adminlessPrivacy Policy
Effective date: June 4, 2026
Adminless ("we", "us") is a service that connects a business's Instagram professional account and answers customer direct messages with AI-generated replies configured by the business, and lets the business publish content and manage its messaging knowledge base from a dashboard.
The service is operated by Albert Kobiakov, an individual entrepreneur (FOP) registered in Ukraine. Privacy questions and data requests: privacy@adminless.app.
Our roles: for dashboard account data, we act as a data controller. For Instagram messages and other Instagram-sourced data processed on behalf of a connected business, we act as a processor (service provider) for that business; the connected business remains responsible for its own relationship with its Instagram users and customers.
Data we collect
From businesses using the dashboard (our customers):
- Account data: email address and a password (stored only as a salted hash).
- Content you provide to configure the assistant: FAQ entries, bot persona and system prompt, language preferences.
Through the Meta Platform, after the business connects its Instagram professional account and grants the corresponding permissions:
- Instagram account data: username, account identifiers, and an access token that lets us act on the account's behalf.
- Direct messages sent to the connected account: message text, sender identifier and timestamps — received via Meta webhooks so the assistant can reply.
- Records of content (e.g. Stories) we publish on the account's behalf at the business's request.
Technical data: standard server logs. Message content and personal identifiers are masked in our application logs by default.
We do not collect data from people who merely visit this website. This site sets no cookies and runs no analytics.
How we use data
- To answer messages: when a customer messages a connected Instagram account, we process the message text together with the business's FAQ and persona to generate a reply, and send that reply back through the Instagram API.
- AI processing: message text and the business's knowledge-base content are submitted to Google's Gemini API to generate replies and to compute search embeddings. Google processes this data as our service provider to provide AI generation and embedding functionality. We send only what is needed to produce the reply; we do not use this data to train models of our own.
- To operate the dashboard: conversation history is shown to the business that owns the connected account.
- Transactional email: invitations and service notices are sent through our email provider.
We do not sell personal data, do not share it for advertising, and do not use it for any purpose other than providing the service.
Service providers
We use a small number of processors to run the service:
| Provider | Purpose |
|---|---|
| Meta Platforms | Instagram API and webhooks (source of Instagram data) |
| Google (Gemini API) | AI reply generation and text embeddings |
| Hetzner Online (Finland, EU) | Server hosting and database |
| Vercel | Hosting of the dashboard application |
| Resend | Transactional email delivery |
| Cloudflare | DNS and email routing for our domain |
Data retention
- Conversation history is kept for the business — so the assistant can use context and the business can review its conversations — until it is removed by a data-deletion request (see below).
- Instagram access tokens are kept only while the account is connected and are discarded on disconnect or deauthorization.
- Dashboard accounts and business-provided content are kept for the lifetime of the customer relationship.
- Server logs are short-lived and rotate automatically.
Data deletion
There are three ways to have Instagram data deleted, all honored without undue delay:
- Remove the app on Instagram: Instagram → Settings → Website permissions / Apps and Websites → remove Adminless. Meta notifies us automatically; we delete the account's access credentials and stop receiving, generating and sending messages for it. Note: disconnecting alone retains existing conversation history for the business — it is removed by a data-deletion request (below).
- Meta data-deletion request: requesting data deletion through Meta triggers our automated deletion callback. All Instagram-sourced data for the account — conversations, messages, delivery jobs, published-content records and credentials — is permanently deleted, and Meta receives a confirmation code with a status page to track completion.
- Email us at privacy@adminless.app. We may need to verify your request before deleting or disclosing data.
Businesses can also disconnect their Instagram account from the dashboard at any time, which invalidates our stored credentials for it.
Your rights
Depending on where you live, you may have rights to access, correct, export, restrict or delete personal data we hold about you, and to object to its processing. To exercise any of these, email privacy@adminless.app. If you believe we process your data unlawfully, you also have the right to lodge a complaint with your local supervisory authority.
Security
All traffic to and from the service is encrypted in transit (TLS). Access to production systems is restricted to the operator. Personal identifiers and message content are masked in application logs by default. No method of storage or transmission is 100% secure, but we design the service to minimize the data it keeps and who can see it.
Meta Platform compliance
Instagram data is received and used in accordance with the Meta Platform Terms and Developer Policies. We use it only to provide the service described above to the business that connected the account, and we delete it as described in Data deletion.
Children
The service is intended for businesses and is not directed to children. We do not knowingly collect personal data from anyone under 16.
Changes
If this policy changes, the new version will be published at this address with an updated effective date. Material changes will be announced to registered customers by email.