Flow-Flow Facebook and Instagram Privacy Policy

Flow-Flow Social Stream (“the Plugin”) is a WordPress plugin developed by Looks Awesome (“we”, “us”, “our”). It allows WordPress site administrators (“you”, “the user”) to connect to Facebook and Instagram via the Meta Graph API using a Facebook login, in order to retrieve publicly available content from Facebook Pages and Instagram Business or Creator accounts that you manage. The primary purpose of this data processing is to enable you to create social media feeds from that content and embed them on your WordPress website. The most typical use case is displaying and promoting content from your own Facebook Pages and Instagram Business accounts on your website.

Information Collection and Storage

No data is transmitted to or stored on our servers. The Plugin operates entirely within your self-hosted WordPress installation. All data retrieved from the Meta Graph API is stored exclusively in your website’s own database on your hosting server. We (Looks Awesome) do not have access to, collect, or share any of your data, Access Tokens, or content.

Specifically, the Plugin stores the following in your WordPress database:

  • Facebook Page Access Token — stored in the plugin’s options table and used to authenticate API requests to the Meta Graph API. Your Facebook login credentials (username/password) are never stored.
  • Cached post data — the Plugin temporarily caches social media post data (text, images, metadata) retrieved from the Meta API in its database tables to reduce the number of API calls and improve page load performance. This cache is periodically refreshed based on a configurable cache lifetime (default: 60 minutes).
  • Image dimension cache — image URLs and their width/height dimensions are cached to optimize layout rendering.
  • Feed configuration — your feed settings, stream layouts, and source configurations are stored in plugin database tables.

The Plugin does not collect any data from visitors of your website. No cookies, analytics, tracking pixels, or any form of visitor data collection is performed by the Plugin.

What API Data is Processed

Facebook/Instagram Permissions Requested

When you connect your Facebook account via the Plugin, our Facebook App requests the following permissions:

  • pages_show_list — to retrieve the list of Facebook Pages you manage, so you can select which Page’s content to display.
  • pages_read_engagement — to read posts, likes, comments, and shares from your Facebook Pages.
  • instagram_basic — to access basic profile information and media from Instagram Business/Creator accounts connected to your Facebook Pages.
  • instagram_manage_insights — required by the Instagram API to enable hashtag search and public content discovery features.

Facebook Page Data Retrieved

When displaying a Facebook Page feed, the Plugin requests the following data fields from the Meta Graph API for each post:

  • Post content: post ID, message text, story text, post header/name, creation timestamp, permalink URL, status type
  • Post author: author name, author Facebook ID, profile picture URL
  • Post media: full-size picture URL, media attachments (images, videos, and carousel sub-attachments including URLs, dimensions, and media type)
  • Engagement metrics: total number of likes, comments, and shares
  • Page account details: Page ID, Page name, and Page Access Token (used internally for API authentication; the Page Access Token is not displayed publicly)

Instagram Data Retrieved

When displaying an Instagram feed, the Plugin requests the following data fields:

  • Profile information: username, display name, profile picture URL, biography, website, follower count, following count, media count
  • Post content: post ID, caption text, media URL, thumbnail URL, media type (image/video/carousel), permalink, timestamp
  • Carousel content: child media URLs, media types, and thumbnail URLs
  • Engagement metrics: like count, comments count

What Constitutes Personal Data

The following data retrieved by the Plugin may constitute personal data under applicable data protection laws: account names, usernames, profile pictures, biographies, and any content posted by individuals on Facebook Pages or Instagram accounts. This data is processed solely for the purpose of displaying it on your website as part of the embedded social media feed.

Purposes of Data Processing

We process data obtained from the Meta Graph API exclusively for the following purposes:

  1. Feed Display — to retrieve, cache, and render social media posts from your Facebook Pages and Instagram Business accounts as embedded feeds on your WordPress website.
  2. Authentication — to obtain and store a Facebook Page Access Token that authorizes read-only API requests on behalf of your Facebook Page. This token is exchanged for a long-lived token to reduce the frequency of re-authentication.
  3. Performance Optimization — to temporarily cache API responses (post data, images, engagement counts) in your WordPress database, reducing the number of requests sent to the Meta API and improving page load times for your website visitors.
  4. Layout Rendering — to cache image dimensions so that the feed layout can be calculated without re-downloading images on every page view.
  5. Hashtag Discovery (Instagram only) — if you configure a hashtag-based feed, the Plugin uses the Instagram Hashtag Search API to find and display recent or top public posts matching that hashtag.

