hookline

Privacy policy

last updated June 10, 2026

What Hookline is

Hookline automates replies and direct messages for comments on your own Instagram posts. It is operated as a free, open-source service. This policy describes exactly what data the hosted service touches and why.

What we collect

  • Account: if you sign up with an access code, we store no personal information at all — no email, no name, no phone. If you choose email sign-up, we store your email and a salted password hash.
  • Instagram connection:when you connect a professional Instagram account through Meta's official login, we store your Instagram user ID, username, and an access token. The token is encrypted at rest with AES-256-GCM. We never see or store your Instagram password.
  • Automation activity:for comments that match one of your automations, we log the comment ID, the commenter's username, the comment text, and the actions taken (reply sent, DM sent). This powers your activity feed and analytics.

What we don't do

  • No selling, renting, or sharing of data with third parties.
  • No advertising, no trackers, no analytics scripts on this site.
  • No reading of your DMs or comments beyond webhook events Meta sends us for your own posts.
  • No messages sent on your behalf except the automations you explicitly configure.

Where data lives

Data is stored in a Postgres database hosted in the cloud (Neon) and processed on Vercel infrastructure. Instagram API calls go directly to Meta's Graph API.

Deleting your data

Disconnecting an Instagram account immediately deletes its stored token, automations, and activity log. Deleting your Hookline account removes everything tied to it. You can also request deletion through Meta — see data deletion. Self-hosters control their own database entirely.

Contact

Questions: open an issue on GitHub.