Skip to main content

Legal

Privacy Policy

Last updated: 2026-01-01

This Privacy Policy explains what data HiddenViewer — operated by J.A.B. Enterprises (registration no. RO50573195), Str. Drobeta, Nr. 1, Bloc R11, Scara C, Etaj Parter, Apartament 1, Iași, Iași County, Romania ("we", "us", "our") — collects when you use hiddenviewer.com (the "Service"), how we use it, who we share it with, and how long we keep it.

1. What we collect

  • Account data: email address, full name, and country, collected at checkout.
  • Billing data: payments are processed by our payment processor, HiPay. We receive and store transaction records (amount, status, plan, date) but never your full card number, CVV, or other card-authentication data — that is handled entirely within HiPay's PCI-compliant systems.
  • Usage data: the Instagram usernames you look up, request status and timestamps, IP address, browser/device type, and basic activity logs needed to operate and secure the Service.
  • Cookies: see Section 6 below.
  • Retrieved content: see Section 2 below — retention differs by type.

We do not require and do not collect your own Instagram password or login credentials at any point.

2. How content is stored (and how quickly it's deleted)

Public account content (profiles, posts, reels, stories, highlights) is streamed to you on request and cached only transiently (typically hours) for performance. We do not maintain a permanent archive of public content on your behalf — you're expected to save anything you want to keep to your own device.

Manually-captured private-account content is stored only long enough to deliver it to you, and is automatically and permanently deleted 30 days after capture. You can delete it sooner yourself from your dashboard at any time.

3. Third parties we work with

We do not sell your personal data, and we do not share it with Instagram or Meta. We share data only with the service providers necessary to run the Service, each acting under their own privacy and security obligations:

  • RapidAPI-hosted Instagram data provider — receives the public Instagram usernames/URLs you submit, in order to retrieve public profile and content data on your behalf. This provider does not receive your account or payment information.
  • HiPay — our payment processor, which receives the billing information necessary to process your subscription payments. See HiPay's own privacy policy for how it handles payment data.
  • Brevo — our transactional email provider, used to send account credentials, receipts, and service notifications. Receives your email address and name.
  • Cloudflare — provides content delivery, security, and abuse protection for hiddenviewer.com, and processes technical/connection data (such as IP address) as part of that service.
  • Legal & compliance: we may disclose data when required by law, to enforce our Terms of Service, or to protect the rights, safety, or property of HiddenViewer, our users, or the public.

4. How we use your data

  • To create and operate your account, process lookups, and deliver results.
  • To process payments and manage your subscription (billing, renewals, receipts).
  • To send transactional emails (login credentials, billing receipts, manual-request updates).
  • To detect fraud, abuse, and violations of our Terms of Service, and to keep the Service secure.
  • To respond to support requests and, where you've consented, to send service updates.

5. Data retention

We retain account data (email, name, country, billing history) for as long as your account is active, and for a reasonable period afterward as needed for accounting, tax, fraud-prevention, and legal-compliance purposes, after which it is deleted or anonymized. Manually-captured media follows the 30-day purge described in Section 2 regardless of account status. If you delete your account, we delete or anonymize your personal data within a reasonable period, except where we are legally required to retain it (for example, billing records for tax purposes).

6. Cookies

We use essential cookies to keep you logged in, maintain your session, and protect the Service against abuse (including cookies set by Cloudflare for security purposes). We may also use limited analytics cookies to understand how the Service is used, in aggregate. We do not use cookies for third-party advertising. You can disable non-essential cookies in your browser settings; disabling essential cookies may prevent you from logging in.

7. Your rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request deletion of your data ("right to erasure");
  • Object to or request restriction of certain processing;
  • Receive a portable copy of your data;
  • Where applicable under EU/UK GDPR, lodge a complaint with your local data protection supervisory authority;
  • Where applicable under U.S. state privacy laws (e.g. CCPA/CPRA), know what personal information we collect and request its deletion. We do not sell personal information and have not done so in the preceding 12 months, so there is no "opt out of sale" to exercise. We will not discriminate against you for exercising any privacy right.

You can access, correct, or request deletion of your account data at any time by contacting [email protected] or, where available, directly from account settings. Deleting your account also deletes any manually-captured media associated with it that hasn't already been purged. We will respond to verifiable requests within the timeframe required by applicable law.

8. Data security

We use industry-standard measures — encrypted connections (HTTPS/TLS), hashed passwords, access controls, and Cloudflare-backed abuse protection — to protect your data. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. International transfers

We and our service providers may process and store data in countries other than your own, including Romania and the United States. Where required, we rely on appropriate safeguards (such as standard contractual clauses) for transfers of personal data out of the EEA/UK.

10. Children

The Service is not directed at, and may not be used by, anyone under 18. We do not knowingly collect data from minors. If we learn that we have collected personal data from someone under 18, we will delete it and terminate the related account promptly.

11. Changes to this policy

We may update this policy from time to time; the "Last updated" date above reflects the most recent revision. Material changes will be communicated by email or a notice on the Service where required by law.

12. Contact

Questions about this policy, or requests to exercise your privacy rights, can be sent to [email protected], or by post to J.A.B. Enterprises, Str. Drobeta, Nr. 1, Bloc R11, Scara C, Etaj Parter, Apartament 1, Iași, Iași County, Romania.