Shre

Terms of Service

Privacy Policy

Last updated June 28, 2026.

This Privacy Policy ("Policy") is published in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and Rule 4 of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. It explains how Shre ("Shre", "we", "us", "our") collects, uses, stores, shares, and protects personal data when you use our website, web application, mobile application, and related services (collectively, the "Service"). This is an electronic record under the Information Technology Act, 2000 and does not require a physical signature.

Please read this Policy together with our Terms of Service. By accessing or using the Service, or by clicking to accept where prompted, you give your consent to the processing of your personal data as described here.

1. Definitions

Capitalised terms used here have the meaning given in the DPDP Act. In particular: "Personal Data" means any data about an individual who is identifiable by or in relation to such data; "Data Principal" means the individual to whom the Personal Data relates; "Data Fiduciary" means the person who determines the purpose and means of processing; and "Data Processor" means a person who processes Personal Data on behalf of a Data Fiduciary.

2. Who we are and our role

Shre is a creator platform that lets you automate Instagram comment and story-reply replies, publish a link-in-bio page, and sell digital products, physical goods, courses, and bookings. Shre is operated by TechNerve AI, a brand of Minusonetoten LLP (LLPIN: ACJ-3028), a limited liability partnership incorporated under the Limited Liability Partnership Act, 2008, having its registered office at 219 Kanara Business Centre, A Wing, Laxmi Nagar, No. 3 Link Road, Ghatkopar East, Mumbai 400075, Maharashtra, India ("Minusonetoten").

We act as the Data Fiduciary for Personal Data relating to your account (the creator). For the audience and customer data you collect through the Service, you are the Data Fiduciary and we act as your Data Processor, processing that data only on your documented instructions (see section 10).

3. Personal data we collect

Consistent with the itemised-notice requirement under Section 5 of the DPDP Act, we collect:

  • Account information. Your email address (for passwordless one-time-passcode login), chosen handle, display name, profile details, and subscription plan.
  • Instagram account data. On connecting Instagram: your Instagram user ID, username, profile picture URL, the permissions (scopes) you granted, and an access token we use to act on your behalf (see section 4).
  • Instagram interaction data. Comments and story replies on your content that match your rules, the public username/ID of the person who sent them, and the post/reel/story metadata needed to run your automations.
  • Automation & messaging data. The keywords, rules, and message templates you configure, and a log of the direct messages we send on your behalf (recipient ID/username, message text, status, timestamps, and errors).
  • Audience & customer data. Names, email addresses, and other details your audience submits through your links, forms, paywalls, waitlists, products, courses, and bookings; lead-source attribution; and order records (buyer name, email, amount, status).
  • Payment data. Orders and payouts are processed through an RBI-authorised payment aggregator. We store transaction metadata (amount, currency in INR, status, timestamps) but do not store complete card or banking credentials: these are handled by the payment aggregator in line with Reserve Bank of India directions, including card-storage/tokenisation norms.
  • Technical, usage & device data. IP address, browser/device type, mobile push tokens and device identifiers, features used, and diagnostic logs, used to operate and secure the Service.
  • Cookies and similar technologies. A session cookie (or bearer token on mobile) to keep you logged in and other strictly necessary cookies; and, on our website and app, analytics and advertising cookies and pixels, including the Meta Pixel (which sets the _fbp and _fbc identifiers), used to understand site usage and to measure and improve our own advertising. See section 7.

Certain of the above (such as financial information and passwords/access credentials) may constitute "sensitive personal data or information" under the SPDI Rules; we apply additional care to such data. We do not sell Personal Data. We use cookies, pixels, and conversion-measurement tools to measure and improve our own marketing and advertising (see sections 5 and 7); we do not use the audience or customer data you collect through the Service for advertising, and we do not carry out behavioural advertising directed at your audience.

4. Instagram / Meta data and automated DMs

When you connect your Instagram professional account, you authorise Shre to read comments and story replies on your content and to send direct messages on your behalf, only within the permissions you grant (instagram_business_basic and instagram_business_manage_messages). We use this access solely to run the automations you set up.

Our use of information received from Meta APIs also complies with the Meta Platform Terms and Developer Policies. You can pause or delete any automation, and disconnect Instagram at any time from Settings, which revokes our access and deletes the stored access token.

5. Purposes of processing

We process Personal Data for these specified purposes only:

  • to provide, operate, and maintain the Service and its features;
  • to run your automations, send the DMs, and deliver the products/links you configure;
  • to process orders and arrange payouts through the payment aggregator;
  • to send transactional messages (login codes, receipts, account and service notices);
  • to generate analytics and dashboards for you about your own activity;
  • to measure and improve our own marketing, including the effectiveness of our advertising and reaching potential new users (using cookies, pixels, and conversion measurement as described in section 7);
  • to secure the Service, prevent fraud and abuse, and to comply with applicable law and lawful requests.

We process your Personal Data on the basis of your consent, which is free, specific, informed, unconditional, and unambiguous, given by a clear affirmative action (Section 6, DPDP Act). Where permitted, we may also process data for certain legitimate uses recognised under Section 7 of the DPDP Act (for example, data you voluntarily provide for a specified purpose, or processing required to comply with law).

