Privacy & GDPR Compliance

Privacy Policy & Data Protection

We only collect publicly available data from public profiles. No hacking, no circumvention, no private data access.

Last updated: January 2025

What we DO

  • Collect data from public Instagram profiles only
  • Access information anyone can see without logging in
  • Process data for legitimate business interests
  • Respect user rights and deletion requests

What we DO NOT do

  • Access private or locked profiles
  • Bypass authentication or security measures
  • Require your Instagram login credentials
  • Scrape data from direct messages or stories

1. Public Data Only

IGLeads.ai exclusively collects information that is publicly accessible on Instagram. This means we only access data that any internet user could see by visiting a public profile without logging in.

The data we collect includes:

  • Public profile information (username, full name, bio)
  • Public contact information (email, phone) displayed in the bio
  • Publicly visible follower/following counts
  • Public posts and their engagement metrics
  • Business category (for business accounts)
Important: If an Instagram user has set their profile to private, we cannot and do not access their data. We respect the privacy settings users have chosen.

2. No System Circumvention

We do not circumvent, bypass, or hack any security measures or authentication systems. Our technology works within the bounds of what Instagram makes publicly available.

  • We never require users to provide their Instagram credentials
  • We do not use stolen cookies or session tokens
  • We do not exploit security vulnerabilities
  • We do not access any API endpoints that require authentication
  • We do not use bots to interact with accounts (no follows, likes, or messages)

3. GDPR Legal Basis

Under the General Data Protection Regulation (GDPR), we process personal data under the following legal bases:

A. Publicly Available Data (Article 9(2)(e))

The data we collect has been manifestly made public by the data subjects themselves. By choosing a public Instagram profile and displaying contact information in their bio, users have made a conscious decision to share this information with the public.

B. Legitimate Interest (Article 6(1)(f))

We also rely on legitimate interest for B2B lead generation. Business professionals who publicly share their contact information typically do so for commercial purposes. We have conducted a balancing test to ensure:

  • The data collection is necessary for legitimate business purposes
  • Data subjects reasonably expect their public data to be accessible
  • We implement safeguards to protect data subject rights
  • The impact on data subjects is minimal (public data only)
GDPR Compliance: Our data processing is compliant because we only collect data that individuals have voluntarily made publicly accessible, without bypassing any privacy controls.

4. Your Rights Under GDPR

If your data has been collected by IGLeads.ai, you have the following rights:

Right of Access

Request a copy of all data we hold about you

Right to Rectification

Request correction of inaccurate data

Right to Erasure

Request deletion of your data from our systems

Right to Object

Object to processing based on legitimate interest

Right to Restrict Processing

Request limitation of how we use your data

Right to Data Portability

Receive your data in a structured, common format

To exercise any of these rights, contact us at privacy@igleads.ai. We will respond within 30 days as required by GDPR.

5. Data Retention & Security

We retain extracted lead data for a limited time:

  • Job results: Deleted 30 days after extraction
  • Account data: Retained while your account is active
  • Payment records: Retained as required by tax law

Security measures: All data is encrypted in transit (TLS 1.3) and at rest. We use industry-standard security practices and conduct regular security audits.

6. Data We Collect From Customers

When you create an account with IGLeads.ai, we collect:

  • Email address (for account creation and communication)
  • Payment information (processed by Stripe, we do not store card details)
  • Usage data (jobs created, API calls made)
  • Technical data (IP address, browser type, for security and analytics)

We use this data to provide our services, process payments, and improve our platform. We do not sell your personal information to third parties.

7. Contact Us

For any privacy-related questions, data requests, or concerns:

Email: privacy@igleads.ai

Data Controller: IGLeads.ai

Response Time: Within 30 days

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.