Privacy Policy

We collect the following categories of information:

Account Information

• •Mobile phone number (used for OTP-based authentication)
• •Account creation timestamp and session tokens

Content You Provide

• •URLs of Instagram Reels you submit for analysis
• •Transcripts and AI-generated analysis results (summaries, tags, notes, quiz questions) derived from those reels
• •Personal notes and annotations you save to your library
• •Custom tags and categories you create
• •Reminder preferences and scheduled times

Usage Data

• •Quiz attempts, scores, and daily streaks
• •Feature usage events (e.g., which sections you visit, share card generation)
• •App version, device operating system, and device type (iOS / Android)
• •Crash reports, error logs, IP address, request metadata, and abuse-prevention signals

Payment Information

• •Subscription status and tier (Free / Pro)
• •Transaction IDs from Apple App Store, Google Play, or Razorpay
• •We do not store full payment card details — these are handled entirely by Apple, Google, or Razorpay

• •To authenticate you via phone number OTP and maintain your session
• •To run AI analysis on the Instagram Reel URLs you submit
• •To store and display your analysis history, library, notes, and quizzes
• •To enforce Free tier quotas and manage Pro subscription access
• •To send push notifications you explicitly opt in to (quiz reminders, recall alerts)
• •To calculate and display your quiz streaks and learning progress
• •To improve our AI models and app features using aggregated, anonymised usage patterns
• •To comply with legal obligations and prevent fraud or abuse
• •To investigate security incidents, unauthorised access attempts, forged requests, quota bypass, payment abuse, and service attacks

We share or send data to the following third-party providers to operate the service. Each provider has its own privacy policy.

We do not sell your personal data to any third party. We do not use your data for advertising.

• •Your data is stored on secured PostgreSQL servers. All connections use TLS encryption in transit.
• •Session tokens are stored in HTTP-only, secure cookies and never exposed to JavaScript.
• •We retain your account data for as long as your account is active, or as required by law.
• •Analysis results, notes, quiz history, and reminders are retained until you delete them or request account deletion.
• •Reel transcript data is stored to power your Library and recall features; it is not used to train AI models without anonymisation.
• •Anonymous analysis cookies and anti-abuse records are retained only as long as reasonably needed for quota enforcement, security, and fraud prevention.
• •Security logs may be retained longer where needed to investigate abuse, protect the service, resolve disputes, or comply with law.

You have the following rights regarding your personal data:

• •Access — request a copy of all data we hold about you
• •Correction — request correction of inaccurate data
• •Deletion — request deletion of your account and all associated data
• •Portability — request your data in a machine-readable format
• •Objection — object to processing of your data for non-essential purposes
• •Restriction — ask us to restrict certain processing where applicable
• •Withdraw consent — withdraw consent for optional features such as push notifications

To exercise any right, email support@instabrain.app. We will respond within 30 days. For account deletion, include the subject line "Delete Account" — deletion is completed within 7 business days and confirmed by email.

For users in the European Economic Area, United Kingdom, or other regions with similar privacy rules, we rely on the following legal bases:

• •Contract performance — to provide account access, reel analysis, subscriptions, saved library, and support.
• •Legitimate interests — to secure the service, prevent abuse, improve reliability, debug failures, and understand aggregate feature use.
• •Consent — for optional push notifications and any optional marketing communications if introduced later.
• •Legal obligation — to comply with tax, accounting, consumer protection, lawful requests, or dispute-resolution requirements.

We process technical data such as IP address, device type, request metadata, session state, API route, rate-limit events, and payment status to protect InstaBrain and users.

• •We use this data to detect forged requests, token replay, account takeover attempts, quota bypass, scraping, and service abuse.
• •We may preserve relevant logs when investigating a security incident, billing dispute, fraud report, or unauthorised access attempt.
• •We do not sell security or usage logs to advertisers.

InstaBrain is not directed at children under 13 years of age (or under 16 in the European Economic Area). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us immediately at support@instabrain.app and we will delete it promptly.

We send push notifications only if you grant permission. You can withdraw consent at any time through your device settings (iOS: Settings → Notifications → InstaBrain; Android: Settings → Apps → InstaBrain → Notifications). Disabling notifications does not affect your ability to use the app.

Our website uses HTTP-only session cookies for authentication and signed anonymous cookies for guest analysis quotas. The mobile app uses secure local storage for native routing preferences and cached app state. We do not use advertising cookies or third-party tracking pixels.

InstaBrain is operated from India. If you access the app from outside India, your data may be transferred to and processed in India and in the countries where our third-party providers operate. By using the app, you consent to this transfer.

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the effective date at the top of this page and, where appropriate, via an in-app notice. Continued use of InstaBrain after changes constitutes your acceptance of the updated policy.

For privacy questions, data requests, or concerns, contact us at: