1. Summary
Greatfon lets you view certain publicly available Instagram content without logging in to Instagram. We do not affiliate with Instagram or Meta, and we do not claim ownership of third‑party content. We collect limited data to operate and secure the Service, improve features, and support analytics and advertising where permitted.
2. Controller / Contacts
Data Controller: Greatfon
Email: [email protected]
If you appoint a Data Protection Officer (DPO) or EU/UK representative, list them here.
3. Information We Collect
3.1 Information you provide
- Search queries you type into the Service.
- Optional contact information you send to us (e.g., support requests, takedown notices).
3.2 Information collected automatically
- Log data: IP address, user‑agent, referrer, timestamps, requested URLs, and basic error metrics.
- Device data: basic device/browser details for compatibility and security.
- Usage data: pages viewed, language preferences, interaction events.
- Cookies and local storage: preferences (e.g., theme, language), session and anti‑abuse tokens.
3.3 Third‑party sources
Where permissible, we may receive analytics or ad measurement data from providers such as Google.
4. How We Use Information
- Provide, maintain, and improve the Service (including search, rendering, and downloads where enabled).
- Secure the Service, prevent fraud/abuse, and enforce our Terms.
- Measure performance and understand usage (analytics).
- Show ads and measure their effectiveness, where permitted by law and your choices.
- Communicate with you about the Service and respond to your requests.
- Comply with legal obligations and requests from authorities where applicable.
5. Cookies & Similar Technologies
We use cookies, local storage, and similar technologies to remember preferences, enable core features, and perform analytics and advertising. You can manage cookies in your browser settings and via our consent controls where available.
| Category | Purpose | Examples | Typical Duration |
|---|---|---|---|
| Strictly Necessary | Security, session integrity, rate limiting | Session token, anti‑bot token | Session/short‑term |
| Preferences | Remember settings (theme, language) | theme=dark, locale=en |
Up to 12 months |
| Advertising | Show/measure ads | Google AdSense/Ads | 3–24 months |
Where required, we obtain consent before setting non‑essential cookies and honor withdrawal through our preference center.
6. Analytics & Advertising
6.1 Analytics
We may use analytics (e.g., GA4) to understand usage. These tools may set cookies and collect IP addresses in a privacy‑preserving manner (e.g., IP masking). You can opt out via our consent controls or browser tools.
6.2 Advertising
We may display advertising (e.g., Google AdSense). Ad partners may use cookies or device identifiers to show relevant ads and measure effectiveness in accordance with their policies and your consent/choices. You can manage ad personalization via our consent controls, your Google Ads settings, or industry opt‑outs (e.g., AdChoices) where available.
7. Legal Bases (GDPR)
For users in the EEA/UK/Switzerland, our processing is based on:
- Performance of a contract (providing the Service at your request).
- Legitimate interests (e.g., security, anti‑abuse, product improvement) balanced against your rights.
- Consent (e.g., non‑essential cookies/ads/analytics where required). You can withdraw consent at any time.
- Legal obligation (e.g., compliance with applicable laws and requests).
8. Data Sharing & Transfers
- Service providers: hosting, analytics, ad networks, security, and support vendors who process data on our behalf under appropriate agreements.
- Legal/Compliance: when required by law or to protect our rights, users, or the public.
- Business transfers: in connection with a merger, acquisition, or sale of assets.
Where data is transferred outside your region (e.g., from the EEA to other countries), we rely on appropriate safeguards such as Standard Contractual Clauses and implement additional measures where necessary.
9. Data Retention
We retain information for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Typical periods include:
- Server logs: 30–180 days unless needed longer for security or legal reasons.
- Consent preferences: until withdrawn or expired (typically 6–24 months).
- Support communications: up to 24 months after resolution unless law requires otherwise.
10. Your Rights
EEA/UK/Swiss users
You may have the right to request access, correction, deletion, restriction, portability, or objection to processing, and to withdraw consent where processing is based on consent. You also have the right to lodge a complaint with your supervisory authority.
California (CCPA/CPRA)
California residents can request to know, access, correct, or delete personal information, and to opt out of "sale"/"sharing" of personal information for cross‑context behavioral advertising. We do not knowingly sell personal information. Where our use of ad/analytics cookies constitutes “sharing” under California law, you can opt out via our preference controls and GPC signals (see Section 13).
Other regions
Depending on your location (e.g., Brazil LGPD, Canada PIPEDA), you may have similar rights. Contact us to exercise them.
We will verify requests and respond within the timeframes required by applicable law.
11. Security
We implement technical and organizational measures designed to protect information, including encryption in transit, access controls, and monitoring. No system is 100% secure; we encourage you to use strong, unique passwords and keep software up to date.
12. Children
The Service is not intended for children under the age of 13 (or the age of digital consent in your jurisdiction). If you believe we have collected information from a child, please contact us so we can take appropriate action.
13. Global Privacy Control (GPC) & Do Not Track
Where legally required and technically feasible, we honor Global Privacy Control (GPC) signals to opt out of certain data “sharing”/processing (e.g., for advertising). We also respect your consent preferences set through our banner or settings. Traditional “Do Not Track” signals are not standardized; we treat them in line with applicable law and our capabilities.
14. Changes
We may update this Policy to reflect changes to our practices or legal requirements. The Effective date above indicates the latest revision. If changes are material, we will provide additional notice as appropriate.
15. Contact Us
For privacy questions or requests, contact:
- Email: [email protected]
Not affiliated with Instagram. Instagram™ is a trademark of Instagram, LLC. All third‑party content remains the property of its respective owners.