Dopla

Privacy Policy

Last updated: May 6, 2026

This Privacy Policy describes how Dopla("we", "us", or "our") collects, uses, and shares information when you use our service available at ig.dopla.app(the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect the following categories of information:

Account Information. When you sign up, we collect your email address and a hashed password. We do not store your password in plain text.

Meta Platform Data.When you connect your Facebook or Instagram account, we receive, with your consent and via Meta's official Graph API, the following data:

  • Your Facebook user ID and name
  • The list of Facebook Pages you administer (page ID, name, access token)
  • The Instagram Business or Creator account linked to each Page (account ID, username, profile picture)
  • An access token issued by Meta that allows us to publish on your behalf

Content You Upload. Images, videos, and captions you upload through the Service in order to publish them to Facebook or Instagram.

Publishing Activity. Records of posts you publish through the Service, including timestamps, target page, post type, and the resulting post ID returned by Meta.

Technical Information. Standard server logs (IP address, user agent, request paths, timestamps) used for security and debugging.

2. How We Use Your Information

We use the information we collect only for the following purposes:

  • To authenticate you and maintain your session
  • To list your Facebook Pages and Instagram accounts so you can choose where to publish
  • To publish content to Facebook and Instagram on your explicit request
  • To show you a history of your published posts
  • To detect and prevent abuse, fraud, and security incidents

We do not publish on your behalf without an explicit user action, we do not use your content to train machine learning models, and we do not sell your data.

3. Permissions We Request from Meta

The Service requests the following Meta permissions and uses each one strictly for the purpose described:

  • instagram_basic — to display your Instagram username and profile picture in the account selector
  • instagram_content_publish — to publish images, Reels, and carousels to your Instagram Business or Creator account when you click "Publish"
  • pages_show_list — to list the Facebook Pages you administer
  • pages_read_engagement — to retrieve metadata about your Pages (name, profile picture)
  • pages_manage_posts — to publish posts to your Facebook Pages when you click "Publish"

4. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with:

  • Meta Platforms. When you publish content, that content is sent to Meta's servers via the official Graph API.
  • Service providers that operate our infrastructure (Supabase for database and storage, Vercel for hosting). These providers are contractually bound to process data only on our behalf.
  • Legal authorities when required by law, subpoena, or to protect the rights, property, or safety of users or the public.

5. Data Retention

We retain your data for as long as your account is active. Specifically:

  • Account information is retained until you delete your account
  • Meta access tokens are retained until they expire (typically 60 days) or until you disconnect your Meta account
  • Uploaded media is retained for 30 days after publication, then automatically deleted
  • Server logs are retained for up to 90 days

6. Your Rights

You can at any time:

  • Disconnect your Meta account from your dashboard, which immediately revokes our access token
  • Delete your Dopla account, which permanently deletes all associated data within 30 days
  • Request a copy of your data by contacting us at privacy@dopla.app
  • Request correction or deletion of specific data

See our Data Deletion page for step-by-step instructions.

7. Security

We use industry-standard practices to protect your data, including TLS encryption in transit, encryption at rest for sensitive fields, row-level security policies on our database, and access controls on our infrastructure. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Children

The Service is not directed to children under 13. We do not knowingly collect data from children under 13. If you believe a child has provided us with data, please contact us so we can delete it.

9. International Transfers

Your data may be processed in countries other than your own. By using the Service, you consent to such transfer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect the most recent revision. Material changes will be communicated by email when possible.

11. Contact

If you have questions about this Privacy Policy, please contact us at privacy@dopla.app.