Our Commitment to Your Data: This Data Policy explains how Backlinks.tools collects, uses, stores, shares, and protects your data — including data received from third-party platforms such as Meta (Instagram). We are committed to transparency and responsible data stewardship.
1. Data We Collect
1.1 Account Data
When you create an account, we collect:
- Name and email address
- Password (stored as a one-way bcrypt hash — never in plain text)
- Billing information (processed and stored by our payment provider — we do not store card details)
- Account preferences and settings (timezone, notification settings, etc.)
1.2 Data from Third-Party Integrations (Meta / Instagram)
When you connect an Instagram Professional account via our OAuth integration, we receive and store the following data from the Meta Graph API:
- Profile data: Instagram user ID, username, display name, profile picture URL, account type, follower count, and media count
- OAuth Access Token: A long-lived access token used to make API calls on your behalf (stored encrypted)
- Post Insights: Analytics metrics for your published posts (likes, comments, reach, impressions, saves, video views)
- Media metadata: Post captions, media type, permalink, and publish timestamp for posts you have synced
We do not collect, access, or store your Instagram password. We do not collect personal data about your followers or other Instagram users.
1.3 Usage Data
- IP address and approximate geographic location (country/region)
- Browser type and operating system
- Pages visited and features used within our platform
- Timestamps of actions (logins, post scheduling, etc.)
2. How We Use Your Data
2.1 Core Service Delivery
- Authenticating your identity and managing your account
- Displaying your connected Instagram account profile information on your dashboard
- Scheduling and publishing posts on your behalf using your connected Instagram account
- Fetching and displaying analytics (follower growth, post performance metrics)
- Moderating comments on your Instagram media
2.2 Platform Improvement
- Aggregated, anonymised usage analytics to identify popular features and improve user experience
- Diagnosing and resolving technical issues
- Improving the accuracy and reliability of our data sync processes
2.3 Communication
- Sending transactional emails (billing receipts, password resets, account alerts)
- Important platform notifications (security alerts, policy updates)
- Service update announcements (only to users who have opted in)
3. How We Store Your Data
- All data is stored on secure, access-controlled database servers within our private cloud infrastructure.
- OAuth access tokens from Meta/Instagram are stored encrypted at rest.
- Databases are not publicly accessible — only our application servers can communicate with them.
- Regular encrypted backups are taken to ensure data resilience.
4. Data Sharing & Third Parties
We do not sell your personal data. We may share data only in the following limited circumstances:
4.1 Infrastructure & Service Providers
We share data with the following categories of trusted service providers who process data on our behalf:
- Cloud Hosting Provider: Stores our databases and application servers.
- Payment Processor (Razorpay): Processes billing and subscription payments.
- Email Service: Sends transactional emails on our behalf.
- Analytics: Google Analytics (anonymised usage data only).
All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.
4.2 Meta Platform Data
Data we receive from Meta (Instagram) through the Graph API is used solely for the purpose of delivering the features you have explicitly authorised. We do not share or sell Meta Platform Data to any third parties. We do not use Meta Platform Data for advertising targeting or profiling unrelated to your own account management.
4.3 Legal Requirements
We may disclose data if required to do so by law, court order, or government authority, subject to applicable legal protections.
5. Data Retention
- Active accounts: Data is retained for the duration of your subscription.
- After cancellation: Data is retained in read-only form for up to 30 days to allow you to export it.
- 30–90 days post-cancellation: Data is archived and available only upon explicit request.
- After 90 days: All personal data is permanently and irreversibly deleted.
- Instagram access tokens: Revoked and deleted upon account disconnection.
6. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure: Request deletion of your account and all associated personal data.
- Right to Data Portability: Request your data in a machine-readable format.
- Right to Restrict Processing: Request that we limit how we use your data.
- Right to Object: Object to processing of your personal data for marketing purposes.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
7. Meta Platform Data Compliance
As a developer using the Meta Graph API, we adhere to Meta's Platform Terms and Developer Policies:
- We only request permissions necessary for the features the user has asked to use.
- We never use Meta Platform Data for surveillance, discriminatory practices, or any purpose prohibited by Meta's policies.
- Users can disconnect their Instagram account at any time from our platform, which revokes our access token.
- We honour Meta's data deletion callbacks where applicable.
8. Contact & Data Controller
The data controller responsible for your personal data is: