Effective: May 9, 2026
This Privacy Policy describes how IG Autopost ("the App", "we") handles information when used to manage and publish content to Instagram on behalf of the operator of bandung.euy.web.id.
The App is an internal admin tool used solely by the account owner to schedule, process, and publish posts to their own Instagram Business or Creator account via the Meta Graph API. The App is not a public service and does not have public end-users beyond the authorized administrator.
When the administrator authorizes the App via Meta Login, the App receives, with permission, only the data needed to publish content:
The App does not read followers, direct messages, comments, insights, or any other personal data. It does not collect data about Instagram users who view, like, or comment on the posts.
The App stores on its own server:
Image files are processed (cropped, resized, watermarked) and stored locally on the same server. Nothing is shared with third parties beyond Meta's official API endpoints required to publish.
Stored data is used only to: (a) authenticate the administrator, (b) prepare images for Instagram, (c) call the Meta Graph API to create and publish media on the connected Instagram account, and (d) record the result for the administrator's review.
We do not sell, rent, or share data with third parties. The only external service contacted by the App is Meta's Graph API at graph.facebook.com, used to publish posts to the connected Instagram account.
Posts and processed images remain on the server until the administrator deletes them through the dashboard. Access tokens are kept until they expire (~60 days) or are manually rotated. There is no automatic export of data to any external service.
The App uses HTTPS, hashed passwords (bcrypt), CSRF protection, and stores credentials in a server-side environment file outside the public web root. Access is restricted to the authorized administrator account.
The administrator can revoke this App's access to their Instagram and Facebook accounts at any time via Meta settings: Facebook Business Tools and Instagram Apps & Websites. Once revoked, the App can no longer publish on their behalf.
To request deletion of any data stored by the App, contact the operator at the address below; data will be removed from the server within 7 days of a verified request.
The App is not directed at children under 13 and does not knowingly collect data from them.
If this policy changes, the new version will be posted at this URL with an updated effective date.
Questions or data removal requests: admin@bandung.euy.web.id.
This policy applies to use of the IG Autopost admin app at bandung.euy.web.id only.