Privacy Policy
This policy describes the information we process to support the LightWidget website and our widgets. Cookies Policy is also part of this policy but it was extracted to a separate document for easier cookies management.
1. What kind of information do we collect and why?
To successfully provide our services, we must process information about you. There are various types of information that we collect. It depends on how you use LightWidget.
1.1 When you see our widget or visit our website
We collect only basic logs information – your device IP address, connection information, such as browser type and version, operating system, mobile platform, unique device identifier, and other technical identifiers. The date, time, and referrer URL of your request. All this data is collected automatically. This is standard procedure on almost every website. In some cases, we also use cookies. You can read more about the cookies we use in our Cookies Policy. We also save the number of clicks and views of our widgets for aggregated statistical data and to improve our services.
All information is collected mostly to prevent abuses, detect attacks, and comply with law regulations about storing such logs.
1.2 Additional information we collect when you use our website
We save your preferences for widget creator options in your browser LocalStorage only if you change the default settings. None of these preferences personally identifies you to us and it is only kept on your computer or mobile device.
1.3 Information we collect on our support page
When you send a support ticket by using the form on our Support we collect some information. The support form contains some inputs that you must fill out to create a support ticket. We collect information that you explicitly provide to us in these fields. The data will be collected in an email and sent to us. Probably most relevant is an e-mail address. This is a required field. We need your e-mail address to send you a response to your support ticket.
In addition, we collect anonymized search phrases that you provide in the search input on our Support page. It helps us improve the search results and better understand what helps our users need.
1.4 Instagram data we collect when you connect the Instagram account to LightWidget
We use Instagram API to get information about your account. When you connect your Instagram account to our website for the first time, Instagram will ask you if you want to permit us to read basic information about your account. Without this consent on the Instagram side, we do not read any data from Instagram API.
When you grant us access to read basic information, we store some of this data in our database. We store:
- Your Instagram user ID
- Your Instagram username
- Your full name (if you provided any in your Instagram profile)
- Link to your profile picture (if you provided any in your Instagram profile).
- Instagram access token
- Number of followers, following, and posts
- Your biography (if you provided any in your Instagram profile)
- Link to your website attached to your Instagram account (if you provided any in your Instagram profile)
With a connected Instagram account, you can easily create, edit, upgrade and remove widgets.
We do not store your e-mail address or password to your Instagram account.
1.5 Information we collect when you post a comment
When you post a comment on one of our blog posts or support articles we store the comment text you explicitly provide to us in the comment form. In addition, we collect the IP address, date, and time of your comment. The IP address is collected only because we want to prevent abuses when users post inappropriate comments.
1.6 Additional Instagram data we collect when you create a widget preview or widget by using our form
When you try to create a widget on our website we use Instagram API to get information about your pictures and videos such as:
- Link to Instagram post
- Links to images or video thumbnails. Please note that we do not store any images or videos on our servers. Everything is stored on Instagram servers. We only use public links to this content.
- Tags
- Caption
- Number of comments and likes
We store all this information in two ways.
- We use temporary cache to prevent sending too many requests to Instagram Platform. This cache expires automatically within 24 hours.
- We convert the data received from Instagram API to static HTML files which are your widgets. Widget preview is stored only temporarily, and it is removed from our servers within 15 minutes. Regular widget is the widget you can embed on your website. We store it if you use our widgets.
This information is necessary to create a widget that you can embed on your website.
1.7 Information we collect when you purchase one of our add-ons
When you upgrade your widget, you must fill out our checkout form. This form contains personal data fields like your name, address, email address, and VAT ID/NIP number. We have to collect and process this data under Polish and UE law regulations and for invoicing purposes.
External platforms such as PayPal, PayU, and Stripe handle the payments. Our servers do not store credit card information or PayPal/PayU logins. We only store transaction IDs received from the selected payment gateway so we can quickly identify your payment in their systems.
When you upgrade the widget for the Instagram account connected via a Business connection and your Instagram account has a profile picture set, we might store your image profile on our servers. We keep your profile photo from your Instagram account to optimize the size and quality of the image. It also allows us to use modern image formats such as AVIF and WebP. We display the optimized photo in the “Some of our users” section.
