← Back to rumi.marketingPrivacy Policy

Privacy Policy

Effective 2026-07-01

This Privacy Policy explains how Rumi Inc ("Rumi," "we," "us") collects, uses, shares, and protects information in connection with the Rumi social-media content service (the "Service"). Rumi creates, schedules, and publishes content to your Instagram account after you approve it. Questions? Contact ali@rumi.team.

Who we are

Rumi Inc is the data controller for the information described in this policy. You can reach us at ali@rumi.team for any privacy request or question.

Information we collect

Account information

Your name, email address, company or brand name, and any details you provide when you request a demo or set up your account.

Instagram Business account data

With your explicit consent, and only through Meta's official APIs (Instagram API with Instagram Login / the Instagram Graph API), we access data from your connected Instagram Business or Creator account, including your profile information, media, and insights (reach, views, engagement). We access this data to operate the Service and never collect your Instagram password.

Content drafts

The captions, images, schedules, and other content we generate for your review, along with your approvals, edits, and rejections.

Usage data

Basic technical and usage information (for example, log data and device/browser information) used to operate, secure, and improve the Service.

How we use information

We publish to Instagram only after you approve the content, and only via official Meta APIs.

Processors and subprocessors

We share data with a limited set of service providers who process it on our behalf:

We never sell your data

We do not sell your personal information or your Instagram account data, and we do not share it for cross-context behavioral advertising.

Data retention

We retain your information for as long as your account is active or as needed to provide the Service. When you delete your account or disconnect Instagram, we delete the associated access tokens and account data within 30 days, except where we are legally required to retain certain records (such as billing records).

Security

We use industry-standard safeguards to protect your data. Instagram access tokens are encrypted at rest, and access to production data is restricted to authorized personnel.

Your rights

Depending on where you live, you may have the right to access, correct, export, or delete your personal information, and to object to or restrict certain processing.

GDPR (EEA/UK): our legal bases for processing are performance of our contract with you, your consent (for connecting your Instagram account), and our legitimate interests in operating and securing the Service. You may withdraw consent at any time and lodge a complaint with your supervisory authority.

CCPA/CPRA (California): you have the right to know, delete, and correct your personal information, and to opt out of sale/sharing — and we do not sell or share your personal information. We will not discriminate against you for exercising these rights.

To exercise any right, email ali@rumi.team.

Meta data deletion

You can delete the data associated with your connected Instagram account at any time. See our Data Deletion instructions. Removing the app in your Instagram or Facebook settings also triggers Meta's data-deletion callback, and we delete your stored tokens and account data within 30 days.

Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us information, contact us and we will delete it.

Changes to this policy

We may update this policy from time to time. We will post the updated version here and revise the effective date above. Material changes will be communicated where appropriate.

Contact

Rumi Inc — ali@rumi.team. See also our Terms of Service.

Rumi Inc · ali@rumi.team