Legal

Privacy Policy

Last updated: March 1, 2026  ·  Effective: March 1, 2026

1. Overview

Instagrow ("we", "us", or "our") operates the website instagrowapp.com and related services (collectively, the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the rights you have over that data.

By creating an account or using our Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use our Service.

We are committed to handling your data responsibly and transparently. We will never sell your personal data to third parties.

2. Information We Collect

2.1 Information You Provide Directly

  • Account registration: Name, email address, and password when you create an account.
  • Contact form: Name, email, subject, Instagram handle (optional), and message when you contact us.
  • Billing information: Payment details are processed by our payment provider (Razorpay). We do not store full card details on our servers.
  • Communications: Any emails, support tickets, or chat messages you send us.

2.2 Information Collected Automatically

  • Usage data: Pages visited, features used, time spent, and actions taken within the Service.
  • Device & browser data: IP address, browser type and version, operating system, device type, screen resolution.
  • Log data: Server logs including timestamps, request URLs, HTTP status codes, and referrer URLs.
  • Cookies and tracking technologies: See our Cookie Policy for details.

2.3 Information from Instagram (via Official Graph API)

When you connect your Instagram Business or Creator account, we access certain data through the official Instagram Graph API. This includes:

  • Basic profile information (username, profile picture, bio, follower count)
  • Media information (posts, reels, stories — date, caption, media type, thumbnail)
  • Engagement metrics (likes, comments, saves, reach, impressions)
  • Comment data (comment text, author username, timestamp) — for moderation purposes only
  • Audience demographics — only if your account is a Business/Creator account and you have granted this scope

We only request the minimum permissions necessary to provide the features you use.

3. How We Use Your Information

We use your data for the following purposes:

  • Provide the Service: Operate your account, display analytics, schedule posts, and moderate comments.
  • AI & intelligent features: Generate content suggestions and insights using your engagement data. This processing happens on our servers and is not shared externally for training purposes.
  • Customer support: Respond to your questions, issues, and contact form submissions.
  • Billing & subscriptions: Process payments and manage your subscription plan.
  • Service improvement: Analyse usage patterns to fix bugs, improve existing features, and develop new ones.
  • Security & fraud prevention: Detect and prevent unauthorised access, abuse, or suspicious activity.
  • Legal compliance: Meet our obligations under applicable laws and regulations.
  • Marketing (with consent): Send product updates, newsletters, and promotional offers — only if you have opted in. You can unsubscribe at any time.

4. Instagram Data — Special Notice

We take extra care with the Instagram data you share with us through the Meta/Instagram Graph API:

  • We connect only via the official Instagram Graph API — we never ask for your Instagram password.
  • We store your Instagram access tokens securely using encryption at rest.
  • We use Instagram data exclusively to provide the features you've enabled. We do not resell, share with advertisers, or use it to train public AI models.
  • You may revoke our access to your Instagram account at any time directly through Instagram's settings under Apps and Websites. Revoking access will immediately stop data sync.
  • Comment content accessed for moderation is processed in real-time and is not permanently stored beyond what is necessary to display your moderation history within the app.

5. Data Sharing & Third Parties

We do not sell your personal data. We share data only in the following limited circumstances:

5.1 Service Providers

We work with trusted third-party vendors who process data on our behalf:

  • Hosting & Infrastructure: Hetzner / AWS (cloud servers, databases)
  • Analytics: Google Analytics (anonymised usage statistics)
  • Payment Processing: Razorpay (billing — they have their own privacy policy)
  • Email Delivery: Nodemailer / SMTP provider (transactional emails)
  • AI Processing: OpenAI API (used for Creator Intelligence features — no personal data is included in prompts beyond aggregated content metrics)

All vendors are contractually bound to protect your data and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your data if required by law, court order, or government authority, or to protect the rights, property, or safety of Instagrow, our users, or the public.

5.3 Business Transfers

If Instagrow is acquired, merged, or undergoes a similar transaction, your data may be transferred as part of that deal. We will notify you via email and/or a prominent notice on our website before this occurs.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service:

  • Account data: Retained until you delete your account. Upon deletion, your data is purged within 30 days.
  • Instagram metrics & post data: Retained for up to 24 months to power analytics history. This is deleted with your account.
  • Billing records: Retained for 7 years to comply with financial regulations (even after account deletion).
  • Contact form submissions: Retained for 2 years and then permanently deleted.
  • Server logs: Automatically purged after 90 days.

7. Security

We implement industry-standard security measures to protect your data:

  • All data is transmitted over HTTPS/TLS encryption.
  • Instagram access tokens are stored encrypted at rest.
  • Passwords are hashed using bcrypt and are never stored in plain text.
  • Our servers run behind firewalls with restricted access controls.
  • We conduct regular security reviews and vulnerability assessments.
  • Employee access to user data is strictly limited on a need-to-know basis.

Despite these measures, no system is 100% secure. In the event of a data breach that affects your rights, we will notify you within 72 hours as required by applicable law.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your account and associated data.
  • Right to Data Portability: Request your data in a structured, machine-readable format.
  • Right to Object: Object to certain processing activities, including direct marketing.
  • Right to Withdraw Consent: Withdraw any consent you've given at any time without affecting prior processing.
  • Right to Restrict Processing: Ask us to limit how we process your data in certain circumstances.

To exercise any of these rights, please contact us via our Contact page. We will respond within 30 days.

9. Cookies & Tracking

We use cookies and similar technologies to operate and improve our Service. Please see our Cookie Policy for a full explanation of what cookies we use and how to manage them.

In summary, we use:

  • Essential cookies — required for the Service to function (login session, security tokens)
  • Analytics cookies — Google Analytics to understand usage patterns (anonymised)
  • Preference cookies — remember your settings (e.g., theme preferences)

10. Children's Privacy

Instagrow is not intended for users under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If we discover we have inadvertently collected data from a child, we will delete it immediately. If you believe a child has provided us data, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Send an email notification to registered users.
  • Show a banner notice on our website for 30 days.

Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out:

Terms of Service → Cookie Policy → Contact Us →