Skip to content
GramlensGramlens

Privacy Policy

Effective date: February 2026Last updated: March 2026

1. Introduction

Gramlens (“Service”, “we”, “us”, “our”) operates the website at gramlens.pro and the Gramlens Chrome browser extension. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our Service.

This Policy applies to all users of the Service. If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) applies to our processing of your personal data.

By using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller

The data controller responsible for your personal data is Gramlens, operated by a sole proprietor registered in Kaliningrad.

Contact email: support@gramlens.pro

3. Information We Collect

3.1. Account Information

When you create an account, we collect information provided through your chosen authentication method:

  • Email address
  • Display name (via Google OAuth, if provided)
  • Telegram ID (if you link your Telegram account for notifications)

We do not store your Google password. Authentication is handled entirely through OAuth 2.0 with PKCE.

3.2. Instagram Public Data

When you use Gramlens to analyze an Instagram profile, we process publicly available data, including usernames and follower/following lists. This data is accessed through your own authenticated Instagram session in the browser — Gramlens does not store your Instagram credentials and does not access private profiles.

Exported data (follower/following lists) may be stored on our servers temporarily, depending on your subscription plan, to allow you to access your export history.

Deep Scan Feature. When you use the Deep Scan feature, Gramlens collects additional publicly available information from Instagram business and creator profiles, including:

  • Biography text
  • Public email address (if provided by the account owner)
  • Public phone number (if provided by the account owner)
  • Contact phone number (if provided by the account owner)
  • Street address (if provided by the account owner)
  • Business category
  • City name
  • Website URL
  • Bio links (URLs listed in the biography)
  • Profile statistics (followers, following, and posts count)
  • Account type (business, creator, or personal; public or private)

This data is voluntarily published by Instagram users on their public profiles. Deep Scan requires explicit confirmation before starting and processes each profile individually. The collected data is stored in your account and is not shared with third parties.

3.3. Usage and Analytics Data

We use Google Analytics to collect anonymized usage statistics about the website. This may include:

  • Pages visited and time spent on them
  • Browser type and version
  • Operating system
  • Referral source
  • IP address (anonymized)

For details on how cookies are used, see our Cookie Policy.

3.4. Payment Data

We do not store your credit card number or full payment credentials. Payments are processed entirely by third-party payment provider (Tribute). We retain only transaction records: subscription plan, amount, date, and payment status.

3.5. Chrome Extension Data

The Gramlens Chrome extension stores data locally on your device using chrome.storage.local. This includes extension settings and parsing session state (profile name, progress, cursor). This data remains on your device and is not transmitted to our servers unless you initiate an export. The extension also collects anonymous usage analytics and error reports as described in Section 3.6.

3.6. Extension Analytics and Error Reporting

Usage Analytics. The extension uses Google Analytics 4 (GA4) Measurement Protocol to collect anonymous usage statistics. Data collected includes: a randomly generated client identifier (UUID), session events (feature usage, navigation), and user properties (subscription tier, extension version, locale). If you are signed in, your anonymized user ID may be linked to analytics data for cross-device continuity. Analytics data is sent to Google servers and is subject to Google’s Privacy Policy.

Error Reporting. When the extension encounters errors, it may send error reports to our servers (Supabase). These reports include: error messages, stack traces, browser user agent string, extension version, and the URL context where the error occurred. Error reports do not contain personally identifiable information.

Opt-out. You can disable usage analytics at any time through the extension’s data disclosure dialog or in extension settings. Error reporting cannot be disabled separately as it does not collect personal data and is essential for maintaining extension quality.

4. How We Use Your Information

We use collected information to:

  • Provide and maintain the Service (account, exports, history)
  • Process payments and manage subscriptions
  • Store and serve export results based on your plan
  • Analyze website usage to improve the Service
  • Collect anonymous usage analytics and error reports to improve extension quality
  • Ensure security and prevent abuse
  • Comply with legal obligations

5. Legal Basis for Processing

We process your personal data on the following legal bases under the GDPR:

  • Consent — for analytics cookies and optional communications
  • Performance of a contract — to provide the Service you signed up for (account, exports, subscriptions)
  • Legitimate interests — to improve the Service, ensure security, and prevent fraud
  • Legal obligation — to comply with applicable laws, including tax and financial reporting requirements

6. Data Sharing

We do not sell your personal data. We may share data with the following categories of third parties, solely to provide and operate the Service:

  • Supabase (hosted on Amazon Web Services) — authentication, database, and file storage. Data is processed on AWS infrastructure in the EU (Frankfurt) and US regions
  • Google — OAuth sign-in and analytics
  • Tribute — payment processing

We may also disclose personal data when required by law, court order, or governmental request, or to protect the rights and safety of the Service and its users.

7. Cross-Border Data Transfer

Your data may be transferred to and processed in countries outside your country of residence. In particular:

  • Supabase infrastructure is located in the EU and US
  • Google services are located in the US

Where data is transferred outside the EU/EEA, appropriate safeguards are in place (such as Standard Contractual Clauses or adequacy decisions) to ensure an adequate level of data protection.

8. Data Retention

We retain your data for the following periods:

  • Account data — while your account is active, plus 30 days after deletion request
  • Export and Deep Scan data — stored while your account is active; automatically deleted 30 days after account deletion. Free plan: last 3 exports retained. Paid plans: full export history retained during active subscription. After subscription cancellation: data retained for 30 days, then deleted
  • Payment records — 3 to 5 years as required by tax and financial regulations
  • Analytics data — governed by our Cookie Policy

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Row-level security (RLS) on all database tables
  • HTTPS encryption for all data in transit
  • OAuth 2.0 with PKCE for authentication — no password storage
  • No storage of Instagram credentials or session tokens

While we strive to protect your data, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to support@gramlens.pro.

10. Your Rights

Under the GDPR and other applicable data protection laws, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate or incomplete data
  • Erasure — request deletion of your personal data
  • Data portability — receive your data in a structured, machine-readable format
  • Restriction — request restriction of processing in certain circumstances
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — withdraw consent at any time where processing is based on consent
  • Lodge a complaint — file a complaint with a supervisory authority in your country of residence

To exercise any of these rights, contact us at support@gramlens.pro. We will respond within 30 days.

11. Cookies

Our website uses cookies and similar technologies. For detailed information about the types of cookies we use, how to manage them, and your choices, please see our Cookie Policy.

12. Third-Party Links

The Service may contain links to external websites that are not operated by us. We are not responsible for the privacy practices or content of third-party sites. We encourage you to review the privacy policies of any external sites you visit.

13. Children’s Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have inadvertently collected data from a child, please contact us at support@gramlens.pro and we will promptly delete it.

14. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. The current version is always available on this page. If we make material changes, we will notify you via a banner on the website or by email.

15. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@gramlens.pro

© 2026 Gramlens. All rights reserved.