Privacy Policy

1.1 Controller Identity

The data controller responsible for your personal information is:

SESHAT LAB PTE. LTD.
10 Anson Road, #28-18 International Plaza
Singapore 079903

For privacy questions, contact: [email protected]

1.2 Scope

This Policy applies to information we collect through the dolphinradar.com website, dashboard, mobile or responsive web app, customer support interactions, and the product-update emails we send to subscribed users. It does not apply to:

● information you provide to Instagram or any third-party platform (governed by that platform's own privacy policy);

● the public Instagram data that we observe (which is information made public by the underlying account holders on the Instagram platform).

1.3 Excluded Regions

dolphinradar is not offered to residents of the European Economic Area, the United Kingdom, Switzerland, or other regions listed in our Terms of Use Section B.2. At signup, every user represents that they are not a resident of an Excluded Region; we rely on those representations in good faith and do not separately monitor IP geolocation for residency verification.

This Policy does not provide GDPR-specific rights because the Service is not intended for users in those regions. If you nevertheless accessed the Service and believe your personal data was collected in error, email [email protected] with proof of residency and we will delete your account and associated data within 30 days.

2.1 Information You Provide

When you create an account or use the Service, you provide:

● Account info: email address, password (hashed), country (for tax and compliance purposes);

● Subscription info (Paid Tier): your selected plan and payment method (we use Stripe — see Section 4);

● Tracking targets: Instagram usernames you ask us to monitor;

● Communications: messages you send to support, feedback you provide, survey responses;

● Optional profile data: profile photo, time zone, notification preferences.

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

● Device info: IP address, browser type and version, operating system, device identifiers, screen size, language;

● Usage info: pages viewed, features used, search queries, dashboard interactions, session duration, referrer URL, click-through paths;

● Cookies and similar technologies: see Section 9;

● Performance and error data: crash logs, error reports, latency metrics.

2.3 Information We Observe from Instagram

To provide the Service, we observe publicly accessible information about Instagram accounts you ask us to track:

● public profile info (username, display name, bio, follower count, following count, post count);

● public posts (captions, hashtags, posting timestamps);

● public engagement signals (public likes by the tracked account on other public posts, public comments, public follows and unfollows of other public accounts);

● aggregated metadata about activity patterns.

We do not collect:

● private messages, direct messages, or private stories;

● content from private accounts;

● biometric identifiers (we do not run facial recognition, gait analysis, or any biometric processing on Instagram photos — we store and display photos as-published, without algorithmic identification);

● precise geolocation;

● payment card numbers (handled by Stripe).

About analytical inferences (AI Insights): as part of generating your report, our system may produce AI-generated analytical content from a tracked account's publicly observable activity — including personality-type approximations, persona snapshots, interest analysis, engagement patterns, lifestyle indicators, venues mentioned, and discussion-topic suggestions. These outputs are described in Section 3.3, are approximate, and carry an explicit "informational use only" disclaimer in both this Policy and within the product interface. They are not psychological diagnoses, consumer reports, or verified statements of fact.

2.4 Information from Third Parties

We may receive limited information from:

● Stripe, our payment processor: transaction status, last 4 digits of card, billing country (we never receive full card numbers);

● Authentication providers (if you sign in with Google or Apple): your verified email and name;

● Customer support tools: chat transcripts, ticket metadata;

● Analytics providers (Google Analytics): aggregated traffic data.

3.1 Purposes of Use

We use the information we collect to:

(a) Provide the Service — show you reports about the Instagram accounts you track; deliver dashboards, alerts, and exports;

(b) Process payments — bill paid subscribers, handle refunds, prevent fraudulent charges;

(c) Support — answer your questions, troubleshoot, restore lost access;

(d) Improve the Service — analyze usage to fix bugs, prioritize features, measure performance, evaluate new functionality;

(e) Communicate — send transactional emails (receipts, account notices, security alerts) and, if you have not opted out, product-update emails to subscribed users;

(f) Secure the Service — detect abuse, prevent fraud, investigate violations of our Terms, defend against threats;

(g) Comply with law — meet legal, regulatory, and tax obligations; respond to lawful requests from authorities.

3.2 We Do Not Sell or Share for Cross-Context Behavioral Advertising

We do not sell your personal information, and we do not share your personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). We do not engage in profiling that produces legal or similarly significant effects, and we do not work with advertising networks or data brokers.

