Privacy Policy

Effective Date: November 12, 2025 | Last Updated: November 12, 2025

1. Information We Collect

1.1 Information from Facebook/Instagram Integration

When you connect your Facebook or Instagram business accounts to our Service, we collect information through official APIs with your explicit consent:

• Account Information: Business page details, account IDs, and verification status
• Lead Data: Information submitted through Facebook Lead Ads and Instagram Lead Forms (name, email, phone, custom fields)
• Page Insights: Public engagement metrics and performance data (with your permission)
• Access Tokens: Secure tokens for API integration (encrypted and stored securely)

1.2 Information You Provide Directly

• Account Registration: Email address, business name, and account preferences
• CRM Configuration: API credentials and integration settings for your CRM systems
• Business Information: Company details, industry, and service requirements
• Communication Data: Messages sent through our support channels

1.3 Automatically Collected Information

• Usage Data: Service usage patterns, feature interactions, and error logs
• Technical Data: IP addresses, browser information, and device details
• Cookies and Tracking: Session management and security tokens

2. How We Use Your Information

2.1 Core Service Delivery

• Facilitate secure connection between Facebook/Instagram and your CRM systems
• Capture and process lead data from social media platforms
• Automate data synchronization and workflow processing
• Provide real-time notifications and lead management tools
• Maintain service performance and reliability

2.2 Service Improvement and Analytics

• Analyze usage patterns to improve service functionality
• Monitor system performance and troubleshoot issues
• Develop new features based on user feedback and needs
• Provide aggregated, anonymized analytics (without revealing personal data)

2.3 Communication and Support

• Send service-related notifications and updates
• Provide customer support and technical assistance
• Respond to inquiries and resolve account issues
• Send important security and policy updates

3. Data Sharing and Disclosure

3.1 With Your Explicit Consent

• CRM Integration: Lead data is automatically forwarded to your configured CRM systems (HubSpot, Salesforce, Pipedrive, etc.)
• Third-Party Apps: Data sharing with approved business tools as configured by you
• Export Requests: Data provided in standard formats upon your request

3.2 Service Providers and Partners

We work with trusted service providers who assist in delivering our services:

• Cloud Infrastructure: Secure hosting providers (AWS, Google Cloud) with SOC 2 compliance
• Security Services: Encryption and authentication providers
• Analytics: Privacy-focused analytics tools for service improvement
• Payment Processing: PCI-compliant processors for subscription services

3.3 Legal Obligations

We may disclose information only when:

• Required by applicable law or legal process
• Necessary to protect our rights, property, or safety
• Required to prevent fraud or security threats
• Needed to enforce our Terms of Service

4. Data Security and Protection

4.1 Technical Safeguards

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based permissions and multi-factor authentication
• API Security: OAuth 2.0, rate limiting, and request validation
• Infrastructure: SOC 2 compliant hosting with regular security audits

4.2 Organizational Measures

• Staff Training: Regular privacy and security training for all employees
Incident Response: 24/7 monitoring and rapid response protocols
• Regular Audits: Independent security assessments and penetration testing
• Data Minimization: We collect only necessary data for service delivery

5. Data Retention and Deletion

5.1 Retention Periods

• Active Accounts: Data retained while your account is active and service is in use
• Lead Data: Retained according to your CRM retention policies
• Account Data: 30 days after account deletion for legal compliance
• Logs and Analytics: Maximum 24 months for security and compliance purposes

5.2 Data Deletion Process

Upon account termination or your request:

• All personal data permanently deleted from our systems
• CRM integrations disconnected and credentials removed
• Facebook/Instagram access tokens revoked
• Confirmation of complete data deletion provided

6. Your Privacy Rights

6.1 Access and Control Rights

• Access: View all data we have collected about you
• Correction: Update inaccurate or incomplete information
• Deletion: Request complete removal of your data
• Portability: Export your data in machine-readable format
• Restriction: Limit how we process your data
• Objection: Opt-out of certain data processing activities

6.2 Managing Your Data

• Access your privacy dashboard through account settings
• Control CRM integrations and data mapping
• Manage notification preferences and communication settings
• Revoke app permissions for Facebook/Instagram connections

7. Third-Party Integrations

7.1 Facebook and Instagram

Our Service integrates with official Facebook and Instagram APIs:

• We comply with Facebook Platform Terms and Developer Policies
• Data collection requires your explicit consent and permissions
• You can revoke access anytime through Facebook settings
• Facebook's Privacy Policy applies to data collected through their platforms

7.2 CRM and Business Tools

• Integration subject to each CRM provider's terms and policies
• Data shared only with your explicit configuration and consent
• You maintain control over data flow and can disconnect anytime
• Each CRM's privacy policy governs data stored in their systems

8. Cookies and Tracking Technologies

8.1 Essential Cookies

• Authentication: Secure login and session management
• Security: Fraud prevention and abuse detection
• Preferences: Language and accessibility settings

8.2 Analytics and Performance

• Service Analytics: Usage patterns and feature performance
• Error Tracking: System stability and troubleshooting
• Privacy-Focused: No personal data collected for analytics

9. International Data Transfers

Your data may be processed and stored in multiple countries. We ensure:

• Adequate protection through Standard Contractual Clauses
• Compliance with cross-border data transfer regulations
• Regular assessments of international transfer safeguards
• Transparent communication about data locations

10. Children's Privacy

Our Service is designed for business use and is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

11. Data Breach Notification

In the event of a security breach affecting your personal data:

• We will notify you within 72 hours of discovery
• Notifications will include nature of breach and mitigation steps
• We will work with relevant authorities if required
• Free credit monitoring services will be offered if applicable

12. Changes to This Privacy Policy

12.1 Updates and Notifications

We may update this Privacy Policy periodically to reflect:

• Changes in our services or business practices
• Legal or regulatory requirements
• Security enhancements or feature updates
• Facebook Platform Policy changes

12.2 Notification Process

• Material changes will be communicated via email
• In-app notifications for significant updates
• 30-day notice period for major policy changes
• Continued use constitutes acceptance of updated policy

13. Contact Information

14. Governing Law and Dispute Resolution

This Privacy Policy is governed by the laws of India. Any disputes arising from this policy will