Privacy Policy

Last updated: June 11, 2026

This Privacy Policy explains how we collect, use, share, and protect your personal data when you use SocialSensor (https://socialsensor.io, the "Service"). "We," "us," "our," and "Company" refer to Onlyapps LTD, a company registered in Cyprus with its registered office at Makariou III, 228, Agios Pavlos Court A, 7th floor, Flat/Office 712, 3030, Limassol, Cyprus.

By using the Service, you acknowledge that your personal data will be processed as described in this Privacy Policy. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, the data protection principles described in Section 8 apply to you.

WE HOPE YOU TAKE SOME TIME TO READ THROUGH THIS CAREFULLY, AS IT IS IMPORTANT.

"Personal Data" means personal data that relates to you as an identified or identifiable individual. Where applicable, you must provide us with the relevant Personal Data to be able to use our Services completely. You should not use the Services if you disagree with this Policy, our Terms of Use, and any other agreement that governs your use.

BY USING THE SERVICE, YOU PROMISE US THAT (I) YOU HAVE READ, UNDERSTAND AND AGREE TO THIS PRIVACY POLICY, AND (II) YOU ARE OVER 16 YEARS OF AGE (OR HAVE HAD YOUR PARENT OR GUARDIAN READ AND AGREE TO THIS PRIVACY POLICY FOR YOU).

Table of Contents

  • Who We Are (Data Controller)
  • Information We Collect
  • How We Use Your Information — Purposes, Personal Data, and Legal Bases
  • How We Share Your Information — Third Parties Processing Personal Data
  • Cookies and Tracking Technologies
  • Data Retention
  • Your Rights Regarding Personal Data
  • Why We're Allowed to Process Your Data (Legal Bases)
  • International Data Transfers
  • Data Security
  • Children's Privacy
  • Age Limitations
  • CCPA Rights (California Residents)
  • Third-Party Links and Services
  • Changes to This Privacy Policy
  • Contact Us

1. Who We Are (Data Controller)

Onlyapps LTD ("Company," "we," "us," or "our") is the data controller responsible for determining how and why your personal data is processed in connection with SocialSensor. We are committed to handling your data responsibly, transparently, and in compliance with applicable data protection laws, including the GDPR where it applies to you.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, you can reach us at any time at support@socialsensor.io. We aim to respond to all privacy-related inquiries promptly and within the timeframes required by applicable law.

2. Information We Collect

When you use our Services, we collect, use, receive, process, transfer, and share some of your personal data for different legitimate purposes. Below is an explanation of what personal data we may collect or process and why.

2.1 Information You Provide Directly

  • Account information: name, email address, password (stored in hashed form), and authentication data if you sign up via a third-party login (e.g., Google).
  • Tracked accounts: Instagram usernames you choose to track or search for, including your own account and other public accounts.
  • Communications: messages you send to our support team.

2.2 Payment Information

If you subscribe to a paid plan, payment details (such as card information) are collected and processed by our third-party payment processor. We do not store full payment card numbers on our own servers; we receive limited transaction information (such as plan, amount, billing status, and last 4 digits of your card) from our payment processor.

2.3 Information About Public Instagram Accounts

To provide our analytics features, we collect and process publicly available data from Instagram about accounts you choose to track or search, including but not limited to: usernames, profile information, follower and following counts, posts, Stories, engagement metrics (likes, comments, views), and follower/following lists, where publicly accessible.

This data may relate to individuals other than you (for example, the followers of an account you track, or the owner of a public account you search for). We process this data only to the extent it is publicly available on Instagram, and solely to provide analytics back to you through the Service.

2.4 Information Collected Automatically

  • Usage data: features used, accounts tracked, frequency and timing of use, error logs, and performance data.
  • Device and technical data: IP address, browser type, operating system, device identifiers, and approximate location derived from IP address.
  • Diagnostic information: logs, error reports, event types, timestamps, and associated pages.
  • Cookies and similar technologies: see Section 5 below.

