Back to home
SetterFlo

Privacy Policy

Last updated: 24 February 2026

NoCoded Ltd ("SetterFlo", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at setterflo.io and use our services.

Company details: NoCoded Ltd, a company registered in England and Wales. Contact: support@setterflo.io

1. Information We Collect

Information You Provide

  • Account information: Name, email address, and password when you create an account.
  • Instagram data: When you connect your Instagram account, we access specific data via Meta APIs (see Section 7 for details on each permission).
  • Calendar data: When you connect a calendar integration, we access your availability to book appointments on your behalf.
  • Payment information: Billing details processed securely through Stripe. We do not store your full card details.
  • Communications: Any messages you send us via email or our contact form.

Information Collected Automatically

  • Usage data: Pages visited, features used, time spent, and interaction patterns.
  • Device data: Browser type, operating system, IP address, and device identifiers.
  • Cookies: We use essential cookies for authentication and optional analytics cookies to improve our service.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our AI-assisted lead management service.
  • Process your Instagram DM conversations to generate AI-assisted responses managed by you.
  • Book appointments and manage your calendar integrations.
  • Send you service updates, security alerts, and support messages.
  • Process payments and manage your subscription.
  • Analyse usage patterns to improve our product.
  • Communicate with you about new features, offers, or updates (with your consent).

3. How We Share Your Information

We do not sell your personal data. We may share information with:

  • Service providers: Third-party services that help us operate (see Section 8 for sub-processors).
  • Legal requirements: When required by law, regulation, or legal process.
  • Business transfers: In connection with a merger, acquisition, or sale of assets.

4. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS/SSL) and at rest, access controls, and regular security reviews. However, no method of transmission over the internet is 100% secure.

5. Data Retention

We retain your data for the following periods:

  • Conversation and message data: Retained for the duration of your active subscription plus 30 days after cancellation or account deletion.
  • Analytics data: Retained in anonymised form for up to 1 year.
  • Account data: Retained until you request deletion or your account is terminated.
  • Payment records: Retained as required by financial regulations (typically 7 years).

6. Your Rights & Data Deletion

Under applicable data protection laws (including UK GDPR), you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data.
  • Request deletion of your data.
  • Object to or restrict processing of your data.
  • Data portability, receiving your data in a structured, commonly used format.
  • Withdraw consent at any time where processing is based on consent.

How to Request Data Deletion

You can request deletion of your data by:

  • Emailing support@setterflo.io with the subject "Data Deletion Request".
  • Disconnecting your Instagram account from SetterFlo in your dashboard Settings page.
  • Visiting our Data Deletion page for full details.

Upon receiving a valid deletion request, we will delete your personal data within 30 days. This includes your account information, conversations, messages, AI settings, and lead data. Anonymised analytics data may be retained. Data required for legal or regulatory compliance will be retained as required by law.

7. Instagram & Meta Platform Data

Our use of data received from Meta (Instagram) APIs adheres to the Meta Platform Terms and Developer Policies. We only access the minimum data necessary to provide our service and do not use Instagram data for advertising or sell it to third parties.

Permissions & Data Usage

SetterFlo requests the following Meta/Instagram permissions. Each permission is used solely for the purpose described below:

PermissionWhat It AccessesWhy We Need It
instagram_basicProfile name, username, profile picture, follower countDisplay your connected account in the dashboard and personalise AI responses with your business identity
instagram_manage_messagesRead and send Instagram Direct Messages on your behalfCore functionality: read incoming DMs, display them in your dashboard, and send AI-assisted responses that you configure and control
instagram_manage_commentsRead and reply to comments on your posts and reelsRead and respond to comments on your posts and reels, enabling engagement with your audience directly from the dashboard
pages_messagingRequired by Meta alongside instagram_manage_messagesTechnical requirement for the Instagram Messaging API to function. No Facebook Page messages are read or sent

Meta Deauthorisation Callback

When you disconnect your Instagram account from SetterFlo (either through your Instagram settings or through our dashboard), we receive a deauthorisation callback from Meta. Upon receiving this callback, we:

  • Immediately stop all AI-assisted responses for your account.
  • Revoke our access tokens so we can no longer access your Instagram data.
  • Schedule deletion of your stored conversation and message data within 30 days.
  • Retain only anonymised analytics data and any records required for legal compliance.

8. Sub-processors

We use the following third-party sub-processors to deliver our service:

  • Supabase (EU/US): Database hosting, authentication, and file storage.
  • Stripe (US): Payment processing and subscription management.
  • Pipedream (US): OAuth connection management for third-party integrations.
  • OpenAI (US): AI language model for generating AI-assisted message responses configured by the user.

9. International Data Transfers

Your data may be processed outside the United Kingdom by our sub-processors listed above. Where data is transferred to countries outside the UK, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions where applicable, in compliance with UK GDPR.

10. Cookies

We use essential cookies required for authentication and site functionality. We may use optional analytics cookies (e.g., for understanding usage patterns). You can manage cookie preferences through your browser settings.

11. Children's Privacy

Our service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us at: