Privacy Policy for Hamfaza
Last updated: January 2026
Hamfaza ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Instagram management application. These Terms of Service are entered into between you and Apex Petro Gas LLC, the legal owner and operator of the Hamfaza platform.
App Operator & Data Controller
Hamfaza is operated by Apex Petro Gas LLC, which acts as the data controller responsible for processing user data in accordance with applicable data protection regulations and Meta Platform Policies.
This privacy policy complies with Meta Platform Policies and Instagram API requirements. Our app only accesses data through official APIs with user consent.
1. Information We Collect
Instagram Data (via Graph API)
With your explicit consent, we access:
- Instagram account basic information (username, profile picture)
- Your posts and their metadata
- Comments on your posts (text, timestamps, commenter information)
- Direct message replies are only sent to Instagram users who have previously interacted with the user's posts (e.g., commented), and only within Instagram-approved messaging contexts.
- Post insights and engagement metrics
Note: We only access data that you explicitly grant permission for through Instagram's OAuth flow.
App Usage Data
- Authentication tokens (stored securely for session management)
- App preferences and settings
- Usage logs for debugging and improvement (anonymous)
- Error reports and crash analytics
Data We DO NOT Collect
- Your Instagram password
- Private messages not related to your posts
- Other users' personal data beyond public comments
- Sensitive personal information
- Payment information (we don't process payments)
2. How We Use Your Information
Core Functionality
- • Display your Instagram posts and comments
- • Enable comment search and filtering
- • Allow you to reply to comments
- Direct messages are sent only: • After a user-initiated interaction (comment on a specific post) • One-to-one (never bulk or broadcast messages) • Triggered explicitly by the app user • Fully compliant with Instagram Messaging policies
Service Improvement
- • Fix bugs and errors
- • Improve app performance
- • Analyze usage patterns (anonymous)
- • Develop new features
Compliance with Meta Policies
We only request the minimum Instagram permissions required for the app to function and strictly limit data access to approved use cases. Our use of Instagram data strictly follows Meta Platform Policies:
- The app does not send unsolicited or bulk direct messages
- All direct messages are sent only after a user interaction (such as commenting on a post) and with explicit user configuration
- We do not permanently store Instagram content such as posts, comments, or messages beyond temporary processing required to perform user-requested actions.
- We do not share Instagram data with third parties
- We only access data necessary for app functionality
- We respect all Instagram community guidelines
- Users can remove the app at any time from Instagram or Facebook settings, which immediately revokes all permissions and access tokens.
Instagram Permissions Used
- instagram_basic – Identify the connected Instagram account
- instagram_manage_comments – Read and reply to comments on user posts
- instagram_manage_messages – Send one-to-one message replies after user interaction
3. Data Storage and Security
Storage Duration
Instagram Data
We do not permanently store Instagram posts, comments, or messages. Temporary processing or in-memory caching may occur solely to perform user-requested actions and is automatically cleared.
Authentication Tokens
Stored securely and encrypted. Automatically deleted when you disconnect your Instagram account or after 60 days of inactivity.
App Settings
Stored until you delete your account or request deletion.
Security Measures
4. Data Sharing
We Do NOT Share Your Instagram Data
We do not sell, trade, or otherwise transfer your Instagram data to outside parties. This does not include:
Trusted Service Providers
Third parties who assist us in operating our app, conducting our business, or servicing you, so long as those parties agree to keep this information confidential and comply with GDPR/CCPA requirements.
Legal Requirements
When we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.
With Your Consent
Other than as set out above, you will receive notice when information about you might go to third parties, and you will have an opportunity to choose not to share the information.
5. Your Rights
Access & Control
- • View what data we have about you
- • Request deletion of your data
- • Update or correct your information
- • Export your data in machine-readable format
- • Remove the app at any time via Instagram or Facebook settings, which immediately revokes our access
Instagram-Specific
- • Disconnect Instagram anytime
- • Revoke app permissions via Instagram
- • Delete all cached Instagram data
- • Request data processing report
- • Control and approve when direct message replies are sent
6. Children's Privacy
Our app is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately.
7. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any changes by:
- Posting the new privacy policy on this page
- Sending you an email notification (if you have provided your email)
- Updating the "Last Updated" date at the top of this policy
- Displaying a notice in the app before changes take effect
You are advised to review this privacy policy periodically for any changes.
This privacy policy is compliant with: GDPR, CCPA, Meta Platform Policies, and Instagram API requirements.