Privacy Policy | Dislike Button for IG

1. Overview

Dislike Button for IG ("the Extension," "we," "us," or "our") is a Chrome browser extension that adds an anonymous, aggregate dislike counter to Instagram posts. This Privacy Policy explains what information the Extension collects, how it is used, and what rights you have over your data.

    Short version: We collect only the minimum data necessary to
    count dislikes and prevent abuse. No personal information is ever collected,
    and you can permanently delete all your data at any time with one click.
  

By installing and using the Extension you agree to the practices described in this policy. If you do not agree, please uninstall the Extension.

2. Information We Collect

2.1 Anonymous User Token (UUID)

When you first install the Extension, a random UUID (universally unique identifier) is generated locally in your browser and stored in chrome.storage.sync. This UUID:

Is randomly generated and contains no personal information.
Is used solely to identify a unique voter and prevent duplicate votes on the same post.
Is synced across your Chrome installations via your Google account's sync service (Google's own privacy policy governs this syncing).
Is never transmitted to us except as part of a vote request.

2.2 Instagram Post Codes

When you click the dislike button on a post, we record the short post code extracted from the post URL (e.g., ABC123 from instagram.com/p/ABC123/). We store:

The post code (a public identifier visible in the Instagram URL).
Your anonymous UUID (see §2.1).
A timestamp of the vote.
A hashed version of your IP address (see §2.3).

We do not store the full Instagram URL or any metadata about the post (captions, usernames, media content, etc.).

2.3 IP Address (Hashed Only)

To protect against vote manipulation and spam, we apply a SHA-256 cryptographic hash to your IP address before it reaches our database. This means:

Your actual IP address is never stored in plain text.
The hashed value cannot be reversed to obtain your original IP address.
The hash is used only for rate-limiting purposes (preventing more than 60 votes per hour per user).
The hash is not linked to your UUID or used to identify you across sessions.

3. Information We Do NOT Collect

We explicitly do not collect:

Your name, email address, or any other personal identifier.
Your Instagram username, profile data, or account information.
Your browsing history, including which Instagram posts you viewed (only posts you actively dislike are recorded).
Location data or device identifiers.
Cookies from Instagram or any other website.
Any information from your Google account (the UUID sync is handled entirely by Chrome's built-in sync, without our involvement).

4. How We Use Your Information

The data described in §2 is used exclusively for the following purposes:

Dislike counting: Incrementing and serving the aggregate dislike count for a given post when users request it.
Duplicate-vote prevention: Ensuring each UUID can cast at most one dislike per post (enforced at the database level).
Rate limiting: Preventing automated abuse by capping the number of votes per UUID and per IP hash over a rolling time window.

We do not use your data for advertising, profiling, machine learning, or any purpose beyond the above.

5. Data Storage & Security

5.1 Where data is stored

Browser (client-side): Your UUID is stored in chrome.storage.sync and in chrome.storage.local (a cache of posts you've voted on, for instant UI feedback). Both storages are local to your browser and governed by Google Chrome's security model.
Backend database: Vote records (UUID + post code + timestamp + IP hash) are stored in a PostgreSQL database hosted on a cloud provider (currently Supabase/Railway). Only the minimum fields listed in §2.2 are stored; no other data is persisted.

5.2 Security measures

All communication between the Extension and our backend uses HTTPS/TLS.
The database is not publicly accessible and requires authenticated access.
IP addresses are hashed before database insertion; plain-text IPs never leave the server process.
Secrets (database credentials, API keys) are managed via environment variables and are never embedded in the Extension code.

5.3 Data retention

Vote records are retained indefinitely to maintain accurate historical dislike counts. Records associated with a deleted UUID are removed immediately upon a deletion request (see §6).

6. Your Rights & Choices

6.1 Access

You can view your anonymous UUID at any time by opening the Extension popup and looking at the "Your anonymous token" field.

6.2 Deletion

You have the right to delete all data associated with your UUID at any time:

Open the Extension popup by clicking its icon in the Chrome toolbar.
Click the "🗑️ Reset data" button.
Confirm the action in the dialog that appears.

This action permanently deletes all vote records linked to your UUID from our database and generates a new random UUID in your browser. This operation is irreversible.

Alternatively, you may request deletion by contacting us at merriban.tech@gmail.com with the subject "Data deletion request." Please include your UUID (visible in the popup) so we can locate your records. We will process deletion requests within 30 days.

6.3 Uninstalling the Extension

Uninstalling the Extension removes all locally stored data (UUID, voted-posts cache) from your browser. Vote records already submitted to our backend are not automatically removed on uninstall; use the Reset data button before uninstalling if you wish to remove them.

7. Third-Party Services

We use the following third-party infrastructure providers. These services process data only as necessary to operate our backend:

Supabase / PostgreSQL: database hosting. Data is stored within their infrastructure under their privacy policy.
Railway: backend application hosting. Their privacy policy applies to traffic passing through their platform.

We do not use advertising networks, analytics services (e.g., Google Analytics), social-media pixels, or any other tracking technology. No data is sold or shared with third parties for commercial purposes.

The Extension communicates only with our own backend (ig-dislike.onrender.com) and with Instagram's website (for page injection). It does not make requests to any other third-party server.

8. Children's Privacy

The Extension is not directed at children under the age of 13. We do not knowingly collect any information from children. If you believe a child has provided us with data, please contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. If we make material changes, we will note them prominently on this page for at least 30 days. Continued use of the Extension after changes become effective constitutes acceptance of the updated policy.

10. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data, please contact us at:

📧 merriban.tech@gmail.com

We aim to respond to all privacy-related inquiries within 5 business days.