If your app or website connects to Instagram's API, the Instagram Platform Policy requires you to have a publicly accessible Privacy Policy in place that:
- Lets users know what information you collect, and
- Lets users know how you will use that information.
If you're developing an app or website centered around user-generated photography, whether it's a camera app, photo storage website or anything in between, chances are your app is connected to Instagram via the Instagram API.
Here's the Section 8 of Instagram's Policy that requires your to have a Privacy Policy available:
Here's an example of the Twitter app requesting confirmation to connect to Instagram API:
After clicking Authorize, the user is be taken to a login page where the user will enter his Instagram account information:
Integrating Instagram API is quick, easy and definitely worth it for business. So is updating your Privacy Policy to meet the requirement within the Instagram Platform Policy.
If you use the Instragram API, here's what you need to know about including a publicly accessible Privacy Policy that lets users know what information you collect, and how you will use that information.
1. Publicly Accessible
Your Privacy Policy agreement must be publicly accessible. This means that it must be made available to members of the public.
There are two main reasons why you need a Privacy Policy:
✓ Privacy Policies are legally required. A Privacy Policy is required by global privacy laws if you collect or use personal information.
✓ Consumers expect to see them: Place your Privacy Policy link in your website footer, and anywhere else where you request personal information.
Generate an up-to-date 2024 Privacy Policy for your business website and mobile app with our Privacy Policy Generator.
One of our many testimonials:
"I needed an updated Privacy Policy for my website with GDPR coming up. I didn't want to try and write one myself, so TermsFeed was really helpful. I figured it was worth the cost for me, even though I'm a small fry and don't have a big business. Thanks for making it easy."
Stephanie P. generated a Privacy Policy
You cannot limit access to your policy by requiring a password to access your policy or other methods of making access less public and more private.
If you include a link to your policy, make sure your URL is always up and running. The link to your policy must be made available on your website and within your mobile app if either is connecting to the Instagram API.
The Retrica mobile app download page on Google Play includes a link to their Privacy Policy page within the "Additional Information" section.
This link makes the Privacy Policy of Retrica app "publicly accessible" because anyone can click on or tap this link.
A user on a mobile device can find the Privacy Policy linked within this app's page, as seen below on an iOS mobile device:
When a user clicks on the "Privacy Policy" link, a new window opens up that has the full text of the Retrica Privacy Policy:
2. Collection and Use of Information
Your Privacy Policy must let people know what information you collect and how you will use this information.
Here's how the Privacy Policy of Retrica app meets this requirement by including short, to-the-point clauses.
Retrica lets users know what information it collects, such as information obtained while using services, or voluntarily given.
Users are also told how the personal information will be used, including for company communication with users, verifying identity, and personalizing the services of the app:
Example
Here's an example how the Instagram API works for end-users, and how to successfully include your updated Privacy Policy if you're working with the API in your app.
When a Lightwidget user wants to authorize the connection of his Instagram account to his Lightwidget account, he can go to the Authorization webpage on Lightwidget, click "Login with Instagram", and then enter his Instagram username and password on the following webpage.
The user must login to Instagram then:
The Privacy Policy of Lightwidget is publicly available and easy to notice on the authorization page. It's located in the footer on the website, which is standard practice and a familiar placement location for this legal agreement:
Lightwidget's Privacy Policy includes a section about what general information is collected through Lightwidget, including information provided by users, and that which is collected through use of the service such as technical data, usage data, and cookies:
The next section of the Privacy Policy deals specifically with Instagram. This section describes what information Lightwidget collects through Instagram when authorized, such as API token information, email addresses, and photo information like captions and hashtags
In the section titled "How do we use information?," users are informed that their information will be used for things like analyzing trends, improving services and customizing the website.
If you use the Instagram API on your website or mobile app, make sure you follow Instagram requirements by including a Privacy Policy that:
- Is public and easy to access,
- Lets people know what information you collect, and
- Lets people know how you use that information
We've also created a Legal Checklist for Businesses Using Social Media Influencers to help you use endorsements in a legally-compliant way.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.