Clariturn never collects your Instagram password
How Instagram connection works
Clariturn connects to your Instagram account exclusively through Meta's official OAuth 2.0 authorization flow. This means:
- You are redirected to Meta's official authorization page to grant access
- We never see your Instagram password at any point
- You can revoke access at any time from your Instagram settings or our Settings page
- We receive only a limited-scope access token authorized for the specific permissions you granted
Data protection measures
Encryption in transit
All data transmitted between your browser and our servers uses TLS 1.2+ encryption (HTTPS).
Encryption at rest
Sensitive data stored in our database is encrypted at rest using industry-standard methods.
Access control
Access to production data is restricted to authorized personnel on a need-to-know basis. All access is logged.
Data minimization
We only request the Instagram API permissions necessary to provide the features you use. We do not request broad account access.
No password storage
User passwords are hashed using a secure algorithm (bcrypt/argon2) and are never stored in plaintext.
API key security
All API keys and secrets are stored as environment variables and never hardcoded in source code.
What we do not do
- We do not store your Instagram password
- We do not use unofficial Instagram APIs or scraping tools
- We do not access data beyond what you explicitly authorized
- We do not share your data with third parties for advertising purposes
- We do not automate any Instagram actions on your behalf
Responsible disclosure
If you discover a security vulnerability in Clariturn, please report it responsibly to:
security@clariturn.com
Please include a description of the vulnerability and steps to reproduce it. We will acknowledge receipt within 48 hours and aim to resolve confirmed issues as quickly as possible. We ask that you give us reasonable time to address the issue before public disclosure.