Privacy Policy

Last updated: June 24, 2026

Table of Contents

1. Introduction

This Privacy Policy describes how 1001383774 Ontario Inc., doing business as MetaEngines ("MetaEngines", "we", "us", or "our"), a corporation established in Ontario, Canada, collects, uses, stores, shares, and protects information in connection with the Meia platform and related websites, applications, and services (collectively, the "Services"). It also explains the choices you have regarding your information.

By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with it, please do not use the Services.

2. Information We Collect

Account information. When you register for a Meia account, we collect information such as your name, email address, business name, and authentication credentials.

Connected social media accounts. Meia allows you to connect third-party accounts, including Instagram professional (Business or Creator) accounts. When you connect an account through the Instagram API, we access and process the following, with your authorization and only to the extent required to provide the features you enable:

• Profile information, including the account's Instagram user ID, username, and account type. • Direct messages sent to and from your connected account, including message text and media attachments. • Comments on your media, including comment text and the commenter's Instagram ID and username. • Media you publish through Meia and aggregated performance metrics such as reach, impressions, and engagement. • Access tokens that authorize Meia to perform actions on your connected account on your behalf.

Content you provide. We collect the documents, brand information, prompts, and other content you submit so that Meia can generate and manage content for you.

Usage and device data. We automatically collect technical information such as log data, IP address, browser and device type, and product analytics that help us operate, secure, and improve the Services.

Cookies and similar technologies. We use cookies and similar technologies to keep you signed in, remember preferences, and understand how the Services are used.

Instagram permissions we request. When you connect an Instagram Business or Creator account, Meia requests the following Instagram Graph API permissions:

• instagram_business_basic — read basic profile information (Instagram user ID, username, account type). • instagram_business_manage_messages — read direct messages sent to the connected account and send replies on its behalf, used by Meia's automated reply features. • instagram_business_manage_comments — read comments on the connected account's posts and reply to them publicly or via private message, used by Meia's comment automations.

You can revoke any of these permissions at any time from Instagram's Settings → Apps and websites page. Revoking will trigger the deletion process described in Section 8 below.

3. How We Use Information

We use the information we collect to:

• Provide, operate, and maintain the Services, including sending and receiving messages, replying to and managing comments, publishing content, and reporting analytics on your connected accounts. • Generate content and automated responses on your behalf and at your direction. • Authenticate users, secure accounts, and prevent fraud, abuse, and unauthorized access. • Communicate with you about your account, provide customer support, and send service-related notices. • Analyze usage to maintain, troubleshoot, and improve the Services. • Comply with legal obligations and enforce our terms. • Direct message content from connected Instagram accounts is sent to third-party large language model providers to generate automated replies on your behalf. These providers process this content under their commercial terms, which prohibit using your content to train their models and limit retention to short-term abuse-monitoring windows (typically 30 days or less). We do not use your messages, comments, or profile content to train AI or machine learning models.

4. How We Share Information

We do not sell or rent personal information. We share information only in the following circumstances:

Service providers. We share information with vendors that provide cloud hosting, data storage, infrastructure, and analytics on our behalf. Application data is stored in MongoDB Atlas (managed MongoDB) hosted in North America. Backend services run on Google Cloud Run. Secrets, including OAuth access tokens and encryption keys, are stored in Google Cloud's secret management service. We do not transfer data outside of these providers. These providers are bound by confidentiality obligations and may use the information only to provide services to us.

AI processors. To generate content and suggested replies, we transmit limited information to artificial intelligence providers. We send only the information necessary to produce the requested output.

Legal and safety. We may disclose information when required by law, regulation, legal process, or governmental request, or where we believe disclosure is necessary to protect the rights, property, or safety of MetaEngines, our users, or the public. When we receive a request from a public authority for user information, we review the legality of the request before responding, disclose only the minimum information specifically required to satisfy the request, challenge requests we consider to be unlawful or overbroad, and maintain an internal record of the request, our response, and the legal reasoning involved.

Business transfers. If MetaEngines is involved in a merger, acquisition, financing, or sale of assets, information may be transferred as part of that transaction, subject to this Privacy Policy.