1.8 Data we collect when you purchase an Image optimization add-on
When you purchase the Image optimization add-on for a given Instagram account, we store the images, video thumbnails, and profile pictures on our servers. We convert the downloaded images to various sizes of Jpg, WebP, and Avif formats.
We only download the images from the posts visible in the widgets. We do not download the pictures if they are excluded from the widgets, such as when hashtag filtering filters them out.
2. Data security and our third party data processors
We care about your data security. We will not share, sell, convey or otherwise disclose personal data other than as stated in this Privacy Policy unless we are required to do so by law or you have given your explicit consent. If there is suspicion of illegal activities in connection with the use of our services, information may be disclosed to the police and other public authorities subject to a court or administrative order.
We use a number of third parties to process personal data on our behalf. It makes our services more secure and reliable. These third parties have been carefully chosen and have a very high level of data security. Here is the list of external providers that we use:
2.1 Hetzner Online
Hetzner Online is a professional web hosting provider and experienced data center operator. We use their servers to store our databases, widget files, and all other information mentioned in sections 1.1, 1.4, 1.5, 1.6, and 1.7 of this policy. You can read their data privacy here – Hetzner Online Data Policy.
2.2 Amazon Web Services
Amazon Web Services (AWS) offers reliable, scalable cloud computing services. We use AWS to increase our availability and performance. We use AWS to store encrypted backups of databases and widget files mentioned in sections 1.4, 1.5, 1.6, and 1.7 of this policy. You can read their privacy policy here – AWS Privacy.
2.3 Cloudflare
Cloudflare is a next-generation Content Delivery Network. It greatly increases our availability and performance for our users all across the globe. Cloudflare stores our upgraded widget files mentioned in section 1.6 of this policy to serve our widgets from the closest location to you. You can read Cloudflare’s privacy policy here – Cloudflare security and privacy policy.
2.4 SendGrid
SendGrid delivers our transactional emails through the world’s largest cloud-based email delivery platform. Whenever we send an e-mail from our website we use SendGrid. When you post a comment or upgrade our widget we send some e-mails. SendGrid cares about the proper and secure delivery of the e-mail we send. You can read their privacy policy here – SendGrid Privacy Policy.
2.5 Zendesk
Zendesk is a customer service software and support ticketing system. When you create a support ticket mentioned in section 1.3 it goes through Zendesk services. Zendesk helps us respond to your tickets much faster. You can read their privacy policy here – Zendesk Privacy Policy.
2.6 Others
As mentioned before, we also use:
- PayPal – PayPal Privacy Statement,
- PayU – PayU Privacy Statement,
- Stripe – Stripe Privacy Policy,
mentioned in section 1.7 of this Privacy Policy. We do not send them any personal data directly.
3. Data breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
4. Sharing data
LightWidget provides responsive widgets for Instagram. Widgets contain information that you share on Instagram, like your pictures and videos. Widgets can be embedded on any third-party website. It means that hundreds of people can see your pictures, but this is what widgets are for. When you create a widget you want to promote your pictures and Instagram account. It is up to our users where and how they embed our widgets.
When you create an account on our website and authorize it on Instagram anyone who knows your Instagram username can create a widget for you. We allow that because a lot of our clients hire web developers to build websites for them. Sometimes our users don’t know how to create and embed widgets on their websites due to a lack of knowledge on this topic. Common practice is that developer sends a link to our website and asks a customer just to log in to LightWidget. We need a customer’s consent and authorization before we can get the information from Instagram API. Once it’s done, a developer can create a widget for a given account. What is important here – users can always delete any widget that contains their pictures, even if this widget was created from a different account. My widgets page contains the list of widgets connected to a given Instagram account with the option to delete widgets.
Other than it is mentioned in section 2 of this policy – we do not share, sell, convey or otherwise disclose personal data. We want to be fair with our users. Pictures and videos posted on Instagram and displayed in our widgets are their property, not ours.
5. Data retention and account deletion
We store the data until it is no longer necessary to provide our services or until you or we delete your account or data.
You can delete all your data or only some parts of it:
5.1 Deleting all your data
To delete all your user data, including data about your user account, data obtained from Instagram APIs about your Instagram accounts, and all data about your widgets and comments made on our website, log in to your user account, go to the Settings page, click the Delete my account button and confirm the deletion in the modal window by clicking the Delete account button. This action is irreversible.
5.2 Deleting data obtained from Instagram API
There are two methods of deleting data obtained from Instagram API:
5.2.1 Deleting data through Instagram accounts page
To delete data obtained from Instagram APIs about your Instagram account(s) and all data about widgets associated with these accounts, log in to your user account, go to the Instagram accounts page, click the three-dot button next to the Instagram account, click the Remove account button and confirm the deletion in the modal window. This action is irreversible.
5.2.2 Deleting data through Data Deletion request
If you didn’t purchase any add-ons on our website, you can also send a Data Deletion request, which will remove data obtained from Instagram API:
- A consumer connection Data deletion request can be sent through the Instagram Apps and Websites page.
- A business connection Data deletion request can be sent through the Facebook Business integrations page.
Find our service on the list of apps/integrations, click the Remove button, and confirm sending the Data Deletion request.
If you purchased a widget add-on for a selected Instagram account or widget, follow the instructions in point 5.2.1. It protects you from accidentally deleting your paid services through a Data Deletion request.
5.3 Deleting widgets data
To delete a particular widget(s) data, log in to your user account, go to the My Widgets page, click the Show more button next to the widget you want to delete, click the Delete widget button, and confirm the deletion in the modal window. This action is irreversible.
5.4 Additional methods
You can also request to delete your widget data, Instagram account data, or user data by submitting a support ticket on our Support page.
The Support page contains articles with detailed instructions on deleting widget data, Instagram account data, and user data.
5.5 Data that we must keep
We keep aggregated and anonymized data about the number of clicks and views of the deleted widgets, anonymized logs regarding your widgets/accounts/user data for 30 days, and backups for 30 days.
If you purchased any add-on for your widget(s), we have a legal obligation to keep the transactional data mentioned in section 1.7 of this policy for 5 years.
6. Data controller
The data controller responsible for your information is Black Sail Division, a company registered in Poland with company NIP number: 5482617350.
You can contact us by submitting a support ticket or by mail at:
Black Sail Division
Molczyn 17 street,
Leszna Gorna
43-445 Dziegielow
7. Changes to our Privacy Policy
This privacy policy may change from time to time in line with legislation or website developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes.
8. Updates
28.06.2024 – We removed point 2.6 about using DigitalOcean as our data processor, as we no longer use their services. We added more detailed information and privacy policy links to new point 2.6 (previously 2.7). We rewrote point 5 with more detailed instructions about removing your data from our services.
06.03.2023 – We have added information about using a new payment gateway – Stripe.
19.05.2023 – We changed the title of section 1.7 and improved the wording of this section. We also added section 1.8, which covers the additional information collected when users purchase the image optimization add-on.
18.10.2022 – We improved section 1.4 of this policy to avoid confusion between logging in and connecting the Instagram account. We also added information about the storage of the profile picture on our servers in section 1.7.
28.12.2021 – We improved the information on how to delete the entire account or individual elements such as widgets or connected Instagram accounts, and added links for easier navigation through the functionalities.
31.08.2021 – We removed the information about Google Analytics from point 1.2 of this policy. We no longer use it on our website.
16.07.2021 – We updated point 1.2 about the new information that we collect from our users. We have created a new widget creator with configurable preferences. Right now the preferences can be saved in the user browser. In point 1.4, we updated the link to the Instagram API and added information about additional information that we store in our database after we released the option to add a header to the widget. We also added point 2.6 describing our additional server provider – Digital Ocean. The previous section 2.6 was changed to 2.7. Additionally, we improved punctuation marks and syntax throughout the document
07.08.2020 – We updated point 1.3 about the new information that we collect. We started to collect search phrases that users use on our Support page via input. We want to improve our support page so it would be easier to find the solution to the problem without submitting a support ticket.
01.04.2019 – We updated point 1.7 about information collected when you purchase the widget upgrade. We added a new payment gateway – PayU and we added information about the data we collect from the PayU system.
Date of Last Revision: June 28, 2024