LoginTerms for BrandsTerms for InfluencersData Deletion

DISCO PRIVACY POLICY

Last updated: April 3, 2026

This Privacy Policy is incorporated by reference into the DISCO Terms of Service (the "Terms"). It applies to both Registered and Unregistered users ("User", "you", "your") whose Personal Information has been processed by DISCO ("DISCO", "we", "us", "our"), operated by Epigroww Global, in the course of our business.

DISCO (accessible at web.trydisco.in) is a web-based influencer marketing platform that helps brands discover, analyse, and collaborate with content creators and influencers across social media platforms including Instagram. This platform provides tools for creator discovery, campaign management, account analytics, and direct messaging to facilitate brand-influencer partnerships.

We respect your privacy and are committed to protecting your personal data. This privacy policy describes how we collect, use, process, and disclose your information, including Personal Data, in conjunction with your access to and use of our Services. It applies to all Services offered by DISCO and its affiliates including all DISCO apps, sites, APIs, and integrations.

INSTAGRAM AND META PLATFORM DATA

DISCO integrates with Meta's Instagram Platform using the official Instagram API with Instagram Login. This section describes how we collect, use, store, and protect data obtained through Meta's Instagram Platform ("Platform Data") in compliance with Meta Platform Terms and Policies.

A. Instagram Data We Collect

When you connect your Instagram Business or Creator account to DISCO through Instagram OAuth login, you explicitly authorise us to access the following data from your Instagram account:

  • Profile Information: Your Instagram username, display name, profile picture, biography, follower count, following count, and media count.
  • Account Insights: Performance metrics including reach, impressions, engagement rate, profile views, website clicks, and audience demographics (age, gender, city, and country breakdown).
  • Media Data: Your posts, reels, and stories including captions, media type, timestamps, like counts, comment counts, and post-level insights (reach, impressions, saves, shares).
  • Messaging Data: When you authorise messaging permissions, we facilitate direct messages between brands and creators on the platform for campaign collaboration purposes. Message content, timestamps, and delivery status are stored to maintain conversation history.

B. How We Use Instagram Data

We use Instagram Platform Data solely for the following purposes:

  • Account Analytics Dashboard: Displaying your Instagram performance metrics, audience demographics, and content insights in a centralised dashboard within DISCO, helping you understand your account performance.
  • Brand-Creator Matching: Helping brands on our platform evaluate potential collaborators by displaying authorised creator profiles and performance data.
  • Campaign Messaging: Enabling brands to communicate with authorised creators through Instagram Direct Messages for partnership proposals, campaign briefs, and campaign coordination. Messages are only sent to creators who have connected their accounts and provided explicit consent.
  • Campaign Performance Reporting: Generating performance reports using post-level insights for campaigns that creators participate in.

We do NOT use Instagram Platform Data for any purpose other than those described above. We do not sell, license, or transfer Instagram Platform Data to any third party. We do not use Instagram Platform Data for surveillance, user tracking, or advertising purposes. We do not combine Instagram Platform Data with data from other third-party sources to build independent user profiles.

C. Instagram Data Storage and Security

All Instagram access tokens are encrypted at rest using AES encryption before being stored in our database. We use HTTPS/TLS for all data transmission. Instagram Platform Data is stored on secure, access-controlled servers. We implement industry-standard security measures to prevent unauthorised access, disclosure, or destruction of your data.

D. Instagram Data Retention

We retain Instagram Platform Data only for as long as your account is connected to DISCO and for a reasonable period thereafter to fulfil reporting obligations. When you disconnect your Instagram account or request data deletion, we delete all stored Instagram access tokens, analytics data, messaging data, and automation settings within 7 days.

E. Revoking Instagram Access

You may revoke DISCO's access to your Instagram account at any time by:

  • Disconnecting your Instagram account from the DISCO platform via your account settings.
  • Removing DISCO from your Instagram account's authorised apps at Instagram > Settings > Apps and Websites > Active.
  • Contacting us at privacy@trydisco.ai to request account disconnection and complete data deletion.

Upon revocation, we will immediately invalidate your access token and delete all Instagram Platform Data associated with your account within 7 days.

F. Compliance with Meta Platform Terms

DISCO complies with Meta Platform Terms, Meta Developer Policies, and the Instagram Platform Policy. We only access Instagram data through official Meta APIs with explicit user authorisation via OAuth. We do not access, collect, or store Instagram data through any unauthorised means including scraping, crawling, or reverse engineering. We honour all rate limits and API usage guidelines set by Meta.