3.3 Use of AI in Our Product / No Training on Your Data

(a) We use AI / large language models inside the product to generate analytical content describing the Instagram accounts you ask us to track. AI-generated content in our reports includes:

● personality-type approximations (e.g., MBTI-style indicators);

● persona snapshots and personality hints;

● interest and content-theme analysis;

● accounts the tracked account publicly engages with;

● lifestyle indicators inferred from public posts;

● venues and public locations mentioned in account activity;

● discussion topics suggested by recent content;

● notable patterns or anomalies in posting activity.

All AI outputs are derived solely from publicly observable Instagram activity of the accounts you ask us to track. We do not access private accounts, private messages, or any non-public data to produce these outputs.

(b) We do not use your personal information — your account info, dashboard usage, search queries, or messages to support — to train any AI / ML model, whether ours, our vendors', or any third party's. AI is used only at inference time to generate report content, then discarded by the AI provider per its API processing terms.

(c) AI-generated content is approximate, generated by automated systems, and provided for informational purposes only. It is not:

● a psychological diagnosis, professional assessment, or clinical evaluation;

● a consumer report or background-check report under the Fair Credit Reporting Act or any analogous law;

● a verified statement of fact about any individual;

● a basis for credit, employment, housing, insurance, or other consequential decisions about any person.

AI outputs may be inaccurate, incomplete, or out of date. You should not rely on them as the sole basis for any action affecting another person.

(d) AI processing of public Instagram activity is performed by selected commercial AI providers under contractual data-protection terms. We send only the publicly observable Instagram content necessary to generate the requested analysis; AI providers process this content as our service providers and may not use it to train their general-purpose models.

(e) Your responsibility. Our Terms of Use Section C.2(k) and (l) prohibit using AI Insights to physically locate or approach a person, or as input to consequential decisions. By using the Service, you agree to use AI outputs only for lawful informational purposes.

4.1 Service Providers

We work with carefully selected service providers who process information on our behalf, under contractual confidentiality and data protection obligations. We share the minimum information necessary for each provider to perform its function. Categories include:

● Cloud infrastructure — server hosting, content delivery, and database services;

● Payment processing — Stripe, Inc., for subscription billing and fraud prevention;

● Communications — transactional email delivery and customer support tools;

● Analytics — aggregate usage and performance measurement;

● AI providers — generation of analytical insights from public Instagram activity (see Section 3.3);

● Security and reliability — error monitoring, abuse detection, backup.

We do not share information with advertising networks, data brokers, marketing-data buyers, or any third party for the purpose of building or enriching commercial profiles of you.

A current list of named service providers, with locations and brief descriptions of data processed, is available on request at [email protected]. We will respond within 14 days. We update our list of providers when material changes occur.

4.2 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred to the successor entity. We will notify you of any such transfer affecting your information.

4.3 Legal Compliance

We may disclose information when we believe in good faith that disclosure is:

● required by law, regulation, legal process, or governmental request;

● necessary to enforce our Terms;

● necessary to detect, prevent, or address fraud, security, or technical issues;

● necessary to protect the rights, property, or safety of dolphinradar, our users, or the public.

When legally permitted, we will give affected users notice before disclosing in response to government requests.

4.4 No Sale of Personal Information

Consistent with Section 3.2, we do not sell personal information for monetary or other valuable consideration.

5.1 Retention Schedule

We retain information for the following periods:

We may retain certain information beyond these periods when required by law, when needed to defend against legal claims, or when contained in a record we are legally required to preserve.

5.2 Deletion

When information reaches the end of its retention period or you request deletion:

● account-level data is permanently deleted from production within 30 days;

● backup copies are overwritten on rolling cycles within 90 days;

● de-identified, aggregated data may be retained indefinitely for product analytics.

6.1 Safeguards

We employ commercially reasonable technical and organizational measures to protect your information, including encryption of data in transit, restricted access for personnel, and due diligence on our service providers. No security program is impenetrable. If you suspect unauthorized access to your account, contact [email protected] immediately.

6.2 Breach Notification

If we experience a security incident that affects your personal information, we will notify affected users without undue delay and consistent with applicable law, generally within 72 hours of becoming aware of the incident's nature and scope, when notification is required or appropriate.

7.1 Universal Rights

Regardless of where you live, you may:

● Access — request a copy of the personal information we hold about you;

● Correct — ask us to correct inaccurate information;

● Delete — ask us to delete your account and associated data, subject to legal retention obligations;

● Export — receive your information in a portable format;

● Withdraw consent — for any processing based on consent;

● Opt out of product-update emails — via the unsubscribe link in each email or via account settings;

● Complain — contact us with concerns, or contact your local data protection authority where applicable.

