Privacy Policy

UnfollowerTracker is an independent web tool operated from France, designed to help Instagram users analyse their follower and following relationships using their own officially exported data. Our Terms of Service are incorporated into this policy by reference.

1.1 — Data Controller (GDPR)

UnfollowerTracker processes your Instagram data export entirely inside your web browser. No file you upload, no username, no follower list, and no result generated by this tool is ever transmitted to, stored on, or accessed by our servers — because we do not operate any data-collection infrastructure for this purpose.

This architecture-first approach to privacy means we cannot, and do not, collect, retain, sell, or share your Instagram data, usernames, or any personally identifiable information derived from your export files. Because we never receive this data, we cannot be compelled to disclose it.

We distinguish clearly between three categories of information:

3.1 — Information we do NOT collect

• Your Instagram credentials, username, or password
• The contents of your Instagram ZIP file (followers, following lists, usernames)
• The results of any analysis performed in your browser
• Any personal profile information from your Instagram account

3.2 — Information we may collect automatically

Like most websites, our hosting infrastructure and third-party services may automatically collect certain technical and non-personal data when you visit the site, including:

• IP address (typically anonymised or not stored beyond standard server logs)
• Browser type and version, operating system
• Referring URL and pages visited on our site
• Date and time of access, general geographic region

3.3 — Payment information

If you choose to unlock the full results via our one-time payment, payment is processed entirely by our third-party payment provider (e.g., Stripe or equivalent). We do not receive, store, or process your card number, bank details, or billing address. Our payment provider's own privacy policy governs how they handle your payment data. We may receive a transaction confirmation and a non-identifiable order reference solely to verify access entitlement.

There is no account system. Each purchase grants single-session access to the full results. We do not retain purchase history linked to any personal identifier. The legal basis for processing this transactional data is contractual necessity (Art. 6(1)(b) GDPR) and, where applicable, compliance with legal obligations (Art. 6(1)(c) GDPR) such as French accounting and tax law.

4.1 — Cookies and local storage

We use a limited and clearly defined set of cookies and browser storage mechanisms. We do not use persistent tracking cookies for behavioural profiling by this service. The categories in use are as follows:

• Strictly necessary session cookies: Short-lived cookies that expire when you close your browser tab. Used solely for core site functionality — for example, maintaining your navigation state during a single visit. These do not track you across sessions or other websites.
• Session unlock local storage: Browser local storage may be used to remember that you have completed a payment or watched an ad within the current session, so you are not required to repeat that step while the tab remains open. This data is stored only in your browser, is never transmitted to our servers, and is cleared when the session ends or when you clear your browser data.
• Third-party advertising cookies: Cookies set by our advertising network partners for ad delivery, measurement, and personalisation purposes. These are described fully in Section 4.2 below.

You may disable non-essential cookies at any time through your browser settings. Note that disabling strictly necessary session cookies may impair certain functionality of the Service.

4.2 — Third-party advertising (Google AdSense)

4.3 — Other third-party scripts and CDNs

Our site loads assets from trusted content delivery networks (CDNs), including fonts from Google Fonts and JavaScript libraries from public CDNs. These providers may log your IP address as part of standard CDN operation in accordance with their own privacy policies. We do not control those logs and do not receive them directly. We do not sell or rent any personal data to third-party advertisers or data brokers.

As an operator based in France, we comply with the EU General Data Protection Regulation (GDPR) and applicable French data protection law (loi Informatique et Libertés, as amended). To the extent we process personal data as described in Section 3.2, the legal basis is our legitimate interests under Art. 6(1)(f) GDPR. Payment data is processed on the basis of Art. 6(1)(b) and Art. 6(1)(c) GDPR (see Section 3.3).

If you are located in the European Economic Area, you have the following rights:

• Access — request a copy of any personal data we hold about you
• Rectification — request correction of inaccurate data
• Erasure — request deletion of your personal data ("right to be forgotten")
• Restriction — request that we limit how we use your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests at any time, free of charge
• Complaint — lodge a complaint with a supervisory authority, including the CNIL (Commission Nationale de l'Informatique et des Libertés) at cnil.fr

If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) may grant you additional rights regarding personal information.