We do not use any of the retrieved data for advertising, profiling, selling to third parties, or any purpose other than those listed above.

Information the Plugin Displays

When embedding a social media feed on your website, the Plugin may optionally display the following data to your website visitors: photos and videos, post text and captions, the Facebook or Instagram username and display name, the account profile picture, the date the post was created, a link to the original post on Facebook/Instagram, a link to the author’s Facebook/Instagram profile, and the number of likes, comments, and shares on each post.

Read-only of Data

The Plugin is built to be “read-only” and is not able to publish, edit, or delete any data on the Facebook or Instagram platform. It is intended solely to display public content and cannot post to Facebook/Instagram, modify content, delete photos, or make comments on behalf of any user.

Data Retention

  • Cached post data is refreshed periodically based on the cache lifetime configured in the Plugin settings (default: 60 minutes). When the cache expires, older data is replaced by fresh data from the Meta API. Posts older than 30 days may be automatically purged from the cache.
  • The Facebook Page Access Token is stored for as long as the Plugin is active and the Facebook connection is maintained. Tokens are automatically exchanged for long-lived tokens (valid for approximately 60 days) and refreshed as needed.
  • Image dimension cache entries are stored indefinitely while the Plugin is active but are deleted when the Plugin is uninstalled (if the removal option is enabled).
  • Feed configurations are retained until you delete them from the Plugin admin panel or uninstall the Plugin.

Removal of Stored Data

Since all data is stored exclusively on your WordPress website and not on our servers, you have full control over all stored data at all times. Here is how you can delete data:

Option 1: Full Data Removal on Plugin Uninstall

  1. In your WordPress admin, navigate to Flow-Flow → General settings tab.
  2. Enable the “Remove all data on uninstall” checkbox.
  3. Click Save Changes.
  4. Deactivate and then delete (uninstall) the Flow-Flow plugin from the Plugins page.

This will permanently delete from your database:

  • All cached posts and media data
  • All Facebook/Instagram Access Tokens
  • All feed configurations and stream layouts
  • All image cache data
  • All plugin settings and snapshots
  • All related WordPress transients
  • All custom CSS files generated by the plugin

Remove all data on uninstall setting

Option 2: Revoke Facebook App Access

You can revoke the Plugin’s access to your Facebook/Instagram data at any time:

  1. Go to facebook.com/settingsSecurity and loginApps and Websites (or Business integrations).
  2. Find the Flow-Flow app and click Remove.

Once removed, the Plugin can no longer access any of your Facebook or Instagram data. Note that previously cached data will remain in your WordPress database until you clear the cache or uninstall the plugin.

Option 3: Clear Cache Only

To delete cached post data without uninstalling the Plugin:

  1. In the Flow-Flow admin panel, navigate to individual feed sources.
  2. Use the cache refresh/clear functionality to remove cached data for specific feeds.

Option 4: Request Data Deletion

Since we do not store any of your data on our servers, there is typically nothing for us to delete. However, if you believe we may have access to your personal data for any reason, or if you need assistance with data removal, please contact us at social-streams.com/contact.

You can also submit a data deletion request to Meta directly through Facebook’s Help Center.

Your Rights

Depending on your jurisdiction, you may have the following rights regarding personal data processed by the Plugin:

  • Right of Access — you can view all data stored by the Plugin directly in your WordPress database at any time.
  • Right to Deletion — you can delete all Plugin data by following the steps in the “Removal of Stored Data” section above.
  • Right to Restrict Processing — you can disable individual feeds or disconnect the Facebook app to stop further data processing.
  • Right to Data Portability — all data is stored in standard database tables within your WordPress installation and can be exported using standard database tools.
  • Right to Withdraw Consent — you can revoke the Plugin’s access to your Facebook and Instagram data at any time by removing the app from your Facebook Business integrations settings.

Since all data resides on your own server, you maintain direct control at all times without needing to contact us.

Cookies

We don’t use cookies for storing visitors data or any other purpose.

Changes to this Policy

We may revise this Privacy Policy from time to time. If we make material changes, we will update this page and revise the “Last updated” date below. By continuing to use the Plugin after changes become effective, you agree to be bound by the revised Privacy Policy.

If you have any questions or comments about this Privacy Policy, or wish to exercise any of your data rights, please contact us.

Last updated: 4th May 2026

Back To Top
*** 20% OFF Flow-Flow Social Stream for WordPress *** Engage your audience with the best content!GET DEAL
+