Instagram Privacy Policy

Last updated: April 26, 2026

This page explains how EarnLeague ("we", "us", or "our") accesses, uses, stores, and deletes data obtained from Instagram through the Meta/Instagram Graph API. It supplements our main Privacy Policy.

1. How We Connect to Instagram

EarnLeague integrates with Instagram via the Instagram Login API (also referred to as the Instagram Graph API for Instagram professional accounts). When you choose to connect your Instagram account on your EarnLeague profile, you are redirected to Instagram's OAuth screen where you explicitly grant EarnLeague permission to access specific data from your account. We never receive your Instagram password.

2. Permissions We Request

We request the following Instagram permissions:

• instagram_business_basic — read your basic profile information (username, account type, profile picture, followers count, media count).
• instagram_business_content_publish — not currently used; we do not publish on your behalf.
• instagram_business_manage_insights — read engagement metrics (impressions, reach, likes, comments, saves, plays, shares) for media you have published.
• instagram_business_manage_comments — read comments on your media for contest validation; we do not post, edit, or delete comments.

Only Instagram Business and Creator accounts can grant insights access. Personal accounts can connect for basic profile read-only.

3. Instagram Data We Access and Store

• Instagram user ID, username, account type, profile picture URL
• Followers count and total media count
• Published media you choose to submit to a contest, including: media ID, permalink, caption, media type (image / video / reel / carousel / story), thumbnail URL, and publish timestamp
• Per-media engagement metrics: impressions, reach, likes, comments count, saves, plays, shares
• The OAuth access token and its expiry timestamp, encrypted at rest in our backend database

We do not access your direct messages, your followers' personal information, private accounts you follow, or content you have not submitted to a contest.

4. How We Use Instagram Data

• Display your Instagram handle, follower count, and media count on your EarnLeague profile so brands can discover you.
• Verify that media you submit to a contest belongs to your connected Instagram account.
• Periodically refresh engagement metrics (typically every few hours) for submissions in active contests so leaderboards stay accurate.
• Stop refreshing metrics and finalize the leaderboard once the contest ends.

We do not sell Instagram data, use it for advertising, or share it with third parties beyond what is necessary to run the specific contests you have entered.

5. Data Storage, Retention, and Security

Instagram access tokens are stored encrypted at rest in Google Cloud Firestore inside our private GCP project. Access is restricted to EarnLeague's production service accounts. All communication between EarnLeague and Instagram occurs over HTTPS.

Cached profile data and media metrics are retained for as long as your Instagram account is connected and for up to 90 days after disconnection or contest completion (whichever is later) to preserve historical leaderboard records.

6. Token Refresh and Expiry

Instagram long-lived tokens expire after 60 days. We refresh them automatically before expiry. If a refresh fails (for example, because you revoked access from Instagram's side), we mark your connection as expired, stop fetching new data, and notify you to reconnect.

7. Disconnecting and Deleting Your Instagram Data

You can revoke EarnLeague's access to your Instagram data at any time:

• From EarnLeague: go to your Profile page and click "Disconnect" next to your Instagram account. This deletes your stored access token, profile data, and all cached metrics.
• From Instagram: visit Instagram → Settings → Apps and Websites and remove EarnLeague. Instagram will also send us a deauthorization signal that triggers deletion of your data on our side.
• Full account deletion: visit our account deletion page or email privacy@earnleague.com and we will delete your EarnLeague account and all associated Instagram data within 30 days.

Meta also provides a Data Deletion Request URL mechanism. EarnLeague honours these requests automatically.

8. Compliance with Meta's Platform Terms

Our use of Instagram data complies with the Meta Platform Terms, Developer Policies, and Instagram Privacy Policy. You may also review the Instagram Terms of Use.

9. Contact

For questions about how we handle Instagram data, email privacy@earnleague.com.