Free Boost

Privacy Policy

Effective date: May 8, 2026

This privacy policy explains exactly what data Folloy collects, why we collect it, who we share it with, and how you control it. Plain English — no legal hand-waving.

1. Who we are

Folloy (“we,” “us,” “our”) operates the website at folloy.com (the “Site”). Folloy is an independent project; it is not affiliated with TikTok, Meta Platforms (Facebook / Instagram / Threads), Google (YouTube), X Corp, Snap Inc., Spotify AB, or Telegram FZ-LLC. All trademarks belong to their respective owners.

For privacy questions, write to privacy@folloy.com.

2. Data we collect

2.1 What you send us directly

  • Public URLs you submit — when you place an order we record the public URL of the post, video, or profile you targeted, plus the platform it lives on (TikTok, Instagram, etc.) and the quantity requested. We do not retrieve anything beyond what’s publicly accessible at that URL.
  • Order metadata — the order ID we assign, the timestamp, the service you used, and the delivery status reported by our delivery partners.
  • Optional email address — if you choose to provide one, we use it to let you look up the order later via the tracking page, and to email you if the order fails. We don’t add it to a marketing list and we don’t share it with third parties.
  • Account data — if you create a free WordPress account on the Site, we store your username, email, and a hashed password (we never see your real password). Account data is held only while the account is active.
  • Comments on blog posts — name, email (not displayed), and IP, retained per the WordPress comment-system defaults.
  • Support correspondence — emails you send to support@/privacy@/abuse@folloy.com are stored as long as needed to handle the request, then archived for up to two years for audit purposes.

2.2 What we collect automatically

  • IP address — collected on every page view to enforce per-IP daily quotas (the rate-limiting that keeps one visitor from burning through everyone’s allowance) and for security logging. The last octet of IPv4 addresses (and a similar trim for IPv6) is masked after ninety days, after which the IP is no longer personally identifiable. Raw IPs are never shared with advertisers or sold.
  • Browser fingerprint hash — a SHA-1 hash combining your User-Agent string, Accept-Language header, and screen size. We use it only to detect quota abuse from rotating IPs; we do not track you across sites with it.
  • Server logs — standard web-server logs (URL, referrer, timestamp, response code) retained for thirty days for security and debugging.
  • Cookies — see Section 4.

2.3 What we don’t collect

  • We never ask for or collect your social-media password.
  • We don’t read your private messages, follower list, or any non-public account data.
  • We don’t access your contacts, photo library, microphone, camera, or device storage.
  • We don’t track you across third-party sites.

3. How we use the data

  • To run the free engagement service (forwarding your public URL to our licensed delivery partners).
  • To enforce per-IP and per-fingerprint daily quotas, preventing abuse.
  • To let you look up order status via the tracking page.
  • To send you status emails about your specific order, if you provided an email.
  • To improve the site (analytics, error logs, performance monitoring).
  • To comply with legal obligations and respond to lawful requests from authorities.

4. Cookies and similar technologies

We use a small number of cookies. The full list and your control over them is on the cookie policy page; here’s the summary:

  • Strictly necessary — session cookies (e.g. order step token, WordPress login session). These are always on; the site can’t function without them.
  • Functional — preference cookies (e.g. dark/light theme, dismissed banners). Optional.
  • Advertising — Google AdSense uses cookies to limit ad frequency, prevent fraud, and (with your consent) personalize ads. In the EU/UK, these are off until you accept via the cookie banner.
  • Analytics — if enabled, server-side aggregate analytics with no per-visitor cookies; we do not run client-side tracking like Google Analytics or Facebook Pixel by default.

5. Third parties we share data with

  • Delivery partners — when you place an order, we forward the public URL and quantity to the social-media-services panel that fulfills it (e.g. justanotherpanel.com or bulkfollows.com). They see only the public URL and the order parameters; they do not see your IP or your identity.
  • Google AdSense — Google serves ads on our site and uses cookies for ad delivery, frequency capping, and (in jurisdictions where allowed and you consented) personalization. Google’s privacy policy: policies.google.com/privacy.
  • Google reCAPTCHA — anti-bot verification. Google’s reCAPTCHA terms: policies.google.com/terms.
  • Hosting and infrastructure — our hosting provider has access to server data as part of operating the underlying servers; they’re contractually bound to confidentiality.
  • Authorities — if compelled by valid legal process (court order, subpoena), or if we reasonably believe disclosure is necessary to prevent imminent harm.

We do not sell personal data to anyone, ever.

6. International data transfers

Folloy’s hosting and delivery infrastructure may process data outside your country of residence (typically in the United States and the European Union). For transfers from the EU/UK to other jurisdictions, we rely on the European Commission’s Standard Contractual Clauses where applicable.

7. How long we keep data

  • Order records — retained for two years from creation (for refund / abuse / audit).
  • Raw IP addresses — masked to a non-identifying form after ninety days.
  • Account data — retained until you delete your account.
  • Server logs — thirty days.
  • Support correspondence — two years.
  • Comments — until manually deleted.

8. Your rights

Depending on where you live, you may have the right to:

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Delete your data (“right to be forgotten” under GDPR).
  • Port your data to another service in a structured format.
  • Object to processing for certain purposes.
  • Withdraw consent for processing that’s based on consent.
  • Lodge a complaint with your local data-protection authority.
  • (California residents) opt out of “sale” or “sharing” — Folloy does neither, so this is automatic.

To exercise any of these, email privacy@folloy.com. We confirm receipt within forty-eight hours and complete the request within thirty days.

9. Children

Folloy is not directed at children under thirteen (under sixteen in the EU/UK). We do not knowingly collect personal information from children. If you believe a child has provided data to us, contact privacy@folloy.com and we will delete it.

10. Changes to this policy

We update this policy when we change how we handle data. Material changes are announced on the homepage banner for at least thirty days before they take effect. The “effective date” at the top tells you when the current version was published.

11. Contact

Questions, concerns, or formal data requests: privacy@folloy.com.