About Me Shop Fav Things
About Contact

# Privacy Policy

**Last updated: May 23, 2026**

This Privacy Policy describes how Brock Johnson ("we," "us," or "I") collects, uses, and protects information when operating the Brock Responder application ("the App") that connects to Instagram via the Meta Instagram Platform API.

## 1. Who runs this app

The App is operated by Brock Johnson (Instagram: @brock11johnson) as a personal productivity tool used to manage replies to comments and direct messages received on @brock11johnson's Instagram account.

Contact: [email protected]

## 2. What information we collect

When the App is authorized to access an Instagram account, it may receive the following information from Meta's Instagram Platform API:

- **Account profile data** — Instagram user ID, username, account type, follower count, and media count for the connected account
- **Media metadata** — IDs, captions, timestamps, and comment counts of posts on the connected account
- **Comments** — text, author username, author user ID, and timestamp of comments left on posts of the connected account
- **Direct messages** — text content, sender username, sender user ID, and timestamp of direct messages received by the connected account
- **Access tokens** — OAuth tokens used to make API requests on behalf of the connected account

The App does not collect any data from people other than: (a) the owner of the connected Instagram account, and (b) people who voluntarily interact with that account by commenting on its posts or sending it direct messages.

## 3. How we use the information

Collected information is used solely to:

- Display comments and direct messages to the connected account owner for review
- Generate suggested reply text using AI (Anthropic Claude)
- Send approved replies back to Instagram via the Instagram Platform API
- Track which items have been responded to in order to avoid duplicate handling

We do **not**:

- Sell or share personal data with advertisers or third-party marketers
- Use the data for any purpose other than the reply workflow described above
- Combine the data with other data sources outside the App
- Analyze message content for any purpose beyond drafting a reply to that specific message

## 4. Third-party services

The App uses the following third-party services to operate. By using the App you understand that data may be transmitted to these services:

- **Meta (Instagram Platform API)** — to read account data and send replies. See Meta's [Privacy Policy](https://www.facebook.com/privacy/policy).
- **Anthropic (Claude AI)** — message text and brand-voice context are sent to Anthropic's API to generate draft replies. See Anthropic's [Privacy Policy](https://www.anthropic.com/legal/privacy). Anthropic does not retain data sent via the API for training.
- **Google (Sheets and Docs APIs)** — comment/DM data and reply drafts are stored in a private Google Sheet readable only by the account owner. The App also reads a private "brand voice" Google Doc owned by the account owner. See Google's [Privacy Policy](https://policies.google.com/privacy).

## 5. Data storage and retention

- Data is stored in a private Google Sheet accessible only to the connected account owner and a designated Google service account.
- Access tokens are stored in a local environment file on the account owner's computer.
- Comment/DM records are retained for the duration of the comment-reply window enforced by Instagram (24 hours for comments, 7 days for direct messages) and may be retained beyond that for record-keeping. Items in "regular" priority that are not handled within a session are automatically cleared.
- Approved replies are retained as learning examples to improve future drafts.

## 6. Your rights

If you have commented on or sent a direct message to @brock11johnson and would like your data removed from the App's storage, please email **[email protected]** with the subject line "Data deletion request" and include your Instagram handle. Data will be deleted within 30 days. See also the dedicated [Data Deletion page](/data-deletion).

You may also revoke the App's access to your data at any time by removing it in your Instagram account settings: **Settings → Apps and websites → Active**.

## 7. Children

The App is not directed to children under the age of 13. If you are under 13, please do not interact with the connected Instagram account in a way that you do not want recorded.

## 8. Security

We take reasonable measures to protect collected information, including restricting access to authorized accounts only, storing files with restricted local permissions, and not exposing credentials in version control. No method of transmission over the Internet is 100% secure.

## 9. Changes to this policy

We may update this Privacy Policy from time to time. Updates will be posted at this URL with a revised "Last updated" date.

## 10. Contact

Questions about this Privacy Policy can be sent to: **[email protected]**