Privacy Policy
Quick Summary
We at Radianzinfotech LLP respect your privacy and are committed to protecting your personal data. This policy explains what data we collect when you use our websites (radianzinfotech.com and cyclostories.com) and our Instagram automation platform Cyclostories, how we use it, how we keep it safe, and what rights you have over it. We never sell your personal data to third parties. We only access your Instagram data with your explicit permission and solely to provide our automation services.
Table of Contents
- Who We Are
- Data We Collect
- How We Use Your Data
- Legal Basis for Processing
- Instagram Data & Facebook Platform
- Cookies & Tracking Technologies
- Data Sharing & Third Parties
- Data Storage & Security
- Data Retention
- Your Rights
- International Data Transfers
- Children's Privacy
- Changes to This Policy
- Contact Us
1. Who We Are
This Privacy Policy is issued by Radianzinfotech LLP, a Limited Liability Partnership registered in India. We operate the following digital properties:
- Radianz Infotech (radianzinfotech.com) — our primary company website offering software development and digital marketing services.
- Cyclostories (cyclostories.com) — our SaaS platform that provides Instagram automation, including comment-to-DM automation and inbox message automation for businesses.
For the purposes of applicable data protection laws, Radianzinfotech LLP is the "data controller" responsible for your personal data.
2. Data We Collect
2.1 Personal Information
When you create an account or contact us, we may collect:
- Full name
- Email address
- Password (stored in hashed, non-reversible format)
- Business name and information
- Phone number or other contact details
2.2 Instagram Data (via Facebook Graph API)
When you connect your Instagram Business or Creator account to Cyclostories, we access and store the following data with your explicit consent:
- Instagram Business Account ID
- Instagram username and profile information
- OAuth access tokens (stored in encrypted format)
- Comments on your Instagram posts
- Direct messages sent to and from your account
- Media and post information (captions, media URLs, post IDs)
- Follower information (for audience filtering features)
Important: We only access Instagram data that you explicitly authorize through the Facebook/Instagram OAuth consent flow. We never access data beyond the permissions you grant.
2.3 Technical Data
We automatically collect certain technical data when you visit our websites:
- IP address
- Browser type and version
- Operating system and device information
- Pages visited, time spent, and navigation patterns
- Referring website or source
- Cookies and similar identifiers (see Section 6)
3. How We Use Your Data
We use the data we collect for the following purposes:
| Purpose | Data Used |
|---|---|
| Provide Instagram automation services | Instagram data, account info |
| Authenticate users via Instagram/Facebook OAuth | Access tokens, account ID |
| Monitor comments and trigger automated DM responses | Comments, DMs, automation rules |
| Store your automation rules and preferences | Account data, configuration settings |
| Send service-related notifications and updates | Email address, name |
| Improve and optimize our services | Usage data, technical data |
| Comply with legal obligations | As required by law |
| Prevent fraud, abuse, and security threats | Technical data, usage patterns |
We do not use your data for purposes other than those listed above without obtaining your prior consent.
4. Legal Basis for Processing
We process your personal data on the following legal grounds:
- Consent: When you connect your Instagram account and grant permissions through the OAuth flow, or when you opt in to receive communications.
- Contractual Necessity: To perform our obligations under our Terms of Service — such as providing the automation features you sign up for.
- Legitimate Interests: To improve our services, prevent fraud, and ensure the security of our platform, where these interests are not overridden by your rights.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes under Indian law and other applicable jurisdictions.
5. Instagram Data & Facebook Platform Compliance
Cyclostories integrates with Instagram through the official Facebook Graph API. We are committed to full compliance with Facebook Platform Terms and Instagram API Terms of Use.
5.1 How We Access Instagram Data
- We access your Instagram data only after you explicitly grant permission through the Facebook/Instagram OAuth authorization flow.
- We request only the specific permissions necessary to provide our automation services.
- We never request or store your Instagram password.
5.2 How We Use Instagram Data
- Instagram data is used solely to provide the Cyclostories automation services you have configured.
- We do not sell, rent, lease, or share your Instagram data with any third parties for their own purposes.
- We do not use your Instagram data for advertising, profiling, or any purpose unrelated to our service.
5.3 Revoking Access
You can revoke Cyclostories' access to your Instagram data at any time by:
- Disconnecting your account from within the Cyclostories dashboard.
- Removing Cyclostories from your connected apps in your Facebook Business Integrations settings.
- Contacting us at admin@radianzinfotech.com to request disconnection.
Upon revocation, we will stop accessing your Instagram data and delete stored Instagram data within 30 days.
5.4 Token Management
Access tokens provided by Facebook/Instagram are stored in encrypted format and are used solely for API authentication. Tokens are automatically refreshed as needed to maintain service continuity. When you revoke access or delete your account, all stored tokens are permanently deleted.
6. Cookies & Tracking Technologies
We use cookies and similar technologies to enhance your experience on our websites.
