Privacy Policy

Last updated: 27 May 2026

This Privacy Policy explains how 00Connect ("we", "us", or "our") collects, uses, stores, and shares information when you use our website and services (the "Service"). By creating an account, connecting Instagram, or otherwise using the Service, you acknowledge this policy. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Who this policy covers

This policy applies to registered users (creators/influencers, brand and agency users, and administrators) and to visitors who view public pages such as creator profiles (/{username}) or campaign reports (/campaign/{slug}) without signing in.

Information we collect

Account information

When you register, we collect your email address, password (stored in hashed form only—we never store plain-text passwords), display name, and username. You may optionally provide first name, last name, location, and bio in Settings. We also store your account type (for example influencer, brand, agency, or admin) and session data needed to keep you signed in.

Instagram data (with your permission)

If you connect an Instagram Professional (Business or Creator) account, we request the following permissions from Meta and receive data through Meta's official APIs:

• instagram_business_basic — profile information (username, account type, profile picture), follower / following / media counts, and your published media (posts, reels, carousels, stories), including captions, permalinks, media URLs, and post dates.
• instagram_business_manage_insights — insights and analytics for your account and content, such as reach, impressions, engagement, saves, shares, views, audience demographics (age, gender, country), online followers, and account activity over time.

We store your Instagram user ID, username, account type, an encrypted long-lived access token, token expiry, and connection timestamps. We sync and retain historical snapshots of account-level metrics, per-post/story metrics, and related content metadata in our database. We may copy media or thumbnails to our content delivery provider so dashboards load reliably.

Usage, analytics, and technical data

We collect information about how you and visitors interact with the Service. This may include pages viewed, features used, buttons clicked, referral URLs, session duration, approximate location derived from IP address, browser and device type, operating system, screen size, and similar technical identifiers.

We use cookies, local storage, pixels, and similar technologies—including third-party analytics and product-analytics tools—to understand usage, measure performance, debug issues, improve the Service, and understand user behaviour in aggregate and, where configured, at an individual session level. Analytics data is not used to train general-purpose AI models and is not sold to advertisers.

Campaign and admin data

Administrators may create campaigns, assign creators and specific Instagram content to campaigns, and upload brand assets (such as logos). Campaign pages may display aggregated performance metrics and creator usernames for reporting purposes.

How we use your information

• Provide, operate, and secure the Service (authentication, sync, dashboards).
• Generate and display your private analytics profile and historical charts.
• Power public creator profiles and campaign report pages you or an admin choose to share.
• Run scheduled and manual data syncs from Instagram.
• Respond to support requests and enforce our Terms of Service.
• Analyse usage and behaviour to improve features, fix bugs, and understand how the product is used (including through analytics providers).
• Comply with legal obligations and Meta Platform requirements.

We do not sell your personal information. We do not use Instagram insights for third-party advertising or to train general-purpose machine-learning models.

Legal bases (UK / EEA users)

Where UK GDPR or EU GDPR applies, we rely on: contract (to provide the Service you signed up for); legitimate interests (to secure and improve the Service, prevent abuse, and analyse aggregated usage—balanced against your rights); and consent where required (for example non-essential cookies or similar technologies, which we will only use after you agree where the law requires it). You may object to processing based on legitimate interests by contacting us.

Public sharing

If your profile has been synced, anyone with the link to your public profile URL may view the analytics and content we display there without logging in. Campaign report pages at a shared slug are likewise publicly accessible. Do not share these links if you do not want recipients to see the information shown on those pages.

How we store and protect data

Instagram access tokens are encrypted at rest using industry-standard encryption before storage in our database. Authentication sessions use HTTP-only cookies. Data is hosted on infrastructure we control or contract with (including database hosting and media storage/CDN providers). We apply reasonable technical and organisational measures, but no system is completely secure.

Automated jobs may refresh your Instagram data on a schedule (for example daily account snapshots) and mirror media files for display. Manual sync is also available from Settings.

Retention

We keep account and Instagram snapshot data while your account is active and Instagram remains connected, unless you delete it sooner. After you disconnect Instagram, delete stored Instagram data, or delete your account, we delete or anonymise applicable data within a reasonable period, except where we must retain limited records for legal, security, or backup purposes. Analytics and server logs may be retained for a shorter or longer period in aggregated or pseudonymised form.

Third parties and subprocessors

We share information only as needed to run the Service:

• Meta / Instagram— when you connect or revoke access; governed by Meta's policies.
• Hosting and database providers — to store account and analytics data.
• Media / CDN providers — to host mirrored post images or thumbnails.
• Analytics providers — to measure usage and behaviour on our site and app (subject to their policies and our configuration).

We are not affiliated with Meta or Instagram. Your use of Instagram remains subject to Meta's terms and privacy policies.

Cookies and analytics choices

Strictly necessary cookies are used for login and security. Analytics and performance cookies help us understand how the Service is used. Where required by law, we will ask for your consent before placing non-essential cookies or running equivalent tracking. You can also control cookies through your browser settings; disabling some cookies may limit certain features.

Your rights and choices

Depending on where you live, you may have the right to:

• Access, correct, or delete personal data we hold about you.
• Restrict or object to certain processing.
• Data portability (where applicable).
• Withdraw consent (where processing is consent-based).
• Lodge a complaint with your supervisory authority.

In the app: Settings → disconnect Instagram (stops future sync and removes the connection) or delete all stored Instagram data (removes snapshots, posts, and insights we hold). Sign out ends your session.

Via Instagram: Instagram → Settings → Apps and Websites → remove 00Connect. Meta notifies us via their deauthorize and data-deletion callbacks; we then disconnect your account and remove associated stored Instagram data.

For other requests, see our data deletion page or email us (below). We aim to respond within 30 days.

International transfers

We may process data in the United Kingdom and other countries where we or our providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses) for transfers outside the UK/EEA.

Children

The Service is not directed at anyone under 18. We do not knowingly collect personal data from children. Contact us if you believe we have done so.

Changes

We may update this policy from time to time. We will post the revised version on this page with an updated "Last updated" date. Continued use after changes take effect constitutes acceptance where permitted by law.

Contact

Privacy questions or requests: dev@00nation.com

← Back to login · Terms of Service