Privacy Policy

Last updated: April 2026. This policy explains what data dlinsta.app collects, why, and how it is handled. We designed the service to minimize data collection.

We hash IP addresses using SHA-256 with a server-side salt for rate limiting. Your real IP address is never stored.
Download records (URL, format, status) are kept temporarily for operational purposes and automatically purged.
Temporary files on Cloudflare R2 are deleted after the retention window (typically 1 hour).

Data controller

dlinsta.app is operated as an independent web service. For data-related inquiries, contact us at contact@dlinsta.app.

What we collect

Hashed IP address: used solely for rate limiting (preventing abuse). The hash is one-way and cannot be reversed to your real IP. Download metadata: the Instagram URL you submitted, the output format selected, and the job status. This data is stored in a PostgreSQL database and purged automatically. Temporary files: the downloaded media file is stored on Cloudflare R2 with a signed URL that expires. After expiration, the file is deleted. Payment data (Pro/Business plans only): handled entirely by Stripe. We never see or store your card number. We store your Stripe customer ID and subscription status.

What we do NOT collect

We do not use Google Analytics, Facebook Pixel, or any third-party tracking scripts. We do not fingerprint your browser. We do not serve third-party ads. We do not sell or share any data with third parties. We do not store your real IP address.

Cookies

dlinsta.app uses a single functional cookie to remember your language preference. No advertising cookies, no tracking cookies. If you use the Pro checkout flow, Stripe may set its own cookies during payment.

Third-party services

Cloudflare: CDN and DDoS protection. Cloudflare may process your IP address under their own privacy policy. Cloudflare R2: temporary file storage. Files are deleted after the retention window. Stripe: payment processing for Pro and Business plans. Redis (Redis Cloud): job queue and rate limiting data. No personal data is stored in Redis beyond hashed IPs.

Data retention

Temporary files: deleted after 1 hour (default). Download records: purged automatically (retention depends on operational needs, typically days). Hashed IPs: stored for rate limiting windows only. Stripe data: retained as long as your subscription is active.

Your rights (GDPR / CCPA)

Because we store minimal data and no real IP addresses, most personal data requests do not apply. However, if you believe we hold data about you, you can contact us at contact@dlinsta.app to request access, correction, or deletion. We will respond within 30 days.

Changes to this policy

We may update this policy from time to time. The 'Last updated' date at the top reflects the most recent revision. Continued use of the service after changes constitutes acceptance.