Instagram Integration

This page describes how our SaaS platform integrates with Instagram on behalf of our clients, what data we access, and how clients stay in control of that access.

How the integration works

Lomdaat Technologies operates a SaaS platform that helps our clients — Instagram Business and Creator account owners — monitor their own Instagram presence. After a client connects their Instagram Business account to our app via Facebook Login for Business, our system periodically reads the client's public profile metadata and their own published media (photos, videos, captions, timestamps) via the Instagram Graph API.

When new media is detected, we notify the client's team through our dashboard so they can review their own published content in one place. We do not edit, publish, delete, or modify any content — access is strictly read-only on the client's own account.

Connection flow

1. An authorized admin inside our client's organization initiates the connection from our dashboard.
2. The admin is redirected to Facebook and asked to authorize our app to access their Pages and linked Instagram Business accounts.
3. Facebook returns a long-lived access token, which we store encrypted in our database.
4. We look up the Instagram Business account linked to each of the admin's Facebook Pages and associate it with our client's workspace.
5. From that point on, our system periodically reads the client's own published media and notifies their team of new posts.

Permissions we request

We request the minimum set of Facebook/Instagram permissions required to offer a read-only view of the client's own content:

• instagram_basic — to read profile information and published media of the client's own Instagram Business account.
• pages_show_list — to list the Facebook Pages the connecting admin manages.
• pages_read_engagement — to look up the Instagram Business account linked to the client's Facebook Page.

We do not request permissions to publish, delete, or modify content, to send or read messages, or to manage ads.

Data we store

• Instagram Business account ID and username (the public handle).
• Associated Facebook Page ID and the connected Facebook user ID.
• An encrypted long-lived Page Access Token that authorizes our periodic read calls.
• Metadata of media published on the client's own account: media ID, type, caption, permalink, timestamp, and public media URLs.
• Operational metadata such as connection status and the time of the most recent successful refresh.

Data we do not touch

• We do not read Direct Messages or comments.
• We do not access insights or analytics.
• We do not access ad accounts or billing data.
• We do not access data about other users or accounts that our client does not own.

Revoking access

Clients can disconnect at any time in two ways:

• From our dashboard — which marks the connection as revoked and stops all further reads.
• From their Facebook account's Business Integrations settings — which removes our app's permissions on the Facebook side.

When a connection is revoked, we stop all further API calls against the client's account. Stored metadata can be deleted on request at zvis@hadran.net.

Compliance

Our integration complies with the Meta Platform Terms and Developer Policies. Please review our Privacy Policy for details on data handling.