- The specific type of information you collect from them
- What happens to that information, i.e., how it's stored, processed, and used by you
- 1. Instagram's Platform Policy
- 1.1. Section 8
- 1.2. Section 9
- 1.3. Section 10
- 2. Instagram Requirement Summary
- 3.1. Contact Details
- 3.2. Compliance
- 3.3. Data Security
- 3.4. User Generated Content
- 5.1. Website Footer
- 5.2. Navigation or App Menu
- 5.3. Before Signup or Information Exchange
- 6. Summary
Instagram's Platform Policy
The Platform Policy sets out what terms users and developers agree to when they use the API:
By clicking on "Instagram Settings," users have the option to limit the information they share. Facebook and Instagram both empower users.
The Policy includes detailed information about the data it collects, and how it uses it. These clauses will be slightly different for every app.
Users may view both Policies before proceeding.
Section 9 of the Instagram Platform Policy addresses third party matters.
Commonly, developers allow third parties to either market through their platform using advertisements, or they let third parties place cookies on user devices to better target their marketing strategies.
While this practice is still fine, section 9 states that you must disclose any third party involvement to users:
The Policy also explains how the information is used by Twitter:
Twitter explains that if you click on an external advertisement or link, then the advertiser may find out, through data exchange, that you found their link on Twitter:
It also says cookies are only used when necessary to ensure site functionality:
Twitter is also open about its third party data sharing policy. It explains why it uses advertisements, and how it chooses its partners:
However, there's still data that Twitter can share without seeking user consent. The app is transparent about this. It explains that it only shares so much data as is necessary to ensure application functionality:
Instagram could enforce this clause against you and remove your app from its API if you fail to adhere to this section.
Instagram Requirement Summary
- Tell users what data you collect about them, and how you handle this data
- Explain what access third parties have to the information you gather
Section 7 of the Platform Policy says that users must be able to contact the developers for support and further information:
7. Provide meaningful customer support for your app, and make it easy for people to contact you.
Twitter, for example, sets out who users should contact based upon their geographical location:
Section 35 of Instagram's Platform Policy states that developers must avoid exposing Instagram to legal liabilities:
35. Comply with all applicable laws or regulations. Don't provide or promote content that violates any rights of any person, including but not limited to intellectual property rights, rights of privacy, or rights of personality. Don't expose Instagram or people who use Instagram to harm or legal liability.
To comply, for example, Twitter specifies that only users aged 13 and over may use its services:
Publing dedicates a whole clause to legal compliance. It explains that the company will always cooperate with law enforcement and abide by laws and regulations:
Another great clause to include is something like Pinterest's disclosure clause. The platform explains when it's obliged to share information with law enforcement, which shows that it's committed to legal compliance:
Instagram says, in section 27 of its Platform Policy, that developers connecting to its API must commit to protecting data from unauthorized access and use:
27. Protect the information you receive from us against unauthorized access, use, or disclosure. For example, don't use data obtained from us to provide tools that are used for surveillance.
To comply with this Policy, Publing explains exactly how it safeguards information while still limiting its liability for unforeseen issues:
Photo app Flickr keeps its security clause broad. The wording means that Flickr's only obliged to take reasonable steps to keep data secure, which mitigates its responsibility. This is a great idea for developers:
User Generated Content
Given the nature of Instagram's platform, it's unsurprising that the Platform Policy contains numerous clauses dedicated to regulating what happens to user generated content.
Section 11 states that apps must respect any restrictions that a content owner places on their own generated content:
11. Comply with any requirements or restrictions imposed on usage of Instagram user photos and videos ("User Content") by their respective owners. You are solely responsible for making use of User Content in compliance with owners' requirements or restrictions.
Tumblr makes it clear that, although users can restrict who sees their content, it is an app designed for public sharing. However, Tumblr still takes steps to ensure that it complies with user specified requirements where possible. What's important is that the app is only obliged to take reasonable steps, which is key for any app provider:
Anyone who uses Tumblr, then, should understand that their own content is easily shared. Basically, Tumblr can't give any guarantees about what happens to content once it's uploaded and viewable on the internet.
Instagram expects API users to promptly remove its own users' content and other personal information upon request at clause 12:
12. Remove within 24 hours any User Content or other information that the owner asks you to remove.
It's unwise to warrant that you'll remove data so promptly because it's impossible to personally monitor the data 24 hours a day. To work around this, Tumblr tells users that content removal, or account deletion, is almost effective immediately. However, there's no guarantee that all user content will be removed if, for example, it has been reblogged:
Similarly, WhatsApp tells users that it only stores personal information, and user content, until a user deletes their account. Significantly, WhatsApp doesn't warrant that it'll remove the data within a 24 hour period, because the app can't reasonably guarantee this is the case:
The general principle throughout Instagram's Platform Policy is that you should only store as much data as necessary to provide the app's service, and that you shouldn't store it any longer than necessary.
This is emphasized in section14:
14. Only store or cache User Content for the period necessary to provide your app's service.
Pinterest only keeps user data for long enough to provide the user with essential services. Importantly, Pinterest doesn't warrant that it always removes every trace of a user's data.
Instead, it sometimes randomizes and anonymizes this data. This then doesn't place an onerous burden on the developers to ensure every strand of a user's data is removed from its systems:
It's often necessary to collect and store data such as a user's IP address or location to provide them with the right services and relevant content.
- Answer the questions related to your entity type and location.
- Answer the questions relating to what type of information you collect from your users.
Place a link to your Policy within your footer. This is where you'll find the first link to most Privacy Policies online.
Here's an example from WhatsApp:
And another example from DeviantArt, a popular art sharing site:
Remember, to comply with Instagram's Platform Policy, your Policy, just like your other Terms and Conditions, can't be hidden or concealed in any way.
Navigation or App Menu
Before Signup or Information Exchange