Privacy Policy

Just Got a Lead — last updated May 2, 2026.

What we collect

When you submit our contact form we collect your name, email address, phone number, and the message you write. If you opt in to SMS communication we also record your consent (a true/false flag), the exact wording you agreed to, the timestamp the consent was given, and the IP address from which the form was submitted.

How we use it

We use this information to respond to your inquiry, follow up about scheduling a demo, and (if you opted in) send transactional SMS messages tied to that inquiry. We do not sell or share your contact information with third parties for their own marketing.

Instagram and Facebook data we receive

When you click "Connect Instagram" inside Just Got a Lead, you grant our app permission, through Facebook Login for Business, to access specific data from your Meta account. With your consent, we receive:

• Your Instagram profile basics — username, account ID, profile picture, and account type (Business or Creator).
• The list of Facebook Pages you manage and the Instagram Business account linked to each Page.
• Direct messages sent to and from your connected Instagram account, so we can show them in your inbox and let you reply on your behalf.
• A long-lived access token that lets us do the actions above on your behalf without making you log in again every time.

We never receive your Facebook password, payment information, or content from any account you don't own.

How we use Instagram and Facebook data

• Show inbound DMs in your unified inbox so you can reply from one place.
• Send the replies you write inside our app from your connected Instagram account. We only send messages you've typed and clicked send on — never on your behalf without your action.
• Detect customer-intent signals in DMs (keywords like "quote" or "pricing") so the system can promote a conversation into a tracked lead automatically.
• Schedule and publish Instagram posts you author in our scheduler.
• Display read-only stats about your account inside the dashboard.

We do not use your Meta data for advertising. We do not sell it. We do not share it with third parties for those parties' own marketing. We do not use it to train AI models.

Where it's stored, how long, and how to delete it

Your access token is stored encrypted at rest using AES-256-GCM. The encryption key lives in our server environment and is never stored next to the ciphertext.

Your Instagram account metadata (username, account ID, linked Facebook Page ID, Page name) is stored on Google Cloud Storage in a private bucket scoped to your account. DM message threads are stored as JSON files on the same private bucket, scoped to your account ID, and only readable by your authenticated dashboard session.

We keep this data for as long as your Instagram account stays connected. When you click "Disconnect" inside the dashboard, your access token is deleted within 24 hours and your DM and post records are deleted within 30 days.

Want everything deleted immediately, including any backups? Email danieldario@palacios-solutions.com with the subject "Data deletion request" and the email address tied to your account. We confirm completion within 14 days.

SMS & opt-out

SMS opt-in is never required to use our service. If you opted in you can opt out at any time by replying STOP to any message we send. Reply HELP for help. Message and data rates may apply. See our SMS Terms for full details.

SMS opt-in data and phone number sharing

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties or affiliates.

Phone numbers collected through our contact form are used solely by Just Got a Lead to respond to your inquiry, send follow-ups, and schedule appointments. We do not sell, rent, or share phone numbers or SMS opt-in data with any third party for any purpose.

Retention

Inquiry records and consent proof are retained for as long as necessary to respond to your request and to comply with carrier and legal record-keeping requirements (typically four years for SMS consent records).

Contact

Questions about this policy? Email danieldario@palacios-solutions.com.