Privacy Policy

Last updated: March 23, 2026 · Effective: March 23, 2026

Influo ("we," "our," or "us") operates the website getinfluo.com and the application at app.getinfluo.com (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Summary: We only collect data you explicitly provide or authorize. We use Instagram API data solely to power your personal analytics dashboard. We never sell your data to third parties.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Name — to personalize your dashboard experience
Email address — for account authentication, communication, and password recovery
Password — stored as a bcrypt hash; we never store or have access to your plaintext password

1.2 Instagram Data (via Meta API)

When you connect your Instagram account through our secure OAuth flow, we access the following data with your explicit permission:

Profile information: username, biography, follower count, profile picture URL
Media data: your posts, reels, carousels (captions, timestamps, media type, permalink)
Engagement metrics: likes, comments, shares, saves, reach, impressions, and views on your own content
Account insights: follower demographics, profile views, and website clicks (when available)

Important: We only access data from your own Instagram account. We cannot see your direct messages, stories (after they expire), or data from other users' accounts.

1.3 Payment Information

Payment processing is handled entirely by Stripe, Inc. We do not store credit card numbers, bank account details, or any sensitive payment information on our servers. Stripe's privacy policy applies to all payment transactions.

1.4 Usage Data

We automatically collect standard web analytics data including IP addresses, browser type, device information, pages visited, and timestamps. This data is used solely for service improvement and security monitoring.

2. How We Use Your Information

We use the collected information for the following purposes:

Analytics Dashboard: To display your content performance metrics, engagement analytics, viral content patterns, and growth insights
Content Strategy: To generate AI-powered recommendations for optimal posting times, content types, and caption strategies
Brand Matching: To identify potential brand partnership opportunities based on your content profile
Media Kit Generation: To automatically create a professional media kit with your verified statistics
Account Management: To authenticate your identity, process subscriptions, and send service-related communications
Service Improvement: To improve our algorithms, fix bugs, and develop new features

3. Data Sharing and Disclosure

We are committed to protecting your privacy. We do not sell, rent, or trade your personal information to any third party.

We may share data only in the following limited circumstances:

Stripe: Payment processing data is shared with Stripe to process subscription payments
Meta/Instagram: OAuth tokens are used to communicate with the Instagram Graph API on your behalf
Legal Requirements: We may disclose information if required by law, regulation, or legal process
Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction

4. Data Storage and Security

All data is stored on secure servers hosted by Hetzner Cloud in Europe
All connections use TLS/SSL encryption (HTTPS)
Passwords are hashed using bcrypt with 12 rounds of salting
Instagram access tokens are encrypted at rest and automatically refreshed
Database access is restricted to authenticated API requests with valid JWT tokens
We conduct regular security audits and monitoring

5. Data Retention

Account data: Retained as long as your account is active. Deleted within 30 days of account deletion request.
Instagram data: Synced media and insights are retained while your Instagram account is connected. Deleted within 7 days of disconnecting your Instagram account.
Payment records: Retained for 7 years as required by financial regulations.
Server logs: Automatically rotated and deleted after 90 days.

6. Your Rights and Choices

You have the following rights regarding your data:

Access: View all data we hold about you through your dashboard settings
Correction: Update your profile information at any time
Disconnection: Disconnect your Instagram account at any time, which stops data collection and triggers deletion of synced data
Deletion: Request complete account deletion through your dashboard settings or by contacting us at privacy@getinfluo.com
Export: Request a copy of your data in machine-readable format
Revoke Access: Revoke Influo's access to your Instagram data at any time through your Facebook Business Integrations settings

7. Meta Platform Data Use

Our use of information received from Meta APIs adheres to the Meta Platform Terms and Meta Developer Policies, including:

We only request permissions that are necessary for the features we provide
We do not use Instagram data for surveillance, discriminatory profiling, or any purpose unrelated to providing our Service
We provide a Data Deletion Callback endpoint that Meta can use to request data deletion when a user removes our app
We do not transfer or sell Instagram data to data brokers, information resellers, or any third party

8. Data Deletion Callback

In compliance with Meta Platform requirements, we provide an automated Data Deletion Callback. When you remove Influo from your Facebook/Instagram connected apps:

Meta sends a deletion request to our server
We immediately begin the deletion process for all Instagram-related data associated with your account
A confirmation code and status URL are provided
Deletion is completed within 7 business days

You can also request data deletion manually by emailing privacy@getinfluo.com or using the "Delete Account" option in your dashboard settings.

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@getinfluo.com.

10. International Data Transfers

Our servers are located in Europe (Germany). If you access our Service from outside Europe, your data will be transferred to and processed in Europe. By using our Service, you consent to this transfer. We ensure appropriate safeguards are in place in accordance with applicable data protection laws, including GDPR.

11. Cookies and Tracking

We use minimal cookies necessary for the Service to function:

Authentication cookies: To maintain your login session
Preference cookies: To remember your dashboard settings

We do not use advertising cookies, tracking pixels, or third-party analytics services that track you across websites.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For significant changes, we will also send an email notification to the address associated with your account.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: privacy@getinfluo.com
Website: https://getinfluo.com

We are committed to resolving any complaints about our collection or use of your personal data. We will respond to all requests and inquiries within 30 days.