Vxrtarget

Privacy Policy

Last updated: 2026-04-20

This Privacy Policy describes how Vxrtarget ("Vxrtarget", "we", "us") collects, uses and protects information when you use the Vxrtarget platform ("the Service"). By using the Service you agree to the practices described here.

1. Information we collect

1.1 Account data

When you register we collect your email address, a hashed password, and the name of your business project.

1.2 Business context you provide

To generate marketing content we collect information you voluntarily enter about your business: products, pricing, offers, brand voice, contact details and public links to your website and social profiles.

1.3 Meta / Instagram data

When you connect an Instagram Business account we receive, via the official Meta Graph API and strictly within the scopes you approve: your Instagram Business account ID, profile metadata, messages sent to your account that contain triggers you have configured, and delivery status of content we publish on your behalf. We do not request access to private messages that do not match your configured triggers, nor do we use Meta data to build profiles of your followers.

1.4 Usage data

We log technical events required to operate the Service: request timestamps, hashed IP addresses, user-agent strings, and click events on tracking links you have generated. This data is used for attribution analytics and security.

2. How we use information

  • To generate marketing content on your explicit request.
  • To publish content to your connected Instagram Business account when you approve publication.
  • To send auto-replies in Instagram Direct on your behalf, strictly in response to triggers you configured.
  • To provide attribution analytics showing which content produced which click, message or conversion.
  • To prevent abuse, enforce our Terms and comply with legal obligations.

3. Third parties

We share the minimum necessary data with the following processors:

  • Meta Platforms Inc. — to publish content and receive webhook events under the scopes you authorized.
  • Anthropic PBC — to generate text using the Claude API. Prompts include the business facts you provided.
  • Image-generation providers — disclosed in-app when you enable image generation.
  • Our infrastructure provider — for hosting and database storage.

We do not sell personal data. We do not use your business facts to train third-party models.

4. Data retention

Account and project data is retained while your account is active. Webhook event logs are retained for 90 days for debugging and abuse prevention. Tracking events are retained for 24 months to support longitudinal attribution analytics. You may request earlier deletion at any time — see section 6.

5. Security

Passwords are hashed using argon2id. Traffic is encrypted in transit via TLS. Access to the production database is restricted to authorized operators. Meta App Secret and API keys are stored as environment secrets, not in source control.

6. Your rights & data deletion

You may access, correct, export or delete your data at any time. For deletion instructions see Data Deletion Instructions or email hello@vexar.direct. Meta-originated data is also deleted when you revoke Vxrtarget's permissions from your Instagram account settings; we honor the Meta deauthorization callback within 30 days.

7. Children

The Service is not directed at individuals under 16 and we do not knowingly collect their data.

8. Changes to this policy

We may update this policy. Material changes are announced by email to account holders at least 14 days before taking effect.

9. Contact

Questions? Email hello@vexar.direct.