Privacy Policy
Last updated: 9 April 2026
1. Introduction
Instantly (即店) ("we", "us", or "our") operates an AI-powered platform that converts Instagram posts into shoppable storefronts. This Privacy Policy explains how we collect, use, disclose, and protect personal data when you use our services, whether as a merchant (seller) or a consumer (buyer).
We are committed to complying with the Personal Data (Privacy) Ordinance (Cap. 486) of the Laws of Hong Kong ("PDPO") and all applicable data protection regulations.
Note: The formal legal entity name for Instantly will be updated once company registration is finalised. All references to "Instantly" in this policy refer to the operator of the instantlystore.com platform.
2. Information We Collect
Merchant Data
When you sign up as a merchant, we collect:
- Account information: your name, email address, and login credentials
- Instagram account details: your Instagram username, profile information, and authorised access to your public posts (images and captions only)
- Payment information: your Stripe account ID for receiving payouts (we do not store your bank account details directly — these are held by Stripe)
Consumer Data
When you make a purchase through an Instantly-powered storefront, we collect:
- Contact information: your name and email address
- Delivery address: provided during checkout for order fulfilment
- Payment details: processed entirely by Stripe — we never see, store, or have access to your card numbers or bank details
Instagram-Derived Data
When a merchant connects their Instagram account, our AI processes:
- Post images and captions to extract product information (names, prices, sizes, colours)
- Profile information (username, bio) for storefront branding
We do not collect or process comments, tagged users, follower lists, or any third-party personal data from Instagram. Our AI pipeline is designed to extract only product-related information from the merchant's own content.
3. How We Use Your Information
We use the personal data we collect solely for the following purposes:
- Storefront creation and management: generating and maintaining merchant storefronts from Instagram content
- Transaction processing: facilitating purchases, payments, and order fulfilment between merchants and consumers
- Platform communications: sending transactional emails (order confirmations, shipping updates, account notifications)
- Service improvement: analysing aggregate, anonymised usage patterns to improve platform functionality
What We Do NOT Do
- We do not use your data for AI model training unrelated to your storefront
- We do not sell, rent, or trade your personal data to third parties
- We do not use your data for advertising or marketing purposes beyond platform-related communications
- We do not share merchant sales data, pricing, or customer information with other merchants
4. Third-Party Service Providers
We share personal data with the following service providers, each of whom processes data solely for the purposes described:
| Provider | Data Shared | Purpose | Data Location |
|---|---|---|---|
| Cloudflare | Hosting data, anonymised analytics | CDN, web hosting, D1 database, privacy-preserving analytics | Global edge network |
| Stripe | Payment and payout data | Payment processing, merchant payouts (PCI DSS Level 1 compliant) | As per Stripe's data processing terms |
| OpenAI | Post images and captions | AI product extraction (processed in transit via API, not retained by OpenAI per their API data usage policy) | United States |
| Resend | Email addresses | Transactional email delivery | United States |
| Meta / Instagram | Authorised profile and post data | Data fetched per merchant's explicit Instagram authorisation | As per Meta's data policy |
We require all third-party processors to handle your data in accordance with applicable data protection laws and our contractual obligations.
5. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account data (merchants and consumers) | Duration of active account + 30 days after deletion | Service provision and account recovery |
| Transaction records | 7 years after the transaction | Compliance with the Hong Kong Companies Ordinance (Cap. 622) |
| AI processing logs | 90 days | Audit trail and service quality assurance |
| Instagram access tokens | Encrypted at rest; automatically deleted upon disconnection | Security best practice |
When data reaches the end of its retention period, it is securely deleted or irreversibly anonymised.
6. Your Rights
Under the PDPO, you have the right to:
- Access your personal data held by us
- Correct any inaccurate personal data
- Request deletion of your personal data (subject to legal retention requirements)
How to Exercise Your Rights
Send your request to support@instantlystore.com with the subject line "Privacy Request". Please include enough information for us to verify your identity and locate your data.
We will:
- Acknowledge your request within 7 days
- Fulfil your request within 40 days (the statutory deadline under PDPO Data Protection Principle 6)
If we are unable to comply with your request (for example, where data must be retained for legal reasons), we will explain why within the same timeframe.
We do not charge a fee for processing data access or correction requests, except where a request is manifestly unfounded, repetitive, or excessive.
7. Cookies and Tracking
We use minimal cookies and tracking:
- Session cookies: essential for authentication when you are logged in. These expire when your session ends.
- Cloudflare analytics: privacy-preserving, aggregate analytics that do not collect or store any personally identifiable information.
We do not use third-party analytics cookies, advertising trackers, or cross-site tracking technologies.
8. Children's Privacy
Our platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete it. If you believe a child has provided us with personal data, please contact us at support@instantlystore.com.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.
For material changes, we will notify registered users by email before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.
10. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: support@instantlystore.com Subject line: Privacy Inquiry
We aim to respond to all inquiries within 7 business days.