Privacy Policy

Last updated: 22 April 2026

1. Who We Are

This Privacy Policy is issued by Dans Ventures Private Limited ("Dans Ventures", "Pomelo Digital", "we", "us", or "our"), a company incorporated under the laws of India, with its registered office at Unit No. 26, HARTRON Complex, Electronic City, Phase IV, Udyog Vihar, Sector 18, Gurugram, Haryana 122015. "Pomelo Digital" is our trading brand.

For any privacy-related questions or requests, please contact us at hello@pomelodigital.com.

2. Scope of This Policy

This Privacy Policy explains how we collect, use, share, and protect personal information when:

  • You visit pomelodigital.com or our other websites;
  • You engage with us as a client, vendor, or prospective business partner;
  • You interact publicly with Instagram business accounts that we manage on behalf of our clients (for example, by posting a comment on a client's Instagram post or sending a Direct Message to a client's Instagram account).

We act as a data processor when handling personal information of social-media users who interact with our clients' Instagram accounts. Our clients (for example, brand owners whose Instagram accounts we manage) are the data controllers of that information. This policy describes the practices we follow under our processor role.

3. Information We Collect

3.1 Information From Our Website Visitors

When you visit our website, we may collect:

  • Device and browser information (IP address, browser type, operating system);
  • Pages visited and referral URLs;
  • Contact information you voluntarily submit through forms (name, email, phone, company, message).

3.2 Information From Instagram Interactions With Our Clients' Accounts

When we operate an engagement-tracking tool on behalf of a client, we may receive the following information from Meta's Instagram Graph API and Instagram Messaging API:

  • Public comment data: the commenter's Instagram username, the comment text, the comment ID, the associated post / media ID, and the timestamp;
  • Direct Message data: the sender's Instagram user ID, the message text, the message ID, and the timestamp;
  • Basic profile information made available through Meta's permissions, limited to what is strictly necessary to display the interaction to our client.

We only receive this information when an Instagram user voluntarily and publicly interacts with our client's business account, or when they initiate a conversation via Instagram Direct.

We do not collect passwords, financial information, precise location, contact lists, photos from your camera roll, or any other data beyond what is described above.

3.3 Information From Our Clients

Our clients may provide us with business information required to deliver services, including authorised representatives' names, work emails, and account access credentials. This information is handled under the terms of our service agreement with each client.

4. How We Use Information

We use the information described above to:

  • Deliver the engagement-tracking, reporting, and response-management services our clients have engaged us to provide;
  • Prepare analytics, summaries, and recommendations for our clients regarding their Instagram activity;
  • Respond to enquiries submitted through our website;
  • Operate, secure, and improve our own website and internal systems;
  • Comply with applicable legal obligations.

We do not use Instagram user data to build advertising profiles, sell personal information to third parties, or train third-party machine-learning models.

5. Legal Basis for Processing

We process personal information on the following legal bases, depending on jurisdiction:

  • Consent: where you voluntarily provide information to us (e.g., by submitting a contact form, or by publicly commenting on a client's post under Instagram's terms);
  • Contract: where processing is necessary to perform services for our clients;
  • Legitimate interests: for website analytics, security, and internal administration, balanced against your rights;
  • Legal obligation: where we are required by law to retain or disclose information.

6. How We Store and Protect Information

Information collected via the Instagram Graph API is transferred through our automation infrastructure (Meta webhooks, Cloudflare edge processing, Make.com automation) and stored in Google Sheets workspaces owned and administered by Dans Ventures on behalf of the relevant client.

We implement reasonable administrative, technical, and physical safeguards to protect this data, including access controls, encryption in transit, and restricted access to team members on a need-to-know basis. Third-party service providers that process data on our behalf (such as Google, Cloudflare, and Make.com) are bound by their own data-protection terms.

7. How We Share Information

We may share information with:

  • The client on whose behalf we collected it (for example, the brand owner of the Instagram account the user interacted with);
  • Service providers that support our operations (such as Google Workspace, Make.com, and Cloudflare) under contractual confidentiality and security obligations;
  • Legal or regulatory authorities, where disclosure is required by law or necessary to protect rights, safety, or property.

We do not sell personal information.

8. Data Retention

  • Website enquiry data: retained for up to 24 months from last contact, unless a longer period is required by law.
  • Instagram engagement data processed on behalf of clients: retained for up to 24 months, or for the duration of our service agreement with the relevant client (whichever is shorter), after which the data is deleted or anonymised.
  • Backup copies: may persist for up to 90 days beyond the primary deletion date as part of standard backup cycles.

Clients may request earlier deletion at any time.

9. Your Rights

Depending on your jurisdiction (including under India's Digital Personal Data Protection Act, 2023, the EU / UK General Data Protection Regulation, and similar laws), you may have the right to:

  • Access the personal information we hold about you;
  • Request correction of inaccurate information;
  • Request deletion of your information ("right to be forgotten");
  • Object to, or request restriction of, certain processing activities;
  • Withdraw consent where processing is based on consent;
  • Lodge a complaint with a data-protection authority.

To exercise any of these rights, email hello@pomelodigital.com with the subject line "Privacy Request". We will respond within 30 days. Where a request concerns data processed on behalf of a client, we will forward the request to that client and assist them in responding.

10. Children's Privacy

Our services are not directed to children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal information, please contact us and we will delete it.

11. International Transfers

Our service providers are located in multiple jurisdictions, including the United States and the European Union. Where personal information is transferred outside your country of residence, we rely on appropriate safeguards provided by those vendors (such as Standard Contractual Clauses).

12. Cookies and Tracking

Our website may use first-party and third-party cookies for basic analytics and functionality. You can control cookies through your browser settings. Our Instagram automation infrastructure does not set cookies on Instagram users' devices.

13. Third-Party Links

Our website and client deliverables may contain links to third-party websites or platforms (including Meta-operated platforms). We are not responsible for the privacy practices of those third parties.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of this page indicates when the policy was last revised. Material changes will be communicated via our website or, where appropriate, via direct notice to clients.

15. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Dans Ventures Private Limited (trading as Pomelo Digital)Unit No. 26, HARTRON Complex, Electronic City, Phase IV,Udyog Vihar, Sector 18, Gurugram, Haryana 122015, India

Email: hello@pomelodigital.com