The nice thing about it was if the user chose to “opt-out” or revoke the app permissions, all their photos would be removed from the database automatically. Since the users could only upload from Instagram or their Facebook gallery, we didn’t even have to build a moderation function– Facebook does that automatically.
Naturally, to use the app you have to give it all your permissions, user info (which we cross-checked with their Facebook ID), and the keys to your mom’s car.
And for the client’s benefit, I threw together a quick user flow document. I always suspect that these things never get read by anyone except the development team… which in this case was myself.