3. How We Use Your Information — Purposes, Personal Data, and Legal Bases

We use your personal data only when we have a valid legal basis to do so. The following explains each purpose, the data involved, and the legal basis relied upon.

To provide, operate, and maintain the Service

Including generating analytics, growth tracking, and audience insights for accounts you track.
Personal data: Contact Data, tracked account data, Location Data, Usage Data.
Legal basis: Performance of contract.

Account creation and management

Including authentication and subscription management, as well as third-party login (e.g., Google ID, name, profile picture).
Personal data: Contact Data.
Legal basis: Performance of contract.

Payment processing and billing

Personal data: Contact Data, billing and payment information.
Legal basis: Performance of contract.

Research, development, and internal improvements

Feature testing, behaviour analysis, issue detection, and optimization.
Personal data: Automatically collected information.
Legal basis: Legitimate interest.

Diagnosing and fixing issues

Personal data: Usage Data, diagnostic information.
Legal basis: Legitimate interest.

Transactional communications

Sending account confirmations, billing notices, and security alerts.
Personal data: Contact Data.
Legal basis: Performance of contract.

Marketing communications

Sending promotional emails and offers.
Personal data: Contact Data.
Legal basis: Consent (you may withdraw at any time).

Tracking marketing campaign performance and optimizing the Service

Personal data: User ID, in-app activity data, advertising ID, IP address, approximate location.
Legal basis: Legitimate interest.

Personalized advertising

Personal data: Automatically collected information, Location Data.
Legal basis: Consent.

Fraud prevention, security, and abuse detection

Personal data: Automatically collected information, Contact Data.
Legal basis: Legitimate interest / Legal obligation.

Compliance with legal obligations

Personal data: Contact Data and other data as required (e.g., for tax, accounting, or regulatory purposes).
Legal basis: Legal obligation.

4. How We Share Your Information — Third Parties Processing Personal Data

We do not sell your personal data. We may share your information with third-party companies to perform services such as hosting, payment processing, analytics, and customer support, as well as to assist in our marketing efforts. We commit not to disclose or transfer your Personal Data to third parties without your consent, except to the processors listed below.

4.1 Payment Processors

Billing and subscription information is shared with our payment processors to process transactions, manage subscriptions, and prevent fraud.

4.2 Analytics and Advertising Partners

We use analytics and advertising/tracking tools to understand how users interact with the Service and to measure the effectiveness of our marketing. These providers may set cookies and collect technical data as described in Section 5.

4.3 Service Providers and Processors

We share data with hosting providers, cloud infrastructure providers, customer support tools, and other vendors who process data on our behalf under data processing agreements. Key processors we work with:

4.4 Legal and Business Transfers

We may disclose information if required by law, regulation, legal process, or governmental request, or in connection with a merger, acquisition, restructuring, or sale of assets.

5. Cookies and Tracking Technologies

We use cookies and similar technologies (such as tracking pixels / web beacons, embedded scripts, local storage, and device recognition) to:

  • Keep you signed in and remember your preferences;
  • Understand usage patterns through analytics (e.g., Google Analytics, Firebase, Amplitude);
  • Measure advertising performance (e.g., Facebook/Meta Pixel) and, where applicable, show you relevant ads.

Types of cookies we use: Essential Cookies (required to provide the Service); Functionality Cookies (to remember login details and personalize the Service); Analytics Cookies (to understand traffic and usage trends); Social Media and Advertising Cookies.

Users can opt out of tracking by Google Analytics by installing the browser add-on at https://tools.google.com/dlpage/gaoptout. Google Remarketing may be used to serve targeted ads and can be disabled at http://www.google.com/settings/ads.

You can manage cookie preferences through our cookie consent banner (where shown) and through your browser settings. Disabling certain cookies may affect the functionality of the Service. Where required by applicable law (including in the EEA and UK), we obtain your consent before placing non-essential cookies. For more details, see our Cookie Policy.