7.2 How to Exercise Your Rights

Email [email protected] from the address associated with your account, describing the right you wish to exercise. We will:

● acknowledge your request within 7 days;

● respond substantively within 45 days (extendable by 45 more days for complex requests, with notice);

● verify your identity before fulfilling sensitive requests.

There is no fee for most requests. We may charge a reasonable fee for excessive or repeated requests, or refuse such requests, consistent with applicable law.

7.3 Cookies Choices

See Section 9 for cookie-specific controls.

8.1 Notice to California Residents

This Section 8 applies to California residents and supplements Section 7. We comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA) and, where applicable, California's Data Broker Registration law (Senate Bill 361, effective January 1, 2026).

8.2 Categories of Information

In the past 12 months, we have collected the following CCPA-defined categories of personal information:

We do not collect: precise geolocation, biometric info, sensitive personal information (as defined under CPRA), or information about minors under 16 that we knowingly process.

8.3 California Resident Rights

You have the right to:

● Know — what categories of personal information we collect, the sources, the purposes, and to whom we disclose it (this Policy provides that disclosure);

● Access — request a copy of the specific personal information we have collected about you in the prior 12 months;

● Delete — request deletion (subject to legal exceptions);

● Correct — request correction of inaccurate information;

● Limit use of sensitive personal information — we do not collect SPI as defined under CPRA, so this right is not applicable;

● Opt out of sale or sharing — as stated, we do not sell or share for cross-context behavioral advertising, so there is nothing to opt out of;

● Non-discrimination — we will not discriminate against you for exercising any CCPA right.

To exercise these rights, follow the process in Section 7.2.

8.4 Authorized Agents

You may designate an authorized agent to make a request on your behalf. We will require written proof of authorization and verification of your identity.

8.5 California Data Broker Registration (SB 361)

dolphinradar is not a "data broker" within the meaning of California Civil Code §1798.99.80 because:

(a) the personal information we process about Instagram users is information those users have made publicly available on Instagram, not information we collect through covert means;

(b) we provide our subscribers with analytics and aggregation as a direct service for which subscribers contract with us — not "selling" the underlying personal information as a stand-alone product;

(c) we do not maintain or offer a generally-available data product (such as a marketing list, identity-verification dataset, or background-check report) to the broader market.

To the extent any California regulator concludes otherwise, we will register and comply with all applicable obligations promptly upon notice.

8.6 Shine the Light Law

California residents may request information about disclosures of personal information to third parties for those third parties' direct marketing purposes during the prior calendar year. We do not make such disclosures.

9.1 Cookies We Use

We use the following cookie categories:

We do not use marketing cookies, advertising pixels, or cross-site tracking technologies.

9.2 Cookie Banner

If you are accessing the Service from a region where cookie consent is required, you will be presented with a cookie banner allowing you to accept or decline non-essential cookies. You can also manage cookies via your browser settings. Some Service features may not function correctly if you disable strictly necessary cookies.

9.3 Do Not Track and Global Privacy Control

We do not engage in cross-context behavioral advertising, so the practical impact of Do Not Track and Global Privacy Control browser signals on our processing is limited.

Our infrastructure, vendors, and personnel are located in multiple countries, including the United States, Singapore, and other regions in Asia and elsewhere. By using the Service, you acknowledge that your information will be transferred to and processed in these jurisdictions, which may have different data protection laws than your country.

For Singapore PDPA, we maintain comparable protection through contractual safeguards with service providers.

For California residents, we contract with service providers under terms requiring CCPA-compliant treatment.

We do not offer the Service to EEA, UK, or Swiss residents (see Section 1.3), so EU Standard Contractual Clauses and the UK International Data Transfer Addendum are not applicable.

11.1 Under 13

The Service is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If we learn we have collected such information, we will delete it.

11.2 13–17

Use by people between 13 and 17 requires verifiable parental or guardian consent (see Terms of Use Section B.1). Parents or guardians may request to access, correct, or delete their child's account information by contacting [email protected].

11.3 California Minor Eraser (Cal. Bus. & Prof. Code §22581)

If you are a California resident under 18 with a registered account, you may request removal of content or information you posted by contacting [email protected].

We may update this Privacy Policy. The "Last Updated" date at the top reflects the latest revision. We will provide notice of material changes by a notice on the dashboard or other reasonable means in advance of the changes taking effect.

For privacy questions, requests, or complaints:

Email: [email protected]

Mail: SESHAT LAB PTE. LTD., 10 Anson Road #28-18 International Plaza, Singapore 079903