Home
Home Icon
/
Legal
/
Privacy Policy

Privacy Policy

Last updated on April 10th, 2026

This Privacy Policy describes how Edgar SAS (“Edgar”, “we”, “us”, or “our”) collects, uses, processes, and protects personal data in connection with the Inrō platform (the “Service”).

1. Identity of the Data Controller

Edgar SAS
RCS Compiègne 920 349 073
20 rue des Maraîchers, 60700 Pontpoint, France

Contact: privacy@inroapp.com

2. Scope and Roles

Depending on the context:

  • Edgar SAS acts as a data controller for personal data relating to its own users
  • Edgar SAS acts as a data processor when processing personal data on behalf of its customers

Customers are solely responsible for determining the purposes and legal basis of processing concerning their end users.

3. Categories of Personal Data

3.1 Data processed on behalf of customers

  • Instagram messages, comments, and related content
  • Media and attachments
  • Profile data and metadata
  • Interaction and behavioral data
  • Contact information collected by customers

3.2 Data relating to users of the Service

  • Identification and contact data
  • Account and organization data
  • Billing data
  • Support communications

3.3 Technical and usage data

  • Device and connection data
  • Usage data
  • Error and performance data

4. Purposes and Legal Bases

Data is processed for:

  • Provision and operation of the Service
  • Contract performance
  • Customer support and relationship management
  • Automation and analytics
  • Security and fraud prevention

Legal bases:

  • Contract performance
  • Legitimate interests
  • Consent (where required)
  • Legal obligations

5. Artificial Intelligence

The Service uses artificial intelligence:

  • Processing may include message content and contextual data
  • Processing is performed via OpenAI
  • Data is not used to train AI models
  • Data is processed on a transient basis

6. Recipients and Subprocessors

Data is shared with service providers acting as processors.

A current list is available at:
www.inro.social/legal/subprocessors

We do not sell personal data.

7. International Transfers

Where data is transferred outside the EEA, appropriate safeguards are implemented, including:

  • Standard Contractual Clauses (SCCs)
  • EU–US Data Privacy Framework (DPF), where applicable

8. Data Retention

  • Messages and interactions: up to 24 months
  • Contacts: deleted after 24 months of inactivity
  • Logs: limited retention
  • Backups: up to 4 days

9. Data Deletion

Upon account deletion:

  • Data is permanently deleted
  • Residual data may persist temporarily in backups

10. Cookies

Non-essential cookies are used only with prior consent.

Users can manage preferences through the consent interface.

11. Security

We implement appropriate measures including:

  • Encryption in transit
  • Encryption of sensitive data at rest
  • Access control
  • Monitoring

12. Data Subject Rights

Individuals may exercise rights including access, deletion, and objection.

Requests should be directed to the relevant data controller.

Contact: privacy@inroapp.com

13. Children

The Service is not intended for individuals under 13.

14. Updates

This policy may be updated periodically.

15. Contact

privacy@inroapp.com

All rights reserved © 2026

Terms of Service
Privacy
Mentions