Privacy Policy — Unfolly

Contents

Scope & controller
Data we access
Where data is stored
How we use it
CWS Limited Use disclosure
No sale, no sharing
Third-party services
Cookies & tracking
Children
Your rights (GDPR / CCPA)
Retention & deletion
Security
Changes
Contact

Scope & controller

This Privacy Policy describes how the Unfolly Chrome extension and the website at unfolly.digital ("Unfolly", "we", "us") handle information when you use them. The data controller is Unfolly Ltd, a company registered in England & Wales (Companies House no. 14829361) with its registered office at 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom. For any privacy question, contact privacy@unfolly.digital.

By installing the extension or visiting the site, you confirm that you have read this policy.

Data we access

Unfolly is a follower analytics tool. When you are logged in to Instagram in your own browser, the extension reads your own public follower / following graph through the same pages you would normally see. Specifically, the extension may access:

Your Instagram username and user ID — to identify which account the snapshot belongs to.
Your follower and following lists (usernames, user IDs, profile pictures, display names) — to compute who unfollowed you, who you don't follow back, and who is inactive.
Engagement signals on your own posts and stories (likes, story views, comments) — used locally to rank ghost followers. Not transmitted.
Instagram session cookies, only as required by the browser to load Instagram pages on your behalf. We do not extract, copy, or store these cookies.

The extension never asks for your Instagram password and never logs in on your behalf.

What we never access: other people's private follower lists, direct messages, your camera, microphone, geolocation, or browsing activity outside of Instagram.

Where data is stored

Follower snapshots and the diff history are stored locally in your browser using the chrome.storage API. They never leave your device unless you explicitly export them as CSV.

The only information that reaches our servers is what is strictly necessary to operate a Pro subscription:

Your license key and email — issued by LemonSqueezy at checkout, stored on our backend at api.unfolly.digital to validate Pro entitlements.
Subscription status and plan (free / monthly / yearly, active / canceled) — provided by LemonSqueezy via webhook.

We do not upload your follower lists, snapshots, ghost rankings, or any Instagram data to our servers. Ever.

How we use it

The data we touch is used solely to deliver and operate the features you installed the extension for:

Computing unfollowers, ghosts, and non-followers locally in your browser.
Showing snapshot history and diffs across time.
Validating Pro entitlements for paying customers.
Sending transactional emails about your subscription (receipts, renewal reminders, cancellations) — handled by LemonSqueezy.

We do not use your data for advertising, profiling, training AI models, or any purpose unrelated to operating Unfolly.

Chrome Web Store Limited Use disclosure

Unfolly's use of information received from Google APIs and from Instagram pages adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:

We use your data only to provide and improve user-facing features that are prominent in the extension's interface.
We do not transfer this data to third parties except as necessary to provide or improve features, comply with applicable law, or as part of a merger / acquisition with notice.
We do not use this data for serving advertisements, including personalized or retargeted ads.
We do not allow humans to read this data unless we have your affirmative consent for specific instances, it is necessary for security purposes (e.g. investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations.

No sale, no sharing

We do not sell your personal information. We do not share it with data brokers, advertisers, or analytics resellers. Under the California Consumer Privacy Act (CCPA / CPRA), Unfolly has not sold or shared personal information in the preceding 12 months and does not intend to.

Third-party services

Unfolly relies on the following third parties only for the narrow purposes listed:

LemonSqueezy — payments, subscription management, and tax compliance for Pro plans. LemonSqueezy is the merchant of record. See their privacy policy.
Google Fonts — webfont delivery for the website. No personal data is sent beyond standard HTTP request metadata.
Chrome Web Store — distribution and update channel for the extension itself, governed by Google's policies.

Unfolly does not embed analytics SDKs (no Google Analytics, no Mixpanel, no Segment, no Facebook Pixel) on either the extension or the website.

Cookies & tracking

The website at unfolly.digital sets only one local-storage value (unfolly.theme) to remember whether you prefer dark or light mode. No tracking cookies, no advertising identifiers, no fingerprinting.

The extension uses chrome.cookies permission solely to read Instagram session state required to load your own follower pages — the same cookies your browser already sends when you visit Instagram normally.

Children

Unfolly is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect data from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

Your rights (GDPR / CCPA / UK GDPR)

Depending on your jurisdiction, you may have the right to:

Access the personal data we hold about you (license key + email + subscription status).
Rectify inaccurate data.
Erase your data ("right to be forgotten").
Restrict or object to processing.
Data portability — receive your data in a structured machine-readable format.
Withdraw consent at any time without affecting prior lawful processing.
Lodge a complaint with your local supervisory authority.

Exercise any of these by emailing privacy@unfolly.digital. We respond within 30 days.

Retention & deletion

Local snapshots in your browser are retained until you delete them via the extension's settings, uninstall the extension, or clear browser storage.

Subscription records on our server are retained for as long as your subscription is active and for up to 7 years after cancellation, only as required by tax and accounting law in the United Kingdom.

To request full account deletion, email privacy@unfolly.digital from the email used at checkout. We will erase your record within 30 days, except for the minimum required for legal compliance.

Security

Subscription records are stored on a server protected by HTTPS (TLS 1.2+), restricted SSH access, and encrypted at rest. We follow common security practices but no system is perfectly secure. If you become aware of a vulnerability, please report it to security@unfolly.digital.

Changes to this policy

If we materially change this policy, we will update the "Last updated" date and, for substantial changes, notify you in the extension or via email. Continued use of Unfolly after a change means you accept the revised policy.

Contact

Privacy questions or requests: privacy@unfolly.digital
General support: support@unfolly.digital
Postal address: Unfolly Ltd, 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom.

Unfolly is an independent product. It is not affiliated with, endorsed by, or sponsored by Instagram, Meta Platforms, Inc., Google LLC, or any other third party.