5. Tech Provider

Meia is a Tech Provider as defined by Meta. When a business connects its Instagram account to Meia, we process direct messages, comments, and profile information of end-users who interact with that business through Instagram. In this context, the connected business is the data controller for those end-user interactions and Meia acts as a data processor on its behalf. End-users with privacy questions about a specific business's use of Meia should contact that business directly; for technical questions about how Meia handles data on the business's behalf, contact us at meia@metaengines.ca.

6. Data Retention

Retention. We retain personal information for the shorter of the following: • Connected Instagram account data (profile, messages, comments, media): retained only while the Instagram account remains connected to Meia. Disconnecting the account, deleting your Meia account, or submitting a verified deletion request triggers permanent deletion within 30 days. • Meia account records: retained for as long as your Meia account is active. When you delete your Meia account, these records are permanently deleted within 30 days. We may retain a minimal record of the deletion event itself (a timestamp and a hashed account identifier) for security audit purposes; no personal information is included in this record. • Billing records (subscription history, invoices, payment-method references — we do not store full card numbers): retained for the duration of an active subscription and for up to seven years after cancellation where required by applicable tax or accounting laws. After that period, billing records are deleted or fully anonymized. • Operational and security logs that contain no personal information: retained for up to 90 days.

7. Data Security

We use technical and organizational measures designed to protect personal information, including encryption in transit, access controls, and secure storage of credentials and access tokens. Access tokens are stored securely and are not exposed to other users. OAuth access tokens issued by Meta for your connected Instagram account are encrypted at rest using authenticated symmetric encryption. The encryption key is stored as a managed secret in our cloud environment and is never written to logs, exposed in the dashboard UI, or shared with any third party. Tokens are decrypted in memory only at the moment they are used to call the Instagram Graph API. No method of transmission or storage is completely secure, and we cannot guarantee absolute security, but we work to protect your information using industry-standard safeguards.

8. Your Rights and Choices

Depending on your location, you may have rights to access, correct, update, or delete the personal information we hold about you, and to object to or restrict certain processing. You may:

• Access or correct your information by contacting us at the address below. • Disconnect a connected account at any time from within Meia, or from the "Apps and Websites" settings of your Instagram account. You can also pause or disable automated replies for any user conversation from your Meia profile while keeping the account connected. • Request deletion of your data by emailing meia@metaengines.ca. We will respond to and process verified requests within 30 days.

Deletion initiated from Instagram. You may also initiate deletion directly from Instagram by going to Settings → Apps and websites → Active, selecting Meia, and tapping Remove. Meta will notify us via our Deauthorize Callback URL (https://meia.metaengines.ca/meta/instagram/deauthorize) and we will delete the associated Instagram data within 30 days.

Data Deletion Request URL. When a Data Deletion Request is received at https://meia.metaengines.ca/meta/instagram/data-deletion, our endpoint immediately returns a unique confirmation code and a status URL. You may visit the status URL at any time to confirm the deletion has been completed.

9. Meta Platform Compliance

Meia's access to and use of information obtained through the Instagram and Meta APIs comply with the Meta Platform Terms, the Meta Developer Policies, and all applicable Instagram and Facebook platform policies, including their Limited Use requirements. We request only the permissions necessary to provide the features you have chosen to enable, and we use Meta platform data solely to provide and improve those features for you.

10. International Data Transfers

Meia stores and processes information on Google Cloud infrastructure, primarily in North America. We may store and process information in countries other than the one in which you reside. Where we transfer personal information across borders, we take steps to ensure that it receives an adequate level of protection in accordance with applicable law.

11. Children's Privacy

Meia is a business-facing tool and is not directed at, intended for, or designed to attract individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have inadvertently collected such information, please contact us at meia@metaengines.ca and we will delete it.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal or operational reasons. When we make material changes, we will update the -updated date at the top of this policy and, where appropriate, provide additional notice.

Contact Us

MetaEngines

Email: meia@metaengines.ca

Website: https://metaengines.ca