INFORMATION WE COLLECT

In addition to Instagram Platform Data described above, we collect information in the following ways to provide our services:

A. Information You Provide to Us

When you create an account on DISCO, you provide your full name, email address, and password. You may also provide additional profile information such as your phone number, company name, and areas of interest. When you connect your social media accounts, you authorise us to access the data described in the Instagram and Meta Platform Data section above.

B. Information from Third-Party Sources

For our creator discovery features, we may obtain publicly available information about influencers and content creators from third-party data providers and publicly accessible social media profiles. This data is used to help brands discover and evaluate potential collaborators and may include publicly available profile information, content metrics, and engagement data.

C. Information Collected Automatically

When you use DISCO, we automatically collect certain technical information including your IP address, browser type, operating system, device information, pages visited, and usage patterns. We use cookies and similar technologies to enhance your experience and analyse platform usage.

The type of Personal Information we may collect and our privacy practices depend on the nature of the relationship you have with DISCO and the requirements of applicable law.

HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the DISCO platform and its features.
  • To display Instagram account analytics and insights for connected accounts.
  • To facilitate direct messaging between brands and creators for campaign collaboration.
  • To enable creator discovery and help brands find relevant influencers.
  • To generate campaign performance reports.
  • To authenticate your identity and secure your account.
  • To communicate with you about your account, updates, and our services.
  • To improve and optimise our platform and user experience.
  • To comply with legal obligations and enforce our Terms of Service.

DATA SHARING AND DISCLOSURE

We do not sell your personal information or Instagram Platform Data to third parties. We may share your information only in the following circumstances:

  • Within the Platform: Creator profile information and analytics may be visible to brands on the DISCO platform when the creator has connected their account and consented to being discoverable.
  • Service Providers: We may share data with trusted service providers who assist us in operating the platform (hosting, database management, email services) under strict data processing agreements.
  • Legal Requirements: We may disclose information if required by law, court order, or governmental regulation, or to protect the rights, safety, or property of DISCO or others.

We never share, sell, rent, or trade Instagram Platform Data with third-party companies for their commercial purposes.

DATA SECURITY

We implement appropriate technical and organisational security measures to protect your personal information and Instagram Platform Data, including:

  • AES encryption for all stored Instagram access tokens.
  • HTTPS/TLS encryption for all data in transit.
  • Secure, access-controlled database infrastructure.
  • Regular security reviews and updates.
  • Restricted access to personal data on a need-to-know basis.

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to implementing industry best practices.

YOUR RIGHTS

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request correction of inaccurate personal data.
  • Right to Deletion: You may request deletion of your personal data and Instagram Platform Data. See our Data Deletion page for instructions.
  • Right to Revoke Consent: You may revoke your consent to data processing at any time by disconnecting your Instagram account or deleting your DISCO account.
  • Right to Data Portability: You may request your data in a portable format where technically feasible.

To exercise any of these rights, please contact us at privacy@trydisco.ai. We will respond to your request within 30 days.

DATA DELETION

You may request deletion of all your data from DISCO at any time by:

Upon receiving a deletion request, we will delete all stored access tokens, analytics data, messaging data, conversation history, and automation settings associated with your account within 7 days. Some anonymised, aggregated data that cannot be used to identify you may be retained for platform improvement purposes.

COOKIES AND TRACKING

DISCO uses cookies and similar technologies for authentication, security, and to remember your preferences. Essential cookies are required for the platform to function properly, including session cookies and CSRF protection tokens used during the Instagram OAuth login flow.

CHILDREN'S PRIVACY

DISCO is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information promptly.

INTERNATIONAL DATA TRANSFERS

Your information may be transferred to and stored on servers located outside your country of residence. We ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws, including GDPR where applicable.

LEGAL BASIS FOR PROCESSING (GDPR)

If you are in the European Economic Area (EEA), our legal basis for collecting and using your personal information depends on the data and the context:

  • Consent: When you connect your Instagram account via OAuth, you provide explicit consent for us to access and process your Instagram data.
  • Contractual Necessity: Processing necessary to provide the services you have requested.
  • Legitimate Interests: Processing necessary for our legitimate business interests, such as improving our platform, provided these interests do not override your rights.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically.

CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For data deletion requests, please visit our Data Deletion Instructions page or email us directly.