Privacy Policy

When you sign in, we store your email address and an authentication identifier from your sign-in provider (Google or magic-link email). We do not request your Instagram password, ever.

When you upload an Instagram data export, the ZIP is parsed in your browser. We send only the minimum relationship data required for the audit. The original ZIP file never leaves your device. The full list of fields sent is:

• Your Instagram handle — To associate this audit with your Instagram account so we can compare future uploads.
• The export timestamp — To order audits chronologically and detect duplicate uploads of the same export.
• Usernames who follow you — To compute who unfollowed you since your last upload.
• Usernames you follow — To compute who doesn't follow you back.
• Pending follow requests (usernames) (optional — only if Instagram included it) — Only when the file is present in your export; surfaced in the Pending requests section.
• Blocked accounts (usernames) (optional — only if Instagram included it) — Only when the file is present in your export; surfaced in the Blocked section.
• Recently unfollowed (usernames) (optional — only if Instagram included it) — Only when the file is present in your export; surfaced as a separate list.
• The original ZIP filename (optional — only if Instagram included it) — Used in your audit history list (e.g. "instagram-yourhandle-2026-05-19.zip"). Stored as text only — the file itself never leaves your browser.
• A "followed at" timestamp per follower (optional — only if Instagram included it) — Only when Instagram included it in the export; powers the 'earliest followers' feature.

See the literal HTTP request on the privacy proof page and verify it yourself in your browser's DevTools.

• Your Instagram password
• Your Instagram session cookie or access token
• The original ZIP file (it never leaves your browser)
• Any image, profile photo, or avatar URL
• Any direct message (DM) content or metadata
• Any post, story, reel, or comment
• Engagement data (likes, views, saves)
• Bio text, location, or business information
• Your Instagram-registered email or phone number
• Cookies for advertising or third-party tracking

We use the followers/following usernames to compute audits (who unfollowed, who doesn’t follow back, etc.) and store them so you can track changes over time. We do not sell, share, or rent your data to any third party.

We use Supabase Auth for sign-in. If you sign in with Google, Google shares your name, email, and profile photo with us. If you sign in with magic link, only your email address is shared.

Your audit history and account states are kept for as long as you have an account. You can delete your account and all associated data at any time from the Settings page.

Questions about this policy? Email privacy@unfollio.com.