For further details about cookies, including how to view and manage them, visit: https://www.allaboutcookies.org and https://www.youronlinechoices.com.

6. Data Retention

We retain personal data for as long as necessary to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Account data is generally retained while your account is active and for a reasonable period afterward.

We retain all personal data for as long as you use the Services and 24 months after you stop. If you do not use the Services for 24 continuous months, we erase your personal data from our database and request the same erasure from any third party to whom your personal data may have been transferred. We may erase personal data earlier if we no longer need to process such data.

Data about tracked Instagram accounts (including historical analytics) may be retained to provide growth tracking and historical comparisons, for as long as you continue to track that account or as otherwise described in this Policy.

Prompts and generated outputs may be retained to operate and improve the Service, including for abuse detection, unless you delete them or request deletion as described in Section 7.

7. Your Rights Regarding Personal Data

You have control over your personal data. Depending on where you live, you may have the following rights:

  • Right to Be Informed: You have the right to know what personal data we hold and how and why we handle it.
  • Right of Access: You may request a copy of the personal data we hold about you.
  • Right to Rectification: You may request corrections to your personal data if it is incomplete or inaccurate.
  • Right to Erasure: You may request deletion of your data under certain conditions. In some cases, we may retain data if necessary for legal or security reasons.
  • Right to Restrict Processing: You may restrict processing under specific circumstances, such as inaccurate data or unresolved objections.
  • Right to Data Portability: You may request a copy of your data in a machine-readable format for use with another provider.
  • Right to Object: You may object to processing based on legitimate interest or for direct marketing purposes.
  • Right to Withdraw Consent: For processing based on consent (e.g., marketing emails, non-essential cookies), you may withdraw consent at any time without affecting the lawfulness of prior processing.
  • Right to Opt-Out of Advertising: You can opt-out of direct or interest-based advertising through your browser or device settings.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, e.g., https://edpb.europa.eu/about-edpb/board/members_en or https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html for Switzerland.

If you are an individual who appears in publicly available Instagram data processed through the Service (for example, as a follower or commenter on a tracked account) and you have concerns about how that data is used, you may also contact us at support@socialsensor.io.

To exercise any of these rights, email us at support@socialsensor.io. We may ask you to verify your identity before processing your request. We will respond within 30 business days. One free copy per request; additional copies may incur a fee.

8. Why We're Allowed to Process Your Data (Legal Bases)

We only process your personal data when we have a valid legal basis to do so:

  • Performance of contract: When you create an account, track an Instagram profile, or subscribe to a paid plan, we need to process certain data to provide the Service — for example, to generate analytics, manage your account, or process your payment.
  • Consent: For non-essential cookies, marketing emails, personalized advertising, or certain optional features, we ask for your permission first. You can withdraw this consent at any time.
  • Legitimate interests: We process some data — including publicly available data about Instagram accounts — to provide analytics, keep the Service secure, prevent fraud and abuse, understand how people use SocialSensor, and improve our products, as long as this doesn't override the rights and interests of the individuals concerned.
  • Legal obligation: In some cases we are legally obligated to process or retain certain data, for example for tax, accounting, or regulatory reasons.

If you'd like more detail on which of these applies to a specific type of data, feel free to reach out to us at support@socialsensor.io.

9. International Data Transfers

SocialSensor operates globally, and the providers we rely on — including hosting and cloud infrastructure, payment processors, and analytics tools — may be located in countries outside the European Economic Area (EEA), the United Kingdom, or your home country, including the United States and other jurisdictions. Data protection laws in these countries may differ from those in your jurisdiction.

