HOME

Privacy Policy

Effective: April 8, 2026

1. Who We Are

Panopticon ("we," "us," or "the Platform") is an OSINT research tool that aggregates and analyzes publicly available information from social media platforms including Instagram and TikTok. We do not access private, protected, or restricted content.

2. Data We Process

We process two distinct categories of data:

2.1 Visitor Data (Users of this Website)

When you use Panopticon, we automatically collect:

  • Timestamps — when each action was performed.

We do not use cookies, browser fingerprinting, tracking pixels, or third-party analytics. We do not require account creation or authentication, and we do not collect names, email addresses, or payment information from visitors.

2.2 Third-Party Public Data (Analyzed Profiles)

When a visitor submits a username or URL, we retrieve publicly available data from the respective platform's public-facing interfaces. This may include:

  • Public profile information (username, display name, biography, profile picture, follower/following counts, verification status).
  • Public post content (captions, images, video thumbnails, engagement metrics such as likes, views, and comments).
  • Publicly disclosed metadata (hashtags, mentions, tagged users, location tags, music credits, posting timestamps).
  • Technical metadata embedded by the platform (video resolution, codec, duration).

This data is equivalent to what any visitor can see by navigating to the public profile on the respective platform.

3. AI-Generated Analysis

We apply automated analysis to publicly available data to generate derived insights, including but not limited to:

  • Activity timing patterns — estimated posting schedules based on public timestamps.
  • Location intelligence — aggregation of publicly tagged locations.
  • Content classification — AI-generated topic tags and content categorization.
  • Behavioral synthesis — interests, themes, and patterns inferred from public captions and engagement.

All analysis is derived exclusively from publicly available data. AI-generated insights are probabilistic and should not be treated as factual assertions. We do not guarantee the accuracy, completeness, or reliability of any AI-generated output.

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process data under the following lawful bases:

  • Legitimate interest (Article 6(1)(f)) — processing publicly available data for OSINT research, journalism, academic analysis, and security research purposes, balanced against the reasonable expectations of data subjects who have made their profiles public.
  • Contract performance (Article 6(1)(b)) — visitor data is processed to deliver the requested service.

For California residents, this processing falls under the California Consumer Privacy Act (CCPA) exemptions for publicly available information as defined under Cal. Civ. Code §1798.140(v)(2).

5. Data Retention

  • Cached profile data — automatically purged after 24 hours.
  • Cached post/video data — automatically purged after 7 days.
  • Visitor action logs — retained for up to 90 days for abuse detection, then permanently deleted.

We do not maintain permanent databases of scraped profiles. All cached data is ephemeral and subject to automatic expiration.

6. Data Sharing

We do not sell, rent, license, or share personal data with third parties. Analyzed data is displayed only to the visitor who initiated the lookup and is not accessible to other visitors. We do not operate advertising networks or data broker services.

7. Security

We implement industry-standard security measures to protect data during processing and transit. All connections are encrypted via TLS. Cached data is stored in isolated, access-controlled environments with automatic expiration.

8. Children's Privacy

This platform is not intended for use by individuals under the age of 18. We do not knowingly analyze profiles of minors. If a minor's profile has been analyzed, setting the account to private will immediately prevent further access and all cached data will expire automatically. See our Takedown & Removal page for details.

9. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The "Effective" date at the top of this page indicates the last revision. Continued use of the platform constitutes acceptance of the updated terms.

10. Contact

If you want your data removed from Panopticon, simply make your social media account private. All cached data expires automatically. See our Takedown & Removal page for full details and instructions.