Indirect communicates directly with Instagram's APIs for all Instagram-related activities and therefore subjected to Instagram's Data Policy. All your credentials and sensitive data (such as cookies, authentication tokens) are stored and encrypted locally and never exposed to the developers or any other third party. Indirect only stores a list of the most recent thread names and profile images in local cache storage to support its push notification feature. Data stored in the cache storage are unencrypted but should not be accessible to other applications.
Indirect stores cookies and authorization tokens from Instagram.com and Facebook.com in a session file for each authorized account. These cookies and tokens are necessary for interfacing with Instagram's APIs. Logging out of an account will also remove its corresponding session file.
Indirect only collects exception details (such as exception message, stack trace) when a crash or an error occurs. An anonymized incident report is transmitted to our error reporting service Visual Studio App Center. This report does not contain any personally identifiable information. However, it does include your machine model name, Windows version, and Windows language. Indirect does not generate running logs or usage behaviors and, therefore, will never track your activities while using the app. Indirect does not send any analytics data to Instagram. However, it is still possible for Instagram to track your viewing behaviors via Indirect through actions you perform in the app. For more information, please refer to Instagram's Data Policy.