Nurion AI

Privacy Policy for Nurion AI Customer Support Agent

Effective Date: July 2025

Introduction

Nurion is committed to protecting the privacy and personal data of users interacting with our AI Customer Support Agent ("the Agent") for Instagram. This Privacy Policy describes how we collect, use, store, and protect your data when you use our services in compliance with the General Data Protection Regulation (GDPR), and other applicable laws.

1. Data We Collect

Nurion collects and processes Instagram data solely to deliver AI-powered customer support and content management features in full alignment with Meta Platform Terms, Developer Policies, and GDPR requirements. Specifically, we request the following permissions:

  • instagram_business_basic: to access essential profile information such as username, profile picture, and account type.
  • instagram_business_manage_insights: to retrieve post-level performance metrics such as likes and comments.
  • instagram_business_manage_comments: to read, display, and manually reply to comments on user posts, as well as moderate inappropriate ones.
  • instagram_business_manage_messages: to enable AI-assisted and manual handling of direct messages, improving response times and user experience.

Data Usage

All collected data is used exclusively to:

  • Power AI-assisted and manual customer support through Instagram DMs.
  • Help users efficiently manage conversations and post comments.
  • Display key performance data and profile information inside our platform.
  • Ensure all usage remains within the scope of approved Meta features and GDPR compliance.

Data Limitations

We do not use any Instagram data for advertising, profiling, resale, or third-party marketing purposes. Data access is strictly limited to the functionality described above and handled with secure, privacy-first infrastructure. All data is collected solely from Instagram accounts explicitly connected to our platform.

2. Purpose of Data Collection

At Nurion, we collect and process Instagram data strictly in accordance with Meta's Platform Terms, Developer Policies, and Data Use Limitations. The data is used solely to:

  • Enable AI-assisted customer support via Instagram Direct Messages.
  • Help users manage comments and DMs directly from our platform.
  • Display basic Instagram profile metadata and performance insights (likes, comments).
  • Operate our service in compliance with all applicable Meta policies and data handling requirements.

Data Processing Principles

We do not use any Instagram data for advertising, profiling, resale, or sharing with third parties. All data is processed only as necessary to deliver the requested functionality and within the bounds of Meta's Platform rules and GDPR principles.

3. Data Sharing and Storage

Users must explicitly authorize Instagram account connection before any data is accessed. No data is collected without this prior consent.

  • We do not sell or license your data to any third parties.
  • Data is not shared unless explicitly authorized by the user or required by law.
  • Data is stored securely using industry-standard encryption.
  • Access tokens and message content are retained only as long as required for support and are deleted following the rules in the Data Retention & Deletion Policy.

4. User Rights

Under GDPR, you have the right to:

  • Request access to your data.
  • Request deletion or correction of your data.
  • Withdraw consent at any time.
  • File a complaint with a supervisory authority.

5. Data Retention & Deletion Policy

At Nurion, we fully adhere to Meta's Platform Terms, Developer Policies, and Data Deletion Requirements, as well as the principles of the General Data Protection Regulation (GDPR). We ensure that Platform Data is deleted promptly and securely in the following cases:

  • When a user disconnects their Instagram account from our platform.
  • When a customer support interaction has concluded and the data is no longer required.
  • When the applicable retention period defined by GDPR or local data protection laws has expired.
  • Upon explicit request by the user, in compliance with GDPR Article 17 (Right to Erasure).
  • Upon Meta's request or when we cease offering the product or service through which the data was obtained.

Data Deletion Verification

All deletions are performed in accordance with Meta's guidelines and are verified through our data audit protocols.

6. Security

We maintain administrative, physical, and technical safeguards in line with Meta Platform Requirements and GDPR Art. 32. Nurion stores all collected Instagram-related data, including message content, comment threads, and user profile data on Google Firebase, a secure cloud storage provider that complies with GDPR and industry-leading standards such as ISO/IEC 27001. All data is encrypted in transit (HTTPS) and at rest. Access to this data is strictly limited to authorized personnel, and access logs are maintained.

7. Compliance with Meta Platform Policies

Nurion, registered in Belgium, is the data controller for the purposes of GDPR and Meta's Platform Policy. We strictly adhere to all applicable Meta Platform Terms, Developer Policies, and associated legal frameworks, including:

  • The Meta Platform Terms and Developer Policies, as well as additional applicable agreements such as the Meta Business Tools Terms, the Instagram Graph API Terms, and Meta's Commercial Terms.
  • Meta's Data Deletion Requirements, which obligate us to promptly delete any Platform Data upon user request or when the data is no longer necessary for the purposes for which it was collected.
  • The prohibition against unauthorized processing, including any use of Platform Data for surveillance, discrimination, profiling, or resale.
  • The requirement to provide and maintain a publicly accessible Privacy Policy, which transparently outlines the data we collect, how it is used, stored, and deleted, as well as how users can exercise their rights.
  • Ensuring that all Service Providers or Subprocessors we use (such as Firebase) comply with Meta's policies and only process data on our behalf, under strict contractual obligations.
  • Responding to any request from Meta to suspend or remove access if we or our subprocessors are found in violation of any Meta policy.
  • Restricting the use of Platform Data to customer support purposes only, in accordance with the use-case submitted and approved under Meta's app review process.

Compliance Assurance

This compliance ensures that our AI Customer Support Agent (developed by Nurion) interacts responsibly with Instagram users and maintains the integrity, security, and lawful use of all data accessed through Meta's APIs.

8. Changes to This Policy

We may update this policy to reflect changes in legal requirements or Meta's platform rules. Changes will be posted on this page.