This policy describes the information we process to support LightWidget website and our widgets. Cookies Policy is also part of this policy but it was extracted to separate document for easier cookies management.
1. What kind of information do we collect and why?
To successfully provide our services, we must process information about you. There are various types of the information that we collect. It depends on how you use LightWidget.
1.1 When you see our widget or visit our website
All information are collected mostly to prevent abuses, detect attacks and to comply with law regulations about storing such logs.
1.2 Additional information we collect when you use our website
We use Google Analytics for better understanding how our users interact with our website, but only if you agree to our anonymous analytics cookies. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although Google Analytics records data such as your IP address (we use IP address anonymization), geographical location, device, internet browser and operating system, none of this information personally identifies you to us. We also respect DNT settings of your browser (Do Not Track). In addition, you can always opt-out by using following the instructions of this page – https://tools.google.com/dlpage/gaoptout.
1.3 Information we collect when you send a support ticket
When you send a support ticket by using form on our Support we collect some information. Support form contains some inputs that you must fill out to create a support ticket. We collect information that you explicitly provide to us in these fields. The data will be collected into an email and sent to us. Probably most relevant is an e-mail address. This is required field. We need your e-mail address to send you a response to your support ticket.
1.4 Instagram data we collect when you log in to LightWidget
We use Instagram API to get information about your account. When you log in to our website for the first time Instagram will ask you if you want to give us permissions to read basic information about your account. Without this consent on Instagram side we do not read any information from Instagram API.
When you grant us access to read basic information we store some of these data in our database. We store:
- Your Instagram user ID
- Your Instagram username
- Your full name (if you provided any in your Instagram profile).
- Link to your profile picture. We do not store any images on our servers.
- Instagram access token
We use this data to create an account on our website. With such account you can easily create, edit, upgrade and remove widgets.
We do not store your e-mail address nor password to your Instagram account.
1.5 Information we collect when you post a comment
When you post a comment on one of our blog posts or support articles we store the comment text you explicitly provide to us in comment form. In addition, we collect IP address, date and time of your comment. IP address is collected only because we want to prevent abuses when users post inappropriate comments.
1.6 Additional Instagram data we collect when you create a widget preview or widget by using our form
When you try to create a widget on our website we use Instagram API to get information about your pictures and videos such as:
- Link to Instagram post
- Links to images or video thumbnails. Please note that we do not store any images or videos on our servers. Everything is stored on Instagram servers. We only use public links to this content.
- Number of comments and likes
We store all this information in two ways.
- We use temporary cache to prevent sending too many requests to Instagram Platform. This cache expires automatically within 24 hours.
- We convert the data received from Instagram API to static HTML files which are your widgets. Widget preview is stored only temporarily, and it is removed from our servers within 15 minutes. Regular widget is the widget you can embed on your website. We store it if you use our widgets.
This information is necessary to create a widget that you can embed on your website.
1.7 Personal information we collect when you upgrade your widget
When you upgrade your widget, you need to fill out our order form. This form contains personal data fields like your name, address, e-mail address, VAT ID/NIP number. We have to collect and process this data in accordance with Polish and UE law regulations and for invoicing purposes.
Payments are handled via external platforms – PayPal and PayU. We do not store any credit card information or PayPal/PayU logins on our servers. We only store transaction ID received from selected payment gateway, so we can easily identify your payment in their systems.
2. Data security and our third party data processors
We use a number of third parties to process personal data on our behalf. It makes our services more secure and reliable. These third parties have been carefully chosen and have very high level of data security. Here is the list of external providers that we use:
2.1 Hetzner Online
Hetzner Online is a professional web hosting provider and experienced data center operator. We use their servers to store our databases, widget files and all other information mentioned in section 1.1, 1.4, 1.5, 1.6 and 1.7 of this policy. You can read their data privacy here – Hetzner Online Data Policy.
2.2 Amazon Web Services
3. Data breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
4. Sharing data
LightWidget provides responsive widgets for Instagram. Widgets contains information that you share on Instagram, like your pictures and videos. Widgets can be embedded on any third party website. It means that hundreds of people can see your pictures, but this is what widgets are for. When you create a widget you want to promote your pictures and Instagram account. It is up to our users where and how they embed our widgets.
When you create an account on our website and authorize it on Instagram anyone who knows your Instagram username can create a widget for you. We allow that because lot of our clients hire web developers to build websites for them. Sometimes our users don’t know how to create and embed widget on their websites due to lack of knowledge in this topic. Common practice is that developer sends a link to our website and ask a customer just to log in to LightWidget. We need a customer’s consent and authorization before we can get the information from Instagram API. Once it’s done, developer can create a widget for a given account. What is important here – users can always delete any widget that contains their pictures, even if this widget was created from a different account. My widgets page contains the list of widgets connected to given Instagram account with option to delete widgets.
Other than it is mentioned in section 2 of this policy – we do not share, sell, convey or otherwise disclose personal data. We want to be fair with our users. Pictures and videos posted on Instagram and displayed in our widgets are their property, not ours.
5. Data retention and account deletion
We store the data until it is no longer necessary to provide our services or until your account is deleted. At any time you can delete your widgets by using My widgets page. You can also delete your account by using My account page. Widgets are deleted permanently from our database and our servers. The only data we keep are aggregated and anonymized data about number of clicks and views of deleted widget.
When you delete your account, we delete all things connected to your account such as posted comments, information obtained via Instagram API, your submitted tickets. If you upgraded our widget we have a legal obligation to keep the transactional data mentioned in section 1.7 of this policy for 5 years.
6. Data controller
The data controller responsible for your information is Black Sail Division, company registered in Poland with company NIP number: 5482617350.
You can contact us by submitting support ticket or by mail at:
Black Sail Division
Molczyn 17 street,
01.04.2019 – We updated point 1.7 about information collected when you purchase the widget upgrade. We added new payment gateway – PayU and we added information about the data we collect from PayU system.
Date of Last Revision: April 1, 2019