Don’t Follow Back

Privacy

Last updated: October 16, 2025

Don’t Follow Back (“DFB”, “we”, “us”) is designed to work without storing your Instagram data. This page explains what we process, when, and why.

Quick summary

  • No account required.
  • Your IG export stays ephemeral: we parse your uploaded file in memory and discard it immediately after processing.
  • No copies of your IG content: we don’t keep your followers/following lists or posts.
  • Payments via third parties: Stripe and/or PayPal handle checkout; we never see full card data.
  • Minimal logs: we keep basic operational logs (timestamps, status codes, IPs) for reliability, abuse prevention, and security.

What we process

Uploaded Instagram export

When you upload your Instagram export (e.g., followers_1.json, following.json), we parse it in memory to compute sets like “Doesn’t follow back,” “Mutuals,” and “Fans.” We do not store these files on disk or in a database.

Derived results

Results (tables you see on the page) are generated dynamically and tied to your current session. When the session ends or you leave the page, the results are gone. If you choose to download a CSV, the file is generated on the fly in your browser.

Payment information

We use third-party processors to collect payments:

  • Stripe — processes card payments; DFB does not receive full card PAN/CVV.
  • PayPal — processes PayPal transactions; DFB does not receive your PayPal credentials.

These providers may share limited metadata with us (e.g., transaction ID, status, last4, country) so we can confirm a purchase and unlock features.

Operational data

Like most services, our infrastructure may log standard request data (IP address, user-agent, URLs, timestamps, and error codes). We use this to keep the service secure, detect abuse, and debug issues.

Cookies & local storage

  • Session cookie: used to keep your paid/parse state during your visit. It expires automatically or when you close the browser (exact TTL may appear in your cookie settings).
  • Local storage (optional): may cache simple UI preferences (e.g., which tab was last open). You can clear these any time in your browser.

Affiliate links (Amazon Associates)

We participate in the Amazon Associates program. This means some links on our site point to products on Amazon.com. If you click one of these links, Amazon may place a cookie on your device to track referrals and attribute purchases. These cookies are controlled by Amazon and subject to Amazon’s Privacy Notice. Don’t Follow Back does not receive personal information from these cookies—only aggregated reporting (e.g., that a purchase occurred).

Data retention

  • Uploads: discarded immediately after parsing (in-memory processing).
  • Results: ephemeral to your session; not persisted server-side.
  • Payments: transaction records are retained by the payment provider and a minimal record may be retained by us for accounting and fraud prevention, per legal obligations.
  • Logs: basic server logs may be retained for a limited period (typically up to 30 days) and then deleted, unless needed for security or legal reasons.

Your rights

Depending on where you live (e.g., California, EU/EEA/UK), you may have rights to access, correct, delete, or restrict processing of your personal information. Because DFB does not persist your IG data, there’s usually little to retrieve—but you can always reach out and we’ll help.

Security

We apply industry-standard practices to protect the service (TLS in transit, least-privilege access, regular patching). Still, no system is 100% secure. If you believe you’ve found a vulnerability, please contact us.

Children

DFB is not directed to children under 13 (or the minimum age in your country). Please do not use the service if you are under the applicable age.

International users

Our infrastructure may be located in the United States. By using DFB, you understand your information may be processed in the U.S. and other countries with different data protection laws.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above. If changes significantly affect how we handle your information, we’ll take reasonable steps to let you know.

Contact

Questions or requests: support@dontfollowback.com

Implementation notes (technical)
  • Parsing runs in memory; no disk write of user uploads.
  • CSV export is generated client-side from the current table view.
  • Session cookie uses HttpOnly, Secure, and SameSite where supported.
  • Content Security Policy blocks inline scripts; all JS is external.