You may withdraw your consent at any time, as easily as it was given, by writing to our Grievance Officer (section 14) or using in-app controls. Withdrawal does not affect processing carried out before withdrawal, and may limit or prevent your use of parts of the Service.

7. How we share data and our processors

We share Personal Data only with processors who help us run the Service, under contracts requiring appropriate security and confidentiality, and only as needed:

  • Meta Platforms: to read comments/replies and send the DMs you configure;
  • RBI-authorised payment aggregator: to process payments and payouts;
  • Email delivery provider: to send login codes, receipts, and the campaigns you create;
  • AI translation provider: when you turn on reply localisation, your own reply templates are sent to a translation service (Google's Gemini) to translate them into other languages. We do not send your audience's comments or personal data for this;
  • Advertising & conversion measurement (Meta Platforms): when you visit our website or app, or take key actions on it (such as viewing a page, creating an account, starting a trial, or subscribing), we and Meta may set cookies/pixels, and we may send Meta a securely hashed (irreversible) version of your email address together with the event, so that Meta can measure and optimise our advertising and help us reach similar audiences. This relates only to our own visitors and customers, never to your audience's data;
  • Website & product analytics: privacy-conscious analytics tools to understand aggregate usage of our website and app;
  • Cloud hosting & storage providers: to host the Service and store uploaded files.

We may also disclose Personal Data where required by law, court order, or a lawful request by a government agency, to enforce our Terms, to protect the rights or safety of users or the public, or in connection with a merger, acquisition, or reorganisation (with notice where required). We do not sell Personal Data.

8. Cross-border transfer

We primarily store and process Personal Data on infrastructure located in India. Where data is transferred to or accessed from outside India (for example, by a processor), we do so in accordance with Section 16 of the DPDP Act and will not transfer data to any country or territory restricted by the Central Government.

9. Data retention & erasure

We retain Personal Data only for as long as necessary to fulfil the purposes above, or as required by law (for example, transaction and tax records under applicable accounting and GST laws). When the purpose is no longer served and retention is not legally required, or when you withdraw consent or delete your account, we will erase the Personal Data (and instruct our processors to do so), typically within 24 hours, save for records we must retain by law.

10. Your audience's data (you as Data Fiduciary)

Email addresses, contacts, leads, and order records captured through your links and pages belong to you. For that data, you are the Data Fiduciary and we are your Data Processor: we process it only on your instructions and to provide the Service. You are responsible for issuing your own notice, obtaining valid consent from your audience under the DPDP Act, and for the lawfulness of your collection and communications. Members of your audience can unsubscribe from marketing emails via the link in every message, or request access/correction/erasure, we honour verified requests and assist you in meeting your obligations, ordinarily within 24 hours.

11. Your rights as a Data Principal

Subject to the DPDP Act, you have the right to:

  • Access a summary of your Personal Data and our processing of it (Section 11);
  • Correction, completion, updating, and erasure of your Personal Data (Section 12);
  • Grievance redressal through the means in section 14 (Section 13);
  • Nominate another individual to exercise your rights in the event of death or incapacity (Section 14).

You also have duties under Section 15 of the DPDP Act, including not impersonating another person, not suppressing material information, and not filing false or frivolous complaints. To exercise your rights, contact our Grievance Officer (section 14). If unsatisfied, you may approach the Data Protection Board of India.

12. Children's data

Under the DPDP Act, a "child" is anyone under 18 years of age. We do not knowingly process the Personal Data of a child without the verifiable consent of a parent or lawful guardian, and we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children. If you believe a child's data has been provided without such consent, contact our Grievance Officer and we will act promptly.

13. Security & data breach

We implement reasonable security practices and procedures (as contemplated by Section 8(5) of the DPDP Act and Rule 8 of the SPDI Rules), including encryption in transit (TLS), access controls, and secure storage of access tokens. While no system is perfectly secure, in the event of a personal data breach we will notify the Data Protection Board of India and affected Data Principals as required by law.

14. Grievance Officer

In accordance with the DPDP Act and Rule 5(9)/Rule 3(2) of the Information Technology (Intermediary Guidelines) Rules, 2021, the contact details of our Grievance Officer are:

  • Name: Kushagra Kumar
  • Email: grievance@technerveai.com
  • Address: 205 Vita Premium Homes, VMX3+H4V, 1st Cross Road, Somasundarapalya, Bengaluru, Karnataka 560102, India

We will acknowledge grievances within 24 hours and endeavour to resolve them within 15 days (or such period prescribed by law). For general privacy queries, you may also write to privacy@technerveai.com. This Policy is available in English and, on request, we will make reasonable efforts to provide it in a language specified in the Eighth Schedule to the Constitution of India.

15. Changes to this Policy

We may update this Policy from time to time. We will revise the "Last updated" date above and, for material changes, provide additional notice through the Service. Continued use after changes take effect signifies your acceptance of the updated Policy.