0

TL;DR: Does storing instagram user access token counts as "storing user personal data" and why Privacy Policy url is a required field?

-I have an app in instagram.

-It's used to make api calls to get other users' public data (namely their posts to show on sites in "instagram widget").

-My app will always have only one user (me).

-My site doesn't store any user data, except for: one user auth_token (to make api calls) and cache of api responses (other users' public posts).

To get my app out of sandbox I have to fill "Privacy Policy url". What am I supposed to write in my Privacy Policy?

Will "My app/site stores no non-public user data" be enough and true (I still store my own token) in my case?

If the answer is "yes" to my second question, then why is privacy policy url is a required field? As far as I know privacy policy is needed only in case of actually storing private user data.

haldagan
  • 911
  • 5
  • 16

1 Answers1

1

The Privacy Policy URL is required by the Instagram Platform Policy so that you can disclose:

  • What information you collect, and
  • How you will use that information

Instagram Policy via TermsFeed

If you don't collect and use personal data from users, inform users of this practice in your Privacy Policy.

Your Privacy Policy must be used to disclose what kind of data you collect and how you use it. Example of a Privacy Policy that does not collect data from users from Ecquire:

Greatest Privacy Policy via TermsFeed

For example, Lightwidget Privacy Policy discloses what type of data they collect through Instagram API:

Instagram data we collect

TermsFeed
  • 1,604
  • 8
  • 8