Scope and Roles
InstaChime provides lead capture, routing, alerting, and reporting tools for business customers. Customers control the lead data they send into InstaChime and are responsible for giving their own prospects any required collection notices and consent choices.
For most lead data, the customer is the controller or business that decides why the data is collected, and InstaChime acts as a service provider or processor that handles the data to provide the configured service. For account, billing, security, support, and public-site analytics data, InstaChime may act as an independent controller for normal business operations.
Data We Process
InstaChime stores account profile data, organization settings, user roles, lead payloads, source and campaign metadata, audit events, notification delivery logs, webhook delivery logs, CMS content, and integration configuration needed to operate the service.
Lead payloads may include names, business contact details, phone numbers, email addresses, company names, location or territory fields, message text, form answers, consent fields, campaign data, and custom fields selected by the customer. Customers should avoid sending payment card data, government identifiers, health data, or other sensitive information unless a written agreement specifically allows it.
Sources
Data may come from users, workspace administrators, public contact forms, customer-configured lead sources, ad platforms, CRM or spreadsheet tools, automation platforms, notification destinations, and normal technical logs generated when the service is used.
How Data Is Used
Data is used to capture inbound leads, route them to the right team, notify users, measure response performance, prevent abuse, secure accounts, maintain audit trails, troubleshoot issues, and provide support.
Public-site analytics, when accepted, is used to understand traffic sources, content performance, usability, and conversion paths. Account and operational data may also be used to maintain the service, enforce plan limits, investigate security issues, and respond to customer requests.
Processors
Transactional email is sent through Resend. Microsoft 365 is used for the admin mailbox. Product analytics use Google Analytics 4 and Microsoft Clarity only after analytics consent is accepted. Customer-configured notification, CRM, spreadsheet, automation, SMS, WhatsApp, voice, or webhook destinations receive data only when those integrations are enabled.
Sharing
InstaChime does not sell lead data. Data is shared only as needed to operate the service, deliver customer-configured notifications and integrations, comply with law, protect the service, or complete a transaction directed by the customer.
Analytics
Analytics data is used to understand traffic sources, content performance, feature adoption, and usability issues. Sensitive lead payloads should not be intentionally sent to analytics tools.
International Use
Customers are responsible for confirming that their own lead collection, transfer, retention, and messaging practices comply with the laws that apply to their business and prospects. Where a signed agreement includes data-transfer terms, those terms control the transfer mechanism for customer data.
Security
InstaChime uses workspace scoping, access controls, MFA support, HTTPS, audit logs, encrypted sensitive settings, backup procedures, and operational monitoring. No internet service can guarantee perfect security, so customers should also use strong passwords, MFA, least-privilege roles, and carefully controlled integrations.
Retention
Operational records are retained for service reliability, reporting, security, and audit needs. Organization owners may request export or deletion according to the active service agreement. Backup copies are removed through the normal backup lifecycle.
Choices and Requests
Organization owners can manage users, alert recipients, integrations, and content in the product. Privacy or data requests can be sent to admin@instachime.com.
Updates
This policy may be updated as the product, integrations, providers, or legal requirements change. Material updates should be reviewed by workspace owners and, where required, reflected in customer-facing notices.
Related terms: Terms of Service, Data Processing Addendum, Cookie Policy, and Security.