Privacy Policy

Last Updated: 2025-11-05

1. Introduction

infllook ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our service.

2. Information We Collect

2.1 Instagram Data

When you connect your Instagram Business or Creator account, we collect:

• Basic Profile Information: Username, display name, profile picture, biography, website, follower count, following count
• Facebook Page Information: Facebook User ID, Page ID, Instagram Business Account ID (required for Instagram Graph API integration)
• Public Media Data: Post content (images, captions), timestamp, media type, permalink, like count, comment count
• Instagram Insights (Advanced Access only): Impressions, reach, profile views, engagement metrics, saved count

2.2 Usage Data

We automatically collect:

• Analysis request timestamps and frequency
• Error logs for troubleshooting
• Authentication tokens (encrypted with AES-256-GCM)

3. How We Use Your Information

We use the collected information to:

• Provide Analytics: Calculate VIS Score, engagement rate, health grade, and pricing recommendations
• Generate Reports: Create detailed influencer performance reports
• Improve Service: Analyze usage patterns to enhance our algorithm
• Maintain Security: Detect and prevent unauthorized access

4. Data Storage and Security

• Database: Your data is stored securely in Neon PostgreSQL with encryption at rest
• Token Encryption: Access tokens are encrypted using AES-256-GCM algorithm
• Transport Security: All communication between your browser, our servers, and Meta APIs is secured using HTTPS (TLS). Sensitive data is encrypted both in transit and at rest.
• Access Control: Only authorized backend system processes can access your data. No human operator or third party has direct access to your access tokens or raw Instagram data.
• Data Retention: We retain your data for 90 days from last analysis. You can delete your data anytime.

5. Data Sharing

We do NOT sell, trade, or rent your personal information. We may share data only:

• With Your Consent: When you explicitly authorize sharing
• Service Providers: Neon (database hosting), Vercel (application hosting) - under strict confidentiality agreements
• Legal Requirements: When required by law or to protect our rights

6. Your Rights

You have the right to:

• Access: Request a copy of your stored data
• Delete: Remove your account and all associated data permanently
• Revoke: Disconnect your Instagram account at any time through Settings
• Opt-Out: Stop data collection by disconnecting your account

6.1 Data Deletion Process

You can request deletion of your data through the following methods:

• Facebook Settings: Go to Settings & Privacy > Settings > Apps and Websites > infllook > Remove
• Email Request: Send a deletion request to bornu@naver.com
• Automatic Processing: When you remove the app from Facebook, we receive a deletion callback and automatically delete all your data within 24 hours

6.2 What Gets Deleted

Upon deletion request, we permanently remove:

• Your Instagram account information and access tokens
• All collected media data and insights
• Calculated scores and analytics (VIS Score, features)
• User profile and authentication data

Note: For legal compliance (GDPR, audit trail), we retain a minimal deletion log containing only: user ID, deletion timestamp, and confirmation code. This log does not contain any personal or content data.

7. Instagram Platform Policy Compliance

We comply with Facebook/Instagram Platform Policies:

• Use Instagram data only for providing analytics services
• Do not use data for advertising or targeting
• Respect user privacy and content ownership
• Implement secure data handling practices

8. Children's Privacy

Our service is not intended for users under 13 years of age. We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page with an updated "Last Updated" date.

10. Contact Us

If you have questions about this Privacy Policy, please contact us:

• Email: bornu@naver.com
• Address: 경기도 부천시 원미구 소사로 487, 605호 (춘의동, 부천R&D 종합센터)

11. Data Controller

The data controller responsible for processing your personal information is:

• Entity: 본유 (Bornu Inc.)
• Representative: 류연진
• Email: bornu@naver.com
• Address: 경기도 부천시 원미구 소사로 487, 605호 (춘의동, 부천R&D 종합센터)

12. International Data Transfers

Some data may be processed by Meta Platforms, Inc. and other service providers located outside of your country (including the United States and Ireland). All transfers are performed in compliance with Meta's Data Transfer Addendum and standard contractual clauses (SCCs) or other appropriate safeguards as required by applicable data protection laws.