Where we transfer personal data from the EEA, UK, or Switzerland to a country that has not been recognized as providing an adequate level of data protection, we put in place appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission, which contractually bind the recipient to protect your data in line with EU standards;
  • Relying on adequacy decisions, where the European Commission has determined that a country provides an adequate level of protection;
  • Working with providers that maintain recognized certifications or comply with frameworks such as the EU–U.S. Data Privacy Framework, where applicable.

By using the Service, you understand and acknowledge that your data may be processed outside your country of residence as described above. You can request more information about the specific safeguards in place by contacting us at support@socialsensor.io.

10. Data Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, or alteration. These include encryption in transit and at rest, pseudonymization and tokenization, access controls, data integrity protections, and regular security reviews. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

11. Children's Privacy

The Service is not directed at children under 13, and we do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13 without verified parental consent, we will take steps to delete it. Users between 13 and 18 (or the relevant minimum age in their jurisdiction) may use the Service only with parental or guardian consent, as described in our Terms of Use.

12. Age Limitations

The Service is intended for adults and has a minimum age limit in each country or region. In general, you must be 16 years of age or older to use the Service, or your age may require parental consent for us to process your personal data.

In accordance with the Federal Children's Online Privacy Protection Act of 1998 ("COPPA"), we will never knowingly solicit, nor will we accept, personally identifiable information from users known to be under 13 years of age. If you believe we have information from or about anyone under 13 years of age, please notify us at support@socialsensor.io with "COPPA Concern" in the subject line.

13. CCPA Rights (California Residents)

This section provides additional information for individual residents of the State of California under the California Consumer Privacy Act of 2018 ("CCPA").

In the past 12 months, our Services have collected the following categories of personal information from California consumers:

  • A. Identifiers (e.g., name, IP address, email address, account name, unique identifiers). Collected: YES. Sold: NO.
  • B. Personal information under Cal. Civ. Code § 1798.80(e) (e.g., name, address, financial information). Collected: limited to payment data. Sold: NO.
  • C. Protected classification characteristics (e.g., race, religion, sex). Collected: NO. Sold: NO.
  • D. Commercial information (e.g., subscription records, purchasing history). Collected: YES. Sold: NO.
  • E. Biometric information. Collected: NO. Sold: NO.
  • F. Internet or network activity (e.g., browsing history, interaction with the Service). Collected: YES. Sold: NO.
  • G. Geolocation data (precise). Collected: NO. Sold: NO.
  • H. Sensory data. Collected: NO. Sold: NO.
  • I. Professional or employment-related information. Collected: NO. Sold: NO.
  • J. Non-public education information. Collected: NO. Sold: NO.
  • K. Inferences drawn from personal information (e.g., user preferences, behaviors). Collected: YES. Sold: NO.

As a California resident, you have the right to:

  • Request information about how we have collected and used your personal information during the past 12 months.
  • Request a copy of your personal information collected in the last 12 months.
  • Request deletion of your personal information (subject to certain exceptions required to provide the Service, comply with law, ensure security, etc.).
  • Opt out of the sale of personal information. We do not sell your personal information to third parties.
  • Be free from discrimination for exercising your privacy rights.
  • Request information about our disclosure of your personal information to third parties for direct marketing purposes in the prior calendar year (free, once per year).

To exercise your California privacy rights, email us at support@socialsensor.io. We will need to confirm your identity (e.g., name, account name, email, state of residence) before processing your request. We aim to respond to access or deletion requests within 45 days. If more time is required, we will notify you in writing.

14. Third-Party Links and Services

The Service displays information sourced from Instagram, a platform operated by Meta Platforms, Inc., and may contain links to other third-party websites not operated by us. This Privacy Policy does not apply to such third parties, and we encourage you to review their respective privacy policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you via the Service or by email, and update the "Last updated" date above. Continued use of the Service after changes take effect constitutes acceptance of the revised Privacy Policy.

16. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: support@socialsensor.io

Onlyapps LTD
Makariou III, 228, Agios Pavlos Court A, 7th floor, Flat/Office 712
3030, Limassol, Cyprus