Privacy Policy

Last updated: 2026-05-13

SetuChat ("we", "us") provides an AI-powered customer service assistant for owners of Facebook Pages and linked Instagram Business Accounts. This page explains what we collect, why, and how to delete it.

What we collect

  • Page and Instagram access tokensissued by Meta when a Page admin connects their Facebook Page and/or linked Instagram Business Account. Tokens are encrypted at rest with AES-256-GCM and used solely to send and receive messages on the admin's behalf via the Messenger Platform and the Instagram Messaging API.
  • Customer messages sent to a connected Facebook Page (via Messenger) or Instagram Business Account (via Instagram Direct), plus our generated replies. Messages are retained for up to 12 months to provide conversation context and let the admin review history; admins can purge sooner from the dashboard.
  • Instagram and Messenger account metadata (platform-scoped user ID, username, profile picture URL) returned by Meta when a conversation begins, used to label threads in the admin dashboard. We do not pull media, followers, or unrelated profile data.
  • Knowledge base entries (products, FAQs, policies) that Page admins enter themselves.
  • Account data for Page admins who sign up: email address and login state.

What we do not collect

  • We do not collect personal data from end customers beyond the message contents and the platform user ID Meta provides for Messenger and Instagram Direct.
  • We do not sell or share data with third parties for advertising.

Where data lives

Encrypted at rest in AWS RDS (us-east-1) and on Vercel infrastructure. AI inference is routed through Vercel AI Gateway with zero data retention enabled. Sub-processors: Amazon Web Services (storage, compute), Vercel (hosting, AI gateway), and the model providers reachable behind that gateway (OpenAI, Google) under their zero-retention terms.

Retention

Conversation messages and metadata are retained for up to 12 months from receipt unless the admin deletes them sooner. Encrypted tokens persist until the admin disconnects the Page or Instagram account. Account data persists until account deletion. Anonymized aggregate metrics (e.g. total messages handled this month) may be retained beyond these windows for billing and service-improvement purposes.

Your rights

Page admins can disconnect their Page or Instagram Business Account at any time from the SetuChat dashboard. End customers can request deletion of their message history with a connected Page or Instagram account by emailing support@setucare.com with the relevant Page or Instagram username. See Data deletion for full instructions.

Contact

Questions: support@setucare.com