6.1 Types of Cookies We Use
| Cookie Type | Purpose | Required? |
|---|---|---|
| Essential | Authentication, session management, security. These are necessary for the website to function. | Yes |
| Analytics | Understanding how visitors use our site (e.g., pages visited, time on site) to improve our services. | No (consent required) |
| Functional | Remembering your preferences, language, and display settings. | No (consent required) |
6.2 Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to:
- View what cookies are stored and delete them individually
- Block third-party cookies
- Block cookies from specific websites
- Block all cookies
Please note that blocking essential cookies may prevent you from using certain features of our platform.
7. Data Sharing & Third Parties
We do not sell your personal data. We may share data only in the following limited circumstances:
7.1 Service Providers
We work with trusted third-party service providers who assist us in operating our platform:
- Facebook/Instagram (Meta Platforms): To access the Graph API for Instagram integration.
- Cloud Hosting Provider: To host our application and store data securely.
- Analytics Services: To understand usage patterns and improve our services (data is anonymized where possible).
- Payment Processors: To process subscription payments securely. We do not store your full payment card details on our servers.
7.2 Legal Requirements
We may disclose your data if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to:
- Comply with a legal obligation
- Protect the rights, property, or safety of Radianzinfotech LLP, our users, or others
- Detect, prevent, or address fraud, security, or technical issues
7.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you via email or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.
8. Data Storage & Security
We take data security seriously and implement industry-standard measures to protect your information:
8.1 Security Measures
- Encryption at Rest: Access tokens and sensitive data are encrypted using industry-standard encryption algorithms before storage.
- Encryption in Transit: All data transmitted between your browser and our servers is protected using HTTPS/TLS encryption.
- Password Security: User passwords are hashed using strong one-way hashing algorithms and are never stored in plain text.
- Access Controls: Strict role-based access controls limit who can access user data within our organization.
- Database Security: Data is stored in secure MySQL databases with restricted access, firewall protection, and regular security patches.
- Regular Audits: We conduct periodic security audits and vulnerability assessments.
- Backup Procedures: Regular encrypted backups ensure data availability and disaster recovery.
Note: While we implement robust security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your data to the best of our ability.
9. Data Retention
We retain your data only for as long as necessary to fulfil the purposes outlined in this policy:
| Data Type | Retention Period |
|---|---|
| User account data | Retained while your account is active, deleted within 30 days of account deletion |
| Instagram data (comments, DMs, tokens) | Retained while your account is active and Instagram is connected; deleted within 30 days of disconnection or account deletion |
| Automation rules and preferences | Retained while your account is active; deleted with account |
| Technical logs (IP, access logs) | Retained for 90 days, then automatically purged |
| Encrypted backups | Retained for up to 90 days after data deletion for disaster recovery |
| Billing and transaction records | Retained for 7 years as required by Indian tax and accounting laws |
10. Your Rights
Under applicable data protection laws — including the Indian Information Technology Act, 2000 (and its rules), and the General Data Protection Regulation (GDPR) for users in the European Economic Area — you have the following rights:
10.1 Right to Access
You have the right to request a copy of the personal data we hold about you.
10.2 Right to Rectification
You have the right to request correction of any inaccurate or incomplete personal data.
10.3 Right to Deletion (Right to be Forgotten)
You have the right to request deletion of your personal data. Upon receiving a valid request, we will delete your data within 30 days, subject to any legal retention obligations.
10.4 Right to Data Portability
You have the right to request your personal data in a structured, commonly used, machine-readable format.
10.5 Right to Withdraw Consent
Where processing is based on your consent, you may withdraw that consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.
10.6 Right to Object
You have the right to object to our processing of your personal data where we rely on legitimate interests as our legal basis.
10.7 Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data under certain circumstances.
10.8 How to Exercise Your Rights
To exercise any of these rights, please contact us at:
- Email: admin@radianzinfotech.com
We will respond to your request within 30 days. We may need to verify your identity before processing your request. If you are unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority.
11. International Data Transfers
Radianzinfotech LLP is based in India. If you access our services from outside India, your data may be transferred to, stored, and processed in India or other countries where our service providers operate.
When we transfer data internationally, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by relevant authorities
- Ensuring the receiving country provides an adequate level of data protection
- Implementing additional technical and organizational measures to protect your data
For users in the European Economic Area (EEA), we comply with GDPR requirements for international data transfers.
12. Children's Privacy
Our services are not intended for individuals under the age of 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children.
If we become aware that we have inadvertently collected data from a child under 13, we will take prompt steps to delete that data from our systems. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at admin@radianzinfotech.com.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make changes:
- We will update the "Last Updated" date at the top of this page.
- For significant changes, we will notify you via email or a prominent notice on our website before the changes take effect.
- Your continued use of our services after the updated policy takes effect constitutes your acceptance of the revised policy.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Company: Radianzinfotech LLP
- Email: admin@radianzinfotech.com
- Address: Angamaly, Kochi, Kerala - 683572, India
- Website: radianzinfotech.com
We aim to respond to all enquiries within 30 business days.
15. Legal Compliance
This Privacy Policy is designed to comply with:
- Information Technology Act, 2000 (India) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
- General Data Protection Regulation (GDPR) — for users in the European Economic Area
- Facebook Platform Policy and Instagram API Terms of Use
- Digital Personal Data Protection Act, 2023 (India) — as applicable