If your app or website connects to Instagram's API, the Instagram Platform Policy requires you to have a publicly accessible Privacy Policy in place that:

  • Lets users know what information you collect, and
  • Lets users know how you will use that information.

If you're developing an app or website centered around user-generated photography, whether it's a camera app, photo storage website or anything in between, chances are your app is connected to Instagram via the Instagram API.

Here's the Section 8 of Instagram's Policy that requires your to have a Privacy Policy available:

Instagram Platform Policy: Section 8

Here's an example of the Twitter app requesting confirmation to connect to Instagram API:

Twitter: Authorize Instagram

After clicking Authorize, the user is be taken to a login page where the user will enter his Instagram account information:

Instagram webpage: Authorize and confirmation

Integrating Instagram API is quick, easy and definitely worth it for business. So is updating your Privacy Policy to meet the requirement within the Instagram Platform Policy.

If you use the Instragram API, here's what you need to know about including a publicly accessible Privacy Policy that lets users know what information you collect, and how you will use that information.

1. Publicly Accessible

Your Privacy Policy agreement must be publicly accessible. This means that it must be made available to members of the public.

You cannot limit access to your policy by requiring a password to access your policy or other methods of making access less public and more private.

If you include a link to your policy, make sure your URL is always up and running. The link to your policy must be made available on your website and within your mobile app if either is connecting to the Instagram API.

The Retrica mobile app download page on Google Play includes a link to their Privacy Policy page within the "Additional Information" section.

This link makes the Privacy Policy of Retrica app "publicly accessible" because anyone can click on or tap this link.

Retrica app on Google Play: Highlight Privacy Policy link

A user on a mobile device can find the Privacy Policy linked within this app's page, as seen below on an iOS mobile device:

Retrica iOS app in App Store: Highlight Privacy Policy

When a user clicks on the "Privacy Policy" link, a new window opens up that has the full text of the Retrica Privacy Policy:

Retrica Privacy Policy: Website open screenshot

2. Collection and Use of Information

Your Privacy Policy must let people know what information you collect and how you will use this information.

Here's how the Privacy Policy of Retrica app meets this requirement by including short, to-the-point clauses.

Retrica lets users know what information it collects, such as information obtained while using services, or voluntarily given.

Information we collect clause in Privacy Policy of Retrica

Users are also told how the personal information will be used, including for company communication with users, verifying identity, and personalizing the services of the app:

How we use information clause in Privacy Policy of Retrica

Example

Here's an example how the Instagram API works for end-users, and how to successfully include your updated Privacy Policy if you're working with the API in your app.

Logo of Lightwidget

When a Lightwidget user wants to authorize the connection of his Instagram account to his Lightwidget account, he can go to the Authorization webpage on Lightwidget, click "Login with Instagram", and then enter his Instagram username and password on the following webpage.

Lightwidget: Login with Instagram

The user must login to Instagram then:

Instagram Login Dialog

The Privacy Policy of Lightwidget is publicly available and easy to notice on the authorization page. It's located in the footer on the website, which is standard practice and a familiar placement location for this legal agreement:

Screenshot of Lightwidget page with highlight on link to Privacy

Lightwidget's Privacy Policy includes a section about what general information is collected through Lightwidget, including information provided by users, and that which is collected through use of the service such as technical data, usage data, and cookies:

Personal data we collect in Privacy Policy of Lightwidget

The next section of the Privacy Policy deals specifically with Instagram. This section describes what information Lightwidget collects through Instagram when authorized, such as API token information, email addresses, and photo information like captions and hashtags

Instagram data we collect clause in Privacy Policy of Lightwidget

In the section titled "How do we use information?," users are informed that their information will be used for things like analyzing trends, improving services and customizing the website.

How do we use information clause in Lightwidget Privacy Policy

If you use the Instagram API on your website or mobile app, make sure you follow Instagram requirements by including a Privacy Policy that:

  • Is public and easy to access,
  • Lets people know what information you collect, and
  • Lets people know how you use that information

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy