DolphinRadar Privacy Policy

This Privacy Policy explains how DolphinRadar collects, uses, shares, and retains information when you:

● visit our websites, landing pages, and dashboards;

● create an account, purchase a subscription, or use paid features;

● use our Instagram analytics and tracking features; and/or

● use our AI features, including the Memory Chatbot (the “Chatbot”).

If you do not agree, do not use the Services.

Because users may access the Services from other regions (including EU/UK), we include an international section below and placeholders you can finalize with legal counsel.

● “Personal Information”: information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked with an individual (as defined by applicable law).

● “Chat Content”: what you type into the Chatbot, including prompts, uploaded text, selected options, and feedback, plus the Chatbot outputs.

● “Tracking Data / Report Data”: analytics results we generate (e.g., changes over time, patterns, summaries) and report content derived from tracked accounts and your usage.

● “Memory”: a structured representation (signals, summaries, preferences, watchlist/goal selections, and “what changed” notes) used to answer questions more consistently. Memory is not a guarantee of completeness or accuracy.

● “Waiting Period”: the period when tracking/report content is still being generated or is incomplete (e.g., early days after you start tracking), during which Chatbot responses may be less supported.

● “Demo Mode”: a limited experience using sample or illustrative data (for example, after cancellation when memory is cleared but a small number of demo messages remain available).

Account and basic profile information

We may collect:

● email address, username, account status, and account settings;

● customer support communications and preferences (e.g., language, notification choices).

Payment and billing information

Payments are typically processed by third-party payment processors (e.g., Stripe). We may receive and store:

● subscription plan, product identifiers, billing cycle, payment status, invoice metadata, and partial transaction identifiers;

● we do not store full card numbers; card details are handled by the payment processor.

Deletion note (billing): if you request account deletion, we may still retain certain billing records for legal, tax, accounting, fraud-prevention, and audit purposes. See the Data Retention section.

Usage, Device, and Log Data

We may collect usage, device, and log data to operate, secure, and improve the Services. This data may include:

● device and environment information (such as device type, browser type, operating system, app version, time zone, and language);

● interaction data (such as pages or features accessed, buttons clicked, and timestamps);

● diagnostics and performance data (such as error events and system health indicators);

● security-related logs used for abuse prevention, fraud detection, and system integrity.

Log categories and retention:

● requests and interaction metadata retained only for as long as reasonably necessary to operate the Services, diagnose issues, and understand feature usage patterns;

● error and performance logs retained only for as long as necessary to investigate errors, improve performance, and maintain service reliability;

● security and audit logs retained for as long as necessary to protect the Services, prevent abuse or fraud, and comply with legal or regulatory obligations.

We apply data minimization principles, restrict access to authorized personnel, and periodically review retention practices to reduce the amount of data retained where feasible.

Cookies and similar technologies

We may use cookies, SDKs, pixels, and similar tech for:

● essential site functionality,

● analytics and performance measurement,

● attribution, and (if you enable it) marketing.

Data categories used by the Chatbot

The Chatbot may use:

● Tracking/Report Data (signals and summaries from tracked accounts and your watchlist/goals) to generate explanations and insights;

● Account context (plan tier, feature availability, and state such as “Waiting Period,” “Active,” “Canceled,” “Demo Mode”) to show accurate availability/limitations;

● Safety and integrity signals (rate limits, abuse indicators, policy flags) to prevent misuse.

How the Chatbot uses this data

We use the above data for:

● Conversational explanations: summarizing signals into readable insights and “what changed” narratives;

● Personalization (Memory): carrying forward non-sensitive preferences (e.g., what you track, what you care about) so you don’t have to repeat yourself;

● Expectation management during Waiting Period: clearly communicating when report content is incomplete and when richer responses may become available;

● Safety & misuse prevention: detecting suspicious usage patterns and preventing harassment or illegal surveillance;

● Support & troubleshooting: diagnosing issues when you contact support.

Local analysis and natural-language generation only

To reduce privacy risk, the Chatbot is designed so that analytics and classifications are performed on DolphinRadar servers, and third-party AI services (if used) are limited to natural-language generation.

In general, when you ask an analytics question, we:

● compute the underlying analytics on DolphinRadar servers (such as interaction counts, ranking lists, and sentiment classification);

● generate a structured, minimized summary (e.g., aggregated counts, ranks, coarse time ranges, and high-level labels);

● send only that minimized summary (and minimal prompt context) to the AI service to generate user-friendly wording; and

● after receiving the wording, we may replace pseudonymous references (e.g., “Account #1” or hashed IDs) with the relevant Instagram handles on DolphinRadar servers.

We do not intentionally send to the AI service: Instagram usernames/handles, profile URLs, comment text, post/media content, direct messages, or other raw scraped content.

Important: pseudonymization and aggregation reduce risk, but may not eliminate the possibility that information relates to individuals. Please avoid providing sensitive personal information in Chat Content.

Waiting Period: availability and expectations (dispute reduction)

During the Waiting Period:

● some reports, comparisons, or “what changed” summaries may be unavailable or incomplete;

● Chatbot answers may rely on partial signals and may be inaccurate, incomplete, or speculative;

● we may show UI status like “Waiting for report to complete” or similar notices.

We do not guarantee:

● the accuracy of any inference, predicted behavior, or relationship interpretation;

● that any tracked signal will update on a specific schedule;

● that the Chatbot will always have enough data to answer.

To reduce risk and comply with platform integrity and user trust, DolphinRadar’s Chatbot and analytics features are read-only:

● We do not post, comment, like, follow/unfollow, send DMs, or perform Instagram actions on your behalf.

● We do not ask for your Instagram password, two-factor codes, recovery codes, or other secret credentials.

● We do not impersonate you or any other person.

● We do not claim “100% secure,” “never fails,” “guaranteed accuracy,” or “guaranteed results.”

If a request suggests harassment, unlawful monitoring, or other misuse, we may refuse the request, limit functionality, or suspend accounts.

You may use DolphinRadar to analyze accounts that are not you (for example, a public creator or a handle you are tracking). When you input or track a handle, you represent and warrant that:

● you have a lawful basis to do so;

● you will not use the Services for harassment, stalking, discrimination, doxxing, blackmail, or any illegal monitoring;

● you will comply with applicable laws and platform rules.

How we treat third-party data:

● We aim to minimize collection and store structured results and summaries rather than unnecessary raw content where feasible.

● We may treat certain information about others as Personal Information under applicable law.

● We may restrict access, reduce granularity, or disable features to prevent misuse.

Instagram relationship clarification:

● We provide analytics and summaries; we do not provide official Instagram services; Instagram does not endorse our results.

Please do not input or share sensitive data in chat or support channels, including:

● passwords, one-time passcodes (OTP), 2FA/recovery codes;

● government ID numbers (passport, driver’s license, national ID);

● full payment card numbers, CVV, bank account details;

● medical records, genetic/biometric data, or highly sensitive personal data;

● private keys, seed phrases, crypto wallet credentials;

● confidential employer/client data you are not authorized to disclose.

If you accidentally share sensitive data, contact support at [email protected] and request removal (subject to technical and legal constraints).

Service providers (processors)

We may share information with vendors that help us operate the Services, such as:

● payment processing: Stripe;

● analytics providers: Google Analytics (GA4);

● email delivery: SendGrid.

These providers are permitted to use information only to provide services to us, subject to contracts.

AI model providers (if applicable)

For the Chatbot, our third-party AI model provider is Google’s Gemini API, provided by Google LLC and the applicable Google affiliate identified in the Gemini API terms for your region.

What we send: We are designed to send only minimized, aggregated, and/or pseudonymized analytics summaries (for example, ranks, counts, coarse time ranges, and high-level labels) and minimal prompt context needed to generate the wording.

What we do not intentionally send: Instagram usernames/handles, profile URLs, comment text, post/media content, direct messages, or other raw content. Where feasible, we use placeholders (e.g., “Account #1”) or hashed identifiers and perform any re-identification (mapping back to handles) only on DolphinRadar servers.

Provider policies: Third-party AI providers process data under their own terms and privacy policies. If you enable the Chatbot feature, you instruct us to transmit the minimized summary described above to that provider for generating the response.

No DPA notice (if applicable): At this time, we do not have a Data Processing Addendum (DPA) with the AI provider for this feature. Accordingly, we rely on your explicit consent (and/or other lawful bases where permitted) to transfer limited data to the provider, which may process data outside your country of residence (including outside the EEA/UK). If you do not agree, do not use the Chatbot.

Retention: We do not represent stronger guarantees than we can enforce contractually. If we offer a setting to reduce provider retention or training, we will describe it clearly in-product. We may also maintain our own logs and records as described in the Data Retention section.

Deletion limitation: When you delete your chat history or request deletion, we will delete our stored copies subject to the Data Retention section. We cannot guarantee deletion of data that may be temporarily retained by third-party AI providers for security/abuse monitoring or legal compliance.

Legal, safety, and business events

We may disclose information if we believe disclosure is necessary to:

● comply with law, regulation, legal process, or governmental request;

● protect the rights, safety, or property of DolphinRadar, our users, or others;

● investigate and prevent fraud, abuse, or security incidents.

Corporate transactions

If DolphinRadar is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, information may be transferred as part of that transaction. We do not publicly disclose your data because of such a transaction; access remains governed by this Policy and the applicable deal constraints.

Account and operational retention

We keep information only as long as necessary for the purposes described in this Policy, unless a longer period is required by law.

Account profile and settings: retained while your account is active and for up to sixty (60) days after account deletion, unless a longer retention period is required by law.

Billing and payment records may be retained for up to seven (7) years as necessary to comply with legal, tax, accounting, dispute resolution, fraud prevention, and audit obligations.

Memory Chatbot retention (post-cancellation + renewals)

● During an active subscription: Memory may grow as you use the Chatbot and as tracking/report content becomes available.

● After cancellation: ongoing subscription Memory is cleared (subject to technical constraints and backup cycles), except information we must retain for billing/legal purposes.

● If you restore/renew later: Memory starts as a new session (i.e., prior Memory is not revived unless you explicitly opt in and we provide a supported mechanism).

Access, deletion, and account controls

Depending on your plan and product design, you may be able to:

● delete individual chat messages or sessions (where available);

● clear Memory (where available);

● delete your account.

Deletion mechanism placeholders

When a user requests deletion of chats or account data, we will delete the user’s chat content and AI memory data. For tax, accounting, dispute handling, fraud prevention, and other legal compliance reasons, certain billing and transaction records may be retained and used only for those purposes. Deletion will be completed promptly after receiving the request through reasonable technical processes. We may retain necessary operational records for security and compliance purposes, but such records do not contain deleted user content.

Export / download limitations

At this time, export/download may not be available for certain data (including chat transcripts or Memory). If export is unavailable, we will disclose it clearly in-product and offer alternative controls where feasible.

Marketing and tracking opt-outs

● Opt-out of marketing communications: You may opt out of marketing-related emails and other communications by following the opt-out or unsubscribe instructions in the communications you receive from us or by contacting us as provided in the “Contact us” section. You may continue to receive Services-related and other non-marketing emails from us.

● Cookies and Other Tracking Technologies: To manage cookies, you may be able to change your browser settings to notify you when you receive a cookie, disable existing cookies, or automatically reject cookies (including certain types of cookies such as those set by third parties). Restricting cookies or other tracking technologies might negatively impact your experience, and you may need to apply settings on each browser and device you use.

● Do Not Track: Browser implementations vary, and we do not currently respond to Do Not Track signals.

We use the following statements to align with U.S. state privacy laws (including CCPA/CPRA) and common definitions:

● We do not “sell” Personal Information for monetary consideration.

● We do not “share” Personal Information for cross-context behavioral advertising as defined by applicable law.

● We do not engage in targeted advertising based on your activity across non-affiliated websites or services.

Our use of analytics and service providers is limited to service-provider processing for operational and performance purposes and does not constitute a “sale” or “sharing” under applicable law.

We maintain reasonable administrative, technical, and physical safeguards designed to protect information. Safeguards may include:

● access controls and role-based permissions,

● monitoring, logging, rate limits, and abuse detection,

● secure development practices and incident response processes.

No method of transmission or storage is 100% secure; therefore we cannot guarantee absolute security.

If you access the Services from outside the United States, your information may be processed and stored in the United States or other jurisdictions where DolphinRadar or its service providers operate.

Where required by law, we use appropriate safeguards for cross-border transfers, which may vary by vendor and processing activity (for example, Standard Contractual Clauses or other lawful transfer mechanisms).

Legal bases

We process Personal Information under one or more legal bases, including:

● performance of a contract (providing the Services);

● legitimate interests (security, fraud prevention, service improvement);

● consent (cookies/marketing where required);

● legal obligation (tax/accounting/compliance).

Rights

You may have rights to access, correct, delete, restrict, object, and port your data, and to withdraw consent where applicable. You may also lodge a complaint with your local supervisory authority.

How to submit requests: [email protected] with subject “GDPR Request”.

To protect users, third parties, and platform integrity, we may implement measures including:

● automated misuse detection (such as rate limits, anomaly detection, and policy-based filters);

● limited human review where necessary for fraud prevention, legal compliance, or safety;

● enforcement actions such as warnings, feature limitations, suspension, or termination.

We do not guarantee that misuse can always be detected or prevented. Enforcement decisions may be made based on available signals and context.

Our Services may contain links to third-party websites or services. Their privacy practices are governed by their own policies. We do not control and are not responsible for third-party content, policies, or practices.

We may maintain records of privacy requests (e.g., DSARs), consent logs, and related audits to demonstrate compliance and improve our processes.

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last Updated” date. Material changes may be communicated through the Services or by email.