Privacy Policy
Last updated: May 20, 2026
Data controller: [REPLACE: YOUR_LEGAL_ENTITY_NAME] ("we", "us")
Contact: [REPLACE: support@example.com]
Address: [REPLACE: YOUR_ADDRESS]
This Privacy Policy describes how we handle personal data in connection with the Instaflax WordPress plugin and this marketing website.
---
1. Scope
- Plugin installed on customer WordPress sites
- Marketing site (this website)
- Hosted services used by the plugin: license validation API, OAuth token proxy, checkout (Razorpay)
---
2. Data collected by the plugin (on customer sites)
When you install and use Instaflax on your WordPress site, the plugin may store and process:
| Data | Purpose |
|---|---|
| Instagram OAuth access tokens (encrypted) | Fetch and display Instagram media via Graph API |
| Instagram user ID, username, profile metadata | Show header, link to profile, associate feeds |
| Feed settings (layout, colors, shortcode config) | Render feeds as configured |
| License key | Validate Pro/Business plan with license API |
| Site URL | Sent to license API for activation validation |
We do not store Instagram App Secrets in the plugin. Token exchange uses a hosted proxy at https://one.mahihub.in/ig-proxy/.
Tokens are stored encrypted in the WordPress database and are not passed in redirect URLs.
On uninstall: Token and settings behavior depends on plugin uninstall options; review plugin settings before removing the plugin.
---
3. Data collected on this marketing website
- Contact form: name, email, website URL, subject, message
- Server logs: IP address, browser type, pages visited, timestamps
- Cookies: essential cookies; optional analytics if you consent (see Cookie Policy)
- Consent records: cookie preference stored in local storage
---
4. Third-party services
| Service | Role |
|---|---|
| Meta / Instagram | Instagram Graph API; OAuth authorization |
| Cloudflare Workers | License API (scf-license.baldev7285.workers.dev), OAuth proxy |
| Razorpay | Payment processing for Pro/Business purchases |
| Hosting provider | Site delivery and logs (configure per deployment) |
| Analytics (optional) | Usage statistics if enabled and consented |
Each third party has its own privacy policy. We recommend reviewing Meta Platform Terms and Razorpay's privacy notice.
---
5. Purposes of processing
- Provide plugin functionality and Instagram feed display
- License enforcement and plan limits
- Customer support and sales communication
- Improve documentation and product experience
- Security, fraud prevention, and legal compliance
---
6. Legal bases (where GDPR applies)
- Contract: providing purchased services and support
- Legitimate interests: security, product improvement, marketing to business contacts
- Consent: non-essential cookies, marketing emails where required
---
7. Retention
- Support tickets: typically up to 24 months after resolution
- License records: duration of license plus reasonable period for accounting/disputes
- Plugin data on your site: under your control as site owner
- Server logs: per hosting provider policy (often 30–90 days)
---
8. Security
We use industry-standard measures including encryption at rest for OAuth tokens in the plugin, HTTPS for hosted APIs, and access controls on infrastructure. No method is 100% secure; report concerns to [REPLACE: support@example.com].
---
9. International transfers
Data may be processed in India and other countries where our processors operate. Where required, we use appropriate safeguards (standard contractual clauses or equivalent).
---
10. Your rights
Depending on your location, you may have rights to access, correct, delete, restrict, or port personal data, and to object to processing. Contact [REPLACE: support@example.com]. You may lodge a complaint with your local supervisory authority.
---
11. Children's privacy
Our services are not directed at children under 16. We do not knowingly collect children's data.
---
12. Changes
We may update this policy. Material changes will be posted on this page with an updated date.
---
13. Contact
Privacy requests: [REPLACE: support@example.com]
Postal: [REPLACE: YOUR_LEGAL_ENTITY_NAME], [REPLACE: YOUR_ADDRESS]