Privacy

Last updated: January 15, 2026

Don’t Follow Back (“DFB”, “we”, “us”) is designed to work without storing your Instagram data. This page explains what we process, when, and why.

Quick summary

• No account required.
• Your IG export stays ephemeral: we parse uploads in memory and discard immediately.
• No copies stored: we do not retain your followers, following, or posts.
• Payments via third parties: Stripe/PayPal handle checkout; we never see full card data.
• Minimal logs: basic operational logs only for reliability and abuse prevention.

What we process

Uploaded Instagram export

When you upload your Instagram export (followers_1.json, following.json, etc.), we parse it in memory to compute sets like “Doesn’t follow back,” “Mutuals,” and “Fans.” We do not store these files on disk or in a database.

Derived results

All results are generated dynamically and tied to your current session. When your session ends or you leave the page, the results are gone. CSV exports are generated on the fly in your browser.

Payment information

We use third-party processors:

• Stripe — card payments; we never see full PAN/CVV.
• PayPal — PayPal transactions; we never see your credentials.

Providers may share minimal metadata (transaction ID, status, last4, country) so we can confirm the unlock.

Operational data

Our infrastructure logs standard request data (IP, user-agent, URLs, timestamps, and error codes). This is used strictly for security, abuse detection, and debugging.

Cookies & local storage

• Session cookie: tracks your parsing/unlock state and expires automatically.
• Local storage: may save simple UI preferences (e.g., last selected tab).

Affiliate links (Amazon Associates)

We participate in Amazon Associates. Some links redirect to Amazon.com; Amazon may set a referral cookie under their own policies. DFB does not receive personal data from these cookies — only aggregated reporting. See Amazon’s Privacy Notice.

Data retention

• Uploads: discarded immediately after parsing.
• Results: ephemeral in session; not stored server-side.
• Payments: payment processors retain necessary records; we retain minimal metadata.
• Logs: stored briefly (typically ≤ 30 days) unless needed for security.

Your rights

Depending on your region (California, EU/EEA/UK), you may request access or deletion of personal data. Since DFB does not persist your IG data, there is usually little to retrieve, but you may always contact us.

Security

We apply industry-standard protections (TLS, least-privilege access, regular patching). No system is perfect — report issues if you find them.

Children

DFB is not intended for children under 13 (or regional equivalent). Do not use the service if you are under the applicable minimum age.

International users

Our infrastructure may operate in the United States. Using DFB means your data may be processed in jurisdictions with different protection laws.

Changes to this policy

We may update this policy occasionally. Material changes update the “Last updated” date above.

Contact

Questions: support@dontfollowback.com