This Privacy Policy explains how the InstaKymbo connection service (“InstaKymbo,” “we,” “us”), operated by Kymbo, handles information when a merchant connects their Instagram Business account to a Kymbo-powered online store (built on Shopify or WordPress).
In short: InstaKymbo is a pass-through OAuth service. It has no database and stores no personal data or access tokens. It only relays the secure connection from Meta back to your own store.
1. What InstaKymbo is
Meta (Facebook/Instagram) only allows an app to send users back to a fixed list of redirect addresses. InstaKymbo exists so that every Kymbo merchant store can complete the Instagram login through a single, registered address, instead of each store needing its own Meta app. When you click “Connect Instagram” in your store, you are briefly sent to InstaKymbo, then to Meta’s official login, and then straight back to your store.
2. Information involved in the connection
To complete the connection, Meta issues an access token after you approve the request. This token allows your store to read your own Instagram Business content. In order to grant it, you approve the following Meta permissions during login:
instagram_basic— to read the profile and media of your Instagram Business account so your store can display them.pages_show_list— to list the Facebook Pages you manage, in order to find the one linked to your Instagram Business account.pages_read_engagement— to read the posts of the Page connected to your Instagram account so your store can show the feed.business_management— to identify the business assets (Pages and Instagram accounts) you manage so the correct account is connected.
3. What we do and do not keep
We do not store your data. InstaKymbo runs without any database. The Meta access token passes through the service’s memory only for the moment it takes to complete the secure token exchange, after which it is immediately handed to your store and is not retained by InstaKymbo.
To carry the request safely, InstaKymbo uses a short-lived, signed token (valid for about ten minutes) that records only the address of the store you are returning to. It contains no personal information and expires automatically.
4. Where your Instagram data actually lives
After the connection completes, your store — the Shopify app or WordPress plugin you installed — receives the access token and uses it to fetch your Instagram profile and posts for display on your storefront. That store is the party that stores and controls this data. Please refer to the privacy policy of the specific Kymbo app or plugin you installed for details on how it retains and secures that information.
5. Data from Meta
Your use of Instagram and Facebook is governed by Meta’s Privacy Policy. InstaKymbo requests access only for the purposes described above and does not use it for advertising, profiling, or resale, and does not share it with third parties.
6. Revoking access & deleting data
You can disconnect at any time. Because InstaKymbo stores nothing, there is nothing for it to delete — but you can revoke the connection and remove the stored token from your store. See our Data Deletion instructions.
7. Changes to this policy
We may update this policy as the service evolves. Material changes will be reflected by the “Last updated” date above.
8. Contact
Questions about this policy? Contact Kymbo at hello@kymbo.co.