Privacy Policy
Effective date: March 1, 2026
This Privacy Policy explains how InstaSweep ("Company", "we", "us", "our") collects, uses, stores, and protects your information when you use InstaSweep, including the desktop application, browser extension, website, and related services (collectively, the "Services"), available at instasweep.app.
InstaSweep does not sell your data. We are committed to transparency about what we collect and why.
1. Scope
This Privacy Policy applies to information we collect when you use the Services. It does not apply to third-party websites, platforms, or services that you may access through the Services, including Instagram. Your use of Instagram is governed by Meta Platforms, Inc.'s own privacy policy and terms of service.
When we act as a service provider processing data on your behalf (e.g., executing actions on your Instagram account), we process that data solely at your direction and in accordance with this Policy.
2. Information We Collect
2.1 Information You Provide
- Account information: Email address and authentication credentials (email/password or Google OAuth) when you create an InstaSweep account.
- Support communications: Any information you provide when contacting us for support, including your email address and the content of your messages.
2.2 Information Generated Through Use
- Credit and subscription data: Your credit balance, subscription status, and transaction history required to operate the billing system.
- Aggregate usage statistics: Counts of actions performed (e.g., total likes swept, comments deleted). These are aggregate numbers only and do not include the content of any Instagram posts or comments.
2.3 Payment Information
All payments are processed by our third-party payment processor. We do not receive, store, or have access to your full credit card number, bank account details, or other sensitive financial information. Our payment processor may collect information as described in their own privacy policy.
2.4 Automatically Collected Information
- Device information: Operating system type and version, browser type (for the extension).
- Log data: Error logs and crash reports to help us diagnose and fix issues.
3. Information We Do NOT Collect
InstaSweep is designed with a privacy-first architecture. All Instagram interactions happen locally on your device. We want to be explicit about what we do not collect or store on our servers:
- Instagram passwords or login credentials
- Instagram session tokens or cookies
- Post content, photos, videos, or captions
- Direct messages or conversation content
- Follower or following lists
- Profile information from Instagram accounts
- Any Instagram data whatsoever on our servers
4. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: To authenticate your account, manage your credit balance, process subscriptions, and provide the core functionality of the Services.
- Billing and payments: To process purchases, manage subscriptions, issue receipts, and handle refund requests.
- Support: To respond to your enquiries and resolve technical issues.
- Service improvement: To analyse aggregate usage patterns (not individual user data) to improve and develop the Services.
- Security and fraud prevention: To detect and prevent fraudulent activity, abuse, and violations of our Terms of Service.
- Legal compliance: To comply with applicable laws, regulations, and legal processes.
5. How We Share Your Information
We do not sell, rent, or trade your personal information. We may share your information only in the following circumstances:
- Service providers: With trusted third-party providers who perform services on our behalf, such as authentication, payment processing, and hosting. These providers are contractually obligated to use your information only as necessary to provide their services to us.
- Legal requirements: When required by law, regulation, legal process, or governmental request.
- Protection of rights: To protect the rights, property, or safety of Company, our users, or the public.
- Business transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, in which case your information may be transferred as part of the transaction. We will notify you of any such change.
6. Cookies and Tracking
6.1 Essential Cookies
The InstaSweep website uses essential cookies required for authentication and session management. These cookies are strictly necessary and cannot be disabled without breaking core functionality.
6.2 No Tracking
We do not use advertising cookies, tracking pixels, analytics trackers, or any form of cross-site tracking. We do not participate in ad networks or retargeting programmes.
6.3 Local Browser Data
The App may use local storage on your device to store preferences and session state. The Instagram session within the embedded browser uses Instagram's own cookies, which remain entirely on your device and are never transmitted to Company servers.
7. Data Retention
- Account data: We retain your account information (email, credit balance, usage statistics) for as long as your account remains active.
- Transaction records: Payment and transaction records may be retained for up to seven (7) years as required by financial regulations and tax law.
- Support communications: Support tickets and related communications are retained for up to two (2) years after resolution.
- Deletion: Upon account deletion, we will remove your personal data within thirty (30) days, except where retention is required by law.
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including encryption of data in transit (TLS), secure authentication, and access controls. However, no method of electronic transmission or storage is completely secure, and we cannot guarantee absolute security.
In the event of a data breach that affects your personal information, we will notify you and any applicable regulatory authority in accordance with applicable data protection laws, without undue delay.
9. Your Rights
9.1 General Rights
Regardless of your location, you have the right to:
- Request access to the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request deletion of your personal data.
- Withdraw consent where processing is based on consent.
9.2 European Economic Area and United Kingdom (GDPR/UK GDPR)
If you are located in the EEA or UK, you additionally have the right to:
- Data portability: Receive your personal data in a structured, commonly used, machine-readable format.
- Restriction of processing: Request that we limit how we process your data in certain circumstances.
- Object to processing: Object to processing based on legitimate interests.
- Lodge a complaint: File a complaint with your local data protection supervisory authority.
9.3 Legal Basis for Processing (EEA/UK)
We process your personal data on the following legal bases:
- Performance of contract: Processing your account and credit data is necessary to provide the Services you have requested.
- Legitimate interests: Aggregate usage analysis to improve the Services, fraud prevention, and security.
- Legal obligation: Retaining transaction records as required by financial regulations.
- Consent: Where applicable, such as for optional communications.
9.4 California Residents
If you are a California resident, you have the right to request disclosure of the categories and specific pieces of personal information we have collected about you. We do not sell personal information to third parties, and we do not share personal information for cross-context behavioural advertising.
9.5 Exercising Your Rights
To exercise any of these rights, contact us at [email protected]. We will respond to your request within thirty (30) days. We may ask you to verify your identity before processing your request.
10. International Data Transfers
Your data may be processed in countries outside your country of residence, including countries that may not provide the same level of data protection. Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws, including standard contractual clauses where required.
11. Children's Privacy
The Services are not directed to and are not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take prompt steps to delete that information. If you believe a child under 13 has provided us with personal information, please contact us at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice on our website at least fourteen (14) days before the changes take effect. We encourage you to review this Privacy Policy periodically. Your continued use of the Services after changes take effect constitutes acceptance of the updated Policy.
13. Contact Us
If you have any questions about this Privacy Policy, your personal data, or wish to exercise your data rights, please contact us:
- Email: [email protected]
- Company: InstaSweep
- Website: instasweep.app