XStellar connects to a sensitive business channel. This page explains what we access, what we do not access, and how the current trust boundaries of the product work.
Last Updated: March 16, 2026
XStellar connects through Meta's official OAuth flow. We do not ask for, store, or see your Instagram password.
Instagram connection tokens are stored on the backend and encrypted at rest. They are not exposed to the frontend as raw Instagram credentials.
XStellar uses authorized access to receive inbound conversation events, send AI-assisted replies, enrich lead context, and run qualification workflows.
If you revoke XStellar through Meta or Instagram settings, the product stops functioning for that connection and we remove or revoke stored access as part of our offboarding workflow.
XStellar currently routes customer notifications into dedicated private channels inside an XStellar-managed Slack workspace. XStellar operators may access those channels for onboarding, support, debugging, monitoring, and incident response.
This is a deliberate tradeoff. It gives us fast support and operational visibility, but it is not the same as a customer-owned Slack workspace.
XStellar is built to reduce operational and security risk, not to pretend risk does not exist. If you have security or privacy questions before connecting your account, email support@xstellar.systems.