access your GBP data, and we delete stored tokens within 24 hours.
- Request deletion of Google data: Email [email protected] or [email protected] with "DELETE GOOGLE DATA" in the subject. We will delete all cached GBP data and revoke tokens within 7 business days and confirm in writing.
12. Data Collected & Stored — Summary
The following table summarizes the data we collect, where it comes from, where we store it, how long we keep it, and why:
| Data Type | Source | Stored Where | Retention | Purpose |
| Phone number, display name | WhatsApp | Database | Until account deletion | Account identification |
| IG username, ID, profile pic, bio, follower counts | Instagram API | Database + cloud storage (profile pic) | Until account deletion | Profile display, dashboard |
| Instagram access token | Instagram OAuth | Database (encrypted at rest) | Until disconnect or deletion | Publish content, fetch insights |
| Media files (photos, videos) | User via WhatsApp | Cloud storage | 30 days after publish/cancel | Publishing to Instagram |
| Voice notes | User via WhatsApp | Processed in memory | Not stored after transcription | Transcribe to text for instructions |
| AI-generated captions | AI provider | Database | With post history | Caption generation |
| Post insights | Instagram API | Database | While account active | Performance metrics |
| Message logs | WhatsApp API | Database | 90 days | Debugging, support |
| Billing info (name, phone, email) | User / Razorpay | Database | Until account deletion | Subscription billing, invoices |
| Website analytics | Google Analytics | Google servers | Per Google policy | Anonymous usage stats |
| GBP business info (name, address, hours, categories) | Google Business Profile API | Database | Until account deletion | Dashboard display, publishing context |
| GBP photos, videos, posts | User via WhatsApp / Google Business Profile API | Cloud storage | 30 days after publish/cancel | Publishing to GBP |
| GBP reviews and replies | Google Business Profile API | Database | 90 days cache | Reply workflow, insights |
| GBP insights (views, queries, actions) | Google Business Profile API | Database | While account active | Performance metrics |
| Google OAuth access token | Google OAuth | Database (encrypted at rest) | Until disconnect or deletion | GBP management |
| Google OAuth refresh token | Google OAuth | Database (encrypted at rest) | Until disconnect or deletion | Session renewal |
13. Cookies
Our website uses cookies from Google Analytics to collect anonymous usage statistics such as pages visited, session duration, and device type. We do not use advertising or tracking cookies. You can disable cookies at any time through your browser settings.
14. Children's Privacy
Brand Update is intended for business use and is not directed at anyone under 18. We do not knowingly collect information from minors. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Effective Date" at the top of this page. Continued use of the Service after changes constitutes acceptance of the updated policy.
16. Contact Us
If you have questions about this Privacy Policy or how we handle your data:
Email: [email protected]
Alternate email: [email protected]
Data requests: [email protected] with "DATA REQUEST" in the subject line
Operated under: Design By Teena