You have the right to:

• Know what personal information is collected, used, shared, or sold
• Delete personal information we have collected about you (subject to exceptions)
• Opt out of the sale or sharing of your personal information
• Non-discrimination for exercising your CCPA rights

For any CCPA-related requests, please contact us at instaunfollowerstracker@gmail.com. We will respond within 45 days as required by law.

Because your Instagram data is processed entirely in-browser, we retain no copy of it whatsoever. The following retention periods apply to the limited data we do handle:

• Server access logs: If retained by our hosting provider, kept for no longer than 90 days, after which they are deleted or anonymised.
• Payment confirmation references: Retained only as long as necessary for legal and accounting obligations — generally up to 10 years under applicable French commercial law (Article L. 123-22 of the French Commercial Code).
• Session cookies and local storage: Cleared automatically when your browser session ends or when you clear your browser data. We do not set persistent cookies that survive browser restarts.

Our site is served over HTTPS (TLS encryption) to protect data in transit between your browser and our servers. Since your Instagram data never leaves your device, it is not exposed to network-level risks on our end. We follow reasonable and proportionate security practices for the limited server-side data we do handle, including infrastructure access controls and log access restrictions.

No system is 100% secure. In the unlikely event of a security incident affecting personal data we hold, we will notify affected users and the relevant supervisory authority (the CNIL) as required by GDPR Articles 33 and 34, within the applicable 72-hour notification window where feasible.

UnfollowerTracker is not directed at children under the age of 13 (or 16 in EU Member States where the higher threshold applies under GDPR Art. 8). We do not knowingly collect personal information from children. Instagram itself requires users to be at least 13 years old.

If you believe a child has used this service in a manner that may have resulted in the collection of their personal data, please contact us at instaunfollowerstracker@gmail.com and we will take appropriate remedial steps without undue delay.

By using UnfollowerTracker, you confirm and warrant that:

• You are the legitimate owner of the Instagram account whose data export you upload, or you have explicit authorisation from the account holder to do so
• You are solely responsible for the data export file you upload and for ensuring you have the full legal right to use that data for this purpose
• You will not use this service to harass, stalk, monitor, or maliciously target other individuals
• You will not use results generated by this tool for illegal, discriminatory, or abusive purposes
• You are legally permitted to use social media services in your jurisdiction
• You are at least 13 years of age (or the minimum age required in your country)

We reserve the right to refuse or restrict access to the service for users who violate these conditions. For full details of prohibited conduct and the termination of access clause, please review our Terms of Service.

Instagram periodically changes the format of its data exports. While we make every effort to keep our parsing logic up to date, we cannot guarantee that the service will function correctly at all times following such changes. We will endeavour to release updates promptly, but no specific update timeline is guaranteed.

To the fullest extent permitted by applicable law, UnfollowerTracker and its operators shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising from your use of — or inability to use — this service, including any reliance on the accuracy of results generated.

Our total aggregate liability, if any, shall not exceed the amount paid by you to access the service (i.e., €2.49 maximum). Nothing in this section excludes or limits liability in a manner not permitted by applicable mandatory consumer protection law.

Our service is operated from France and targets an international audience. The limited personal data we process (server logs, payment confirmation references) may be handled by third-party infrastructure providers — including hosting providers, CDNs, and payment processors — whose servers may be located outside the European Union/EEA, including in the United States.

Your Instagram data is processed entirely in your own browser and is therefore not subject to any international data transfer by us. It does not cross any network boundary to our infrastructure.

We may update this Privacy Policy from time to time — for example, to reflect changes in applicable law, our operational practices, or the features of our service. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

For material changes — such as new categories of data collection or significant changes to how we use your data — we will display a prominent notice on our website prior to the change taking effect, where reasonably practicable. Continued use of the service after any update constitutes acceptance of the revised policy.