Privacy Policy

Effective date: February 24, 2026 — Last updated: February 24, 2026

1. Introduction

EazyChat (“we”, “us”, or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service at eazychat.app. Please read this policy carefully. If you disagree with its terms, please discontinue use of the Service.

If you have questions, please contact us at hi@eazychat.app.

2. Information We Collect

2.1 Information You Provide Directly

  • Account data: name, email address, and password (stored as a bcrypt hash) when you register.
  • Payment data: billing information processed by Stripe. We do not store full card numbers on our servers.
  • Support messages: name, email, and message content you submit via our support form.

2.2 Information from Meta / Instagram

When you connect your Instagram or Facebook account via Meta OAuth, we receive and store:

  • Your Meta user ID and page/account ID.
  • An access token (encrypted with AES-256) that allows us to send messages and read webhook events on your behalf.
  • Your account name and profile picture URL for display in the dashboard.

We do not store the content of messages sent by your followers, only the metadata required for automation logic (e.g., trigger keywords matched and timestamps).

2.3 Usage and Log Data

We collect logs of messages sent through the Service, including recipient ID (hashed), timestamp, automation triggered, and delivery status. We also collect standard server logs (IP address, user agent, request path, timestamps) for security and debugging purposes.

2.4 Cookies

We use strictly necessary cookies to maintain your authenticated session. We do not use tracking or advertising cookies.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service.
  • Process transactions and send related information, including billing confirmations.
  • Execute automations you configure (sending DMs and replies on your behalf).
  • Respond to support requests and communicate with you about your account.
  • Monitor usage to enforce plan limits and detect abuse.
  • Comply with legal obligations.

4. How We Share Your Information

We do not sell your personal data. We share it only in these limited circumstances:

4.1 Service Providers

  • Supabase — database hosting (EU/US data centres).
  • Stripe — payment processing.
  • Meta — message delivery via the official Instagram and Facebook APIs.
  • OpenAI — AI message variation generation. Only your message template text is sent; no follower personal data is transmitted.

4.2 Legal Requirements

We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with a legal obligation, protect the rights or safety of EazyChat, our users, or others.

4.3 Business Transfers

If EazyChat is involved in a merger, acquisition, or asset sale, your data may be transferred as a business asset. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

5. Data Security

We implement industry-standard security measures including:

  • AES-256 encryption for stored Instagram/Facebook access tokens.
  • bcrypt hashing (cost factor 12) for passwords.
  • HTTPS/TLS for all data in transit.
  • Row-level security policies on our database.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your information with best-practice measures.

6. Data Retention

We retain your account data for as long as your account is active. Message logs are retained for 90 days. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal or billing purposes.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Deletion: request deletion of your personal data.
  • Portability: request your data in a machine-readable format.
  • Objection: object to processing of your personal data in certain circumstances.
  • Restriction: request restriction of processing in certain circumstances.

To exercise any of these rights, contact us at hi@eazychat.app. We will respond within 30 days.

8. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such information, please contact us and we will delete it promptly.

9. Third-Party Links

The Service may contain links to third-party websites (including Meta's platforms). We have no control over, and assume no responsibility for, the content or privacy practices of those sites. We encourage you to review the privacy policy of any site you visit.

10. GDPR (EEA Users)

If you are located in the European Economic Area, our legal basis for processing your personal data is:

  • Contract performance: to deliver the Service you subscribed to.
  • Legitimate interests: to ensure security, prevent fraud, and improve the Service.
  • Legal obligation: to comply with applicable law.
  • Consent: where we have requested and received your explicit consent.

You have the right to lodge a complaint with your local data protection authority.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website at least 14 days before the change takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

12. Contact

For any privacy-related questions or requests, contact us at:
hi@eazychat.app