Privacy Policy

Draft — replace before public launch.

What we store

Your email address (for authentication).
Your Instagram sessionid and csrftoken, encrypted at rest with AES-256-GCM. Decrypted only inside the worker during a job run. Never logged.
Job configurations and action logs (purged after 90 days).
Encrypted snapshots of your follower / following list, used to compute the unfollow diff. Stored in Cloudflare R2, also purged after 90 days.

What we never store

Your Instagram password (we never ask for it).
Posts, DMs, media, or anything beyond the public follower graph.
Any information about the Instagram users your job touches, beyond a usable log.

Your rights

You can export all data we hold about you from Settings → Export. You can delete your account at any time; we permanently remove everything within 30 days.