LocalWhat never leaves your device
When you drop the DM export, your browser does the unpacking and the regex classification. These stay on your device the whole time :
- The Instagram export file itself (the
.zipMeta sent you) - All raw message content inside it — every text, every attachment, every shared photo or voice note, every reaction
- Conversations we filter out as spam / Meta AI / empty (discarded in-browser, never sent anywhere)
You can literally unplug your wifi after the file is parsed and the regex classification still completes. Proof : look at classifier.js — it runs in your browser, no network calls.
SentWhat we send to Claude (and never store)
For each qualified conversation (booker / promoter / label / collab / relevant), the message text is sent to Anthropic's Claude API for narrative summarization. We proxy those calls — your browser can't reach Claude directly with our API key.
- Condensed message history per qualified thread : sender names, timestamps, text
- Your authentication cookie (so we know which account is calling)
- Basic rate-limit signals (IP, timestamp)
The proxy is a Cloudflare Worker. It does not log or store the conversation text — requests are forwarded to Anthropic and the response streams back to your browser. The summary that comes back is then saved in your account (see Block 4).
Third-partyWhat Anthropic does
The summarization itself runs on Claude Sonnet 4.6 (Anthropic). Their commercial terms apply to the content you send them via our proxy:
- Anthropic does not train on API traffic by default
- They retain inputs/outputs for 30 days for safety monitoring, then delete
- Enterprise zero-retention is available for business-critical use cases — not currently enabled on our tier
If you're doing genuinely sensitive conversation analysis (journalism, legal, medical), use BYOK (Bring Your Own Key) and enable zero-retention on your own Anthropic account. Backline never sees your conversations either way.
StoredWhat we actually store on our side
Four buckets, scoped to the minimum :
- Your account, in Cloudflare D1 : your email, the date you first signed in, your active plan, your reminder-email opt-in flag, the timestamp of your last login. This is the row that backs your /account page.
- Your classified contacts, in Cloudflare D1 : per qualified DM thread we keep the handle, the thread ID (so we can build the deeplink back to Instagram), zone / country / city / role / level (the regex classification), the short narrative summary written by Claude, your private notes, the status you've set (new/contacted/archived), starred flag, and the timestamps. This is the contact list you see in your dashboard — accessible only via your authenticated session.
- Purchase metadata, in Cloudflare KV : tier, the email Stripe handed us at checkout, internal license-id (audit trail). No name, no address, no card data.
- Anonymous rate-limit counters : hashed IP + request count per window, to stop bots from burning the free tier. Retained for 24h, auto-expired.
What we explicitly do NOT store :
- The raw
.zipfile from Meta — never uploaded to us - The raw message text (texts of every message you ever sent or received) — parsed in your browser, only the per-thread summary leaves your device
- Attachments, shared media, photos, voice notes — those stay in the
.zipon your machine - Conversations we filter as spam / Meta AI / empty — discarded in-browser, never seen
No Google Analytics, no Facebook pixel, no session replay, no third-party tracking of any kind. The only telemetry is Cloudflare Web Analytics — a privacy-respecting beacon that counts pageviews and measures Core Web Vitals (LCP, INP) without cookies, fingerprinting, or cross-site tracking. Cloudflare's commitment : no PII, no IP retention beyond aggregation, no data sold or shared.
LocalCookies & local storage
One cookie, two minor localStorage entries :
backline_session(cookie, HttpOnly, Secure, SameSite=Lax, 30 days) — set only after you click a magic-link sign-in email. A random 256-bit token whose hash maps to your account record server-side. Removed when you click Logout.bk_view_mode,bk_theme,bk_sidebar_collapsed(localStorage) — your dashboard UI preferences (compact vs detail, dark vs light, sidebar open/closed). No personal data.bk_hint_*(localStorage) — flags remembering which onboarding hints you've dismissed, so we don't show them again.
That's the entire client-side footprint. Clear cookies + localStorage anytime from your browser's devtools → Application → Storage.
RightsYour data rights
You can delete your account and all your contacts in one click from /account → Danger zone → Delete account. That instantly wipes your D1 row, every classified contact, every note, every captured payload. No 48h delay, no email back-and-forth.
For the GDPR rights we can't fulfil from a single button (data portability, rectification of legacy records, opt-out of telemetry beyond defaults), email josh@backline.so. Reply within 48h, fix within 7 days.
ChangesIf this ever changes
If we ever add analytics, third-party pixels, or any new data flow — we update this page before shipping, and we email every license holder. The privacy pillar is load-bearing for the whole product. We don't break it in silence.
LAST UPDATED · 2026-05-07