Instagram Scheduler

Data Retention & Deletion Policy

Last updated: January 15, 2025

This Data Retention and Deletion Policy explains how we handle your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Data We Collect

Personal Data

  • Account Information: Instagram username, email address, account type
  • Authentication Data: OAuth tokens for Instagram API access
  • Usage Data: Login times, scheduled posts, upload history
  • Content Data: Images, captions, hashtags, and scheduling information
  • Technical Data: IP address, browser type, device information

2. Legal Basis for Processing

We process your personal data under the following legal bases:

  • Contract Performance: To provide our Instagram scheduling services
  • Legitimate Interest: To improve our services and prevent fraud
  • Consent: For marketing communications (where applicable)
  • Legal Obligation: To comply with applicable laws and regulations

3. Data Retention Periods

Data Type
Retention Period
Reason
Account Information
Until account deletion + 30 days
Service provision and legal compliance
Scheduled Posts
Until published + 90 days
Service delivery and troubleshooting
Published Posts Data
12 months after publication
Analytics and service improvement
Usage Logs
12 months
Security monitoring and fraud prevention
Technical Data
6 months
System maintenance and security
Marketing Consent
Until consent withdrawn + 3 years
Legal compliance and audit trail

4. Automated Deletion Process

We have implemented automated systems to ensure data is deleted in accordance with our retention schedule:

  • Daily Cleanup: Automated scripts run daily to identify and delete expired data
  • Secure Deletion: Data is securely overwritten and cannot be recovered
  • Backup Purging: Data is also removed from all backup systems within 30 days
  • Third-Party Services: We ensure data is deleted from integrated services (Instagram API cache)

5. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of Access

Request a copy of all personal data we hold about you

Right to Rectification

Correct any inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data ("right to be forgotten")

Right to Restrict Processing

Limit how we use your personal data in certain circumstances

Right to Data Portability

Receive your data in a structured, machine-readable format

Right to Object

Object to processing based on legitimate interests or direct marketing

6. How to Exercise Your Rights

📧 Email Request

Send your request to: privacy@instagramscheduler.com

🔐 Account Dashboard

Use the "Data & Privacy" section in your account settings

📝 Written Request

Post to: Data Protection Officer, Instagram Scheduler Ltd, [Address]

Response Times

  • Standard Requests: Within 1 month of receipt
  • Complex Requests: Up to 3 months (we'll inform you of any delay)
  • Urgent Deletion: Within 72 hours for security concerns

7. Data Security Measures

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Regular Audits: Quarterly security assessments and penetration testing
  • Staff Training: Regular GDPR and data protection training for all employees
  • Incident Response: 24/7 monitoring with breach notification within 72 hours

8. International Transfers

Your data is primarily processed within the UK. Where we need to transfer data internationally:

  • We use adequacy decisions or appropriate safeguards (Standard Contractual Clauses)
  • Instagram API data may be processed by Meta in the US under their Privacy Shield certification
  • We maintain a register of all international transfers available upon request

9. Contact Information

Data Protection Officer

Email: dpo@instagramscheduler.com

Phone: +44 (0) 20 1234 5678

Supervisory Authority

Information Commissioner's Office (ICO)

Website: ico.org.uk

Helpline: 0303 123 1113

10. Changes to This Policy

We may update this policy to reflect changes in our practices or legal requirements. We will:

  • Notify you by email of any material changes
  • Post updates on our website with the revision date
  • Provide 30 days' notice before implementing significant changes
  • Maintain an archive of previous policy versions
Contact Privacy Team