🔒

We do not track your website visitors. We do not set cookies on their browsers. FeedPane is GDPR-compliant by design.

Privacy Policy

Last updated: March 1, 2026

1. Introduction

FeedPane ("we", "our", or "us") operates the website feedpane.com and the FeedPane Instagram widget service (the "Service"). This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights regarding that data.

We are committed to protecting your privacy. This policy is designed to comply with the General Data Protection Regulation (GDPR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), and other applicable privacy laws.

TL;DR for the privacy-conscious: We collect only what's necessary to run the service (your email, password hash, and Instagram token). We don't sell your data. We don't track your website visitors. We don't set cookies on visitor browsers. That's by design.

2. Data We Collect About You (The Account Holder)

2.1 Account Data

When you sign up for FeedPane, we collect:

  • Email address — used for account identification, login, and service communications
  • Password — stored as a bcrypt hash; we never store your plain-text password
  • Business name (optional) — displayed in your dashboard only

2.2 Instagram Connection Data

When you connect your Instagram account, we receive and store:

  • Instagram User ID — to identify your account with Meta's API
  • Instagram username — displayed in your dashboard
  • Access token — a long-lived token issued by Meta, encrypted at rest, used only to fetch your feed data. You can revoke this at any time via Instagram's connected apps settings.
  • Token expiry date — to auto-refresh before expiry (tokens last 60 days and are refreshed automatically)

2.3 Feed Cache Data

We cache your Instagram posts (images, captions, like counts, timestamps, permalinks) in our database to serve your widget without hitting Instagram's API on every page load. This cached data is automatically updated on an hourly schedule.

2.4 Billing Data

Payment processing is handled entirely by Stripe. We do not store credit card numbers, CVV codes, or full payment details. We store only your Stripe customer ID and subscription ID to manage your plan. Stripe's privacy policy governs the handling of your payment information: stripe.com/privacy.

3. Data We Do NOT Collect About Your Website Visitors

When your website visitors see your FeedPane widget, we:

  • Do not set any cookies on their browsers
  • Do not collect their IP addresses
  • Do not track which pages they visit
  • Do not use fingerprinting or any cross-site tracking
  • Do not build profiles on your visitors
  • Do not share any data about your visitors with third parties

The widget simply fetches pre-cached feed data from our API and renders it in the user's browser. No visitor data is collected or stored.

4. How We Use Your Data

We use the data we collect to:

  • Provide, operate, and maintain the Service
  • Authenticate your account and secure access
  • Fetch and cache your Instagram posts for widget delivery
  • Process payments and manage your subscription via Stripe
  • Send transactional emails (account confirmation, billing receipts, important service updates)
  • Auto-refresh your Instagram access token to maintain uninterrupted service
  • Respond to support requests
  • Comply with legal obligations

We do not use your data for advertising, profiling, or selling to third parties.

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), our legal bases for processing personal data are:

  • Contract performance — processing necessary to provide the Service you signed up for
  • Legitimate interests — security monitoring, fraud prevention, product improvement
  • Legal obligation — compliance with applicable laws
  • Consent — for optional communications (you can withdraw at any time)

6. Data Sharing

We share your data only with the following categories of third parties, and only as necessary:

  • Stripe — payment processing (your billing data is sent to Stripe; we receive only a customer ID)
  • Meta / Instagram — to exchange your Instagram authorisation code for an access token
  • Turso / libsql — our database provider, hosting your account data in a secure cloud database
  • Vercel — our hosting provider, which processes requests to feedpane.com

We do not sell, rent, or trade your personal data with any third parties for marketing purposes.

7. Data Retention

  • Account data — retained while your account is active. Deleted within 30 days of account closure upon request.
  • Instagram tokens — deleted immediately when you disconnect your Instagram account or close your account.
  • Cached feed data — automatically overwritten on each sync. Deleted when you disconnect your account.
  • Billing records — retained as required by financial regulations (typically 7 years).

8. Cookies

On feedpane.com (this website and dashboard): We use a single session cookie to maintain your authenticated login session. This is a strictly necessary cookie and does not track your browsing behaviour.

On your website (the embedded widget): The FeedPane widget does not set any cookies on your visitors' browsers. Zero.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your personal data ("right to be forgotten")
  • Data portability — request your data in a machine-readable format
  • Restriction — request restriction of processing in certain circumstances
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — withdraw consent for optional processing at any time

To exercise any of these rights, email us at privacy@feedpane.com. We will respond within 30 days.

10. Security

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit
  • Bcrypt hashing for all stored passwords
  • Access tokens encrypted at rest
  • Minimal data collection (we only store what's necessary)
  • Role-based access controls on our infrastructure

Despite these measures, no internet transmission is 100% secure. If you believe your account has been compromised, contact us immediately at security@feedpane.com.

11. Children's Privacy

The Service is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us and we will delete it promptly.

12. International Data Transfers

FeedPane is operated from Canada. If you are located in the EEA or UK, your data may be transferred to and stored in Canada, which the European Commission has determined provides an adequate level of data protection under PIPEDA.

When we use US-based service providers (Stripe, Vercel, Turso), such transfers are governed by appropriate safeguards including Standard Contractual Clauses.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice in the dashboard. The "last updated" date at the top of this page reflects the most recent revision.

14. Contact

For privacy-related questions, requests, or concerns:

FeedPane Privacy

Email: privacy@feedpane.com

General: support@feedpane.com

Website: feedpane.com