Privacy Policy - Brandaid Instagram Widget

1. Introduction

Brandaid Instagram Widget provides a service that allows businesses to display their Instagram content on their websites. This Privacy Policy explains how we collect, use, and protect your information when you use our service.

By using our service, you agree to the collection and use of information in accordance with this policy. This Privacy Policy complies with Meta's Platform Terms and the Instagram Graph API requirements.

2. Information We Collect

2.1 Instagram Data

When you connect your Instagram Business or Creator account to our service, we access and store the following information through the Instagram Graph API:

Profile Information: Instagram user ID, username (handle), profile picture URL, and account metrics (followers count, following count, media count)
Media Content: Photos, videos, and captions from your Instagram posts
Media Metadata: Post timestamps, media type (photo/video), and permalinks
Engagement Metrics: Like counts and comment counts for your posts (to display social proof in your widget)
Access Tokens: Long-lived access tokens to maintain connection to your Instagram account

Note: This service is only available for Instagram Business and Creator accounts. Personal Instagram accounts are not supported.

Permissions Used: We use instagram_basic for profile and media data, and instagram_manage_insights for engagement metrics (likes/comments). We also use pages_show_list to find your Instagram Business Account connected to your Facebook Page.

2.2 Usage Data

We may collect information about how you access and use our service, including:

Feed configuration settings (layout preferences, display limits)
Access logs and timestamps
Error logs for troubleshooting purposes

2.3 Administrative Data

For service administrators:

Authentication credentials (stored securely)
Feed management preferences
Email address for service notifications (if provided)

3. How We Use Your Information

We use the collected information for the following purposes:

Service Delivery: To display your Instagram content on your website through our widget
Token Management: To automatically refresh access tokens before they expire, maintaining uninterrupted service
Service Improvement: To monitor and improve the performance and reliability of our service
Compliance: To comply with legal obligations and Meta's Platform Terms
Support: To provide technical support and respond to your inquiries

        Important: We never sell, rent, or share your Instagram data with third parties for marketing purposes. Your data is used exclusively to provide and improve our widget service.
      

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely on cloud infrastructure with the following characteristics:

Persistent storage for feed configurations and access tokens
Temporary caching of Instagram media (automatically purged after a short period)
Redundant, enterprise-grade hosting infrastructure

4.2 Security Measures

We implement industry-standard security measures to protect your data:

Encrypted data transmission (HTTPS/TLS)
Secure token storage with encrypted secrets
Regular security updates and monitoring
Access controls and authentication for administrative functions
Automatic token rotation and refresh

4.3 Data Retention

We retain your data as follows:

Active Data: Feed configurations and access tokens are kept while your feed remains active
Cached Media: Instagram media is temporarily cached and automatically purged after 5 minutes
Logs: Anonymized system logs are retained for up to 30 days for security and troubleshooting
Backups: Encrypted backups are retained for up to 30 days

When you delete your account, all data except anonymized logs and backups (which expire automatically) is immediately removed from our systems.

5. Instagram API Compliance

Our service uses the Instagram Graph API and complies with:

        Instagram Data Usage: We only access and display public Instagram content that you have explicitly authorized through OAuth authentication. We do not access private messages, stories, direct messages, or any data beyond profile information and media posts. This service requires an Instagram Business or Creator account.
      

6. Your Rights and Choices

You have the following rights regarding your data:

6.1 Access and Control

Access: You can view your connected Instagram account information at any time
Delete: You can delete your account and all associated data at any time
Revoke Access: You can revoke our app's access through your Instagram settings

6.2 How to Delete Your Data

You have three options to delete your data from our service:

Self-Service Deletion: Visit our authorization page, login with Instagram or Facebook, and click the "Delete Account" button on your account management page
Instagram Settings: Remove our app from your Instagram account settings (Settings → Security → Apps and Websites → Remove "Brandaid Instagram Widget"). When you do this, Instagram will notify us and we will automatically delete all your data
Contact Us: Email us directly to request data deletion (see contact information below)

What gets deleted: All your Instagram data, access tokens, feed configurations, and cached content will be permanently removed from our systems. This action cannot be undone.

7. Third-Party Services

Our service relies on the following third-party services:

Meta/Instagram: For accessing your Instagram content via their API
Cloudflare: For hosting, data storage, and content delivery

Each of these services has their own privacy policies:

8. Cookies and Tracking

We use minimal browser storage:

LocalStorage: To remember your theme preference (light/dark mode)
Session Storage: For temporary authentication state (admin only)

We do not use tracking cookies or analytics that collect personal information.

9. Children's Privacy

Our service is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us to have it removed.

10. International Data Transfers

Your data may be transferred to and stored on servers located outside your country of residence. By using our service, you consent to the transfer of your data to countries that may have different data protection laws than your country. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. Continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to delete your data, please contact us:

Email: hello@brandaid.sk
Phone: +421 907 525 433

Brandaid is the data controller responsible for your information under this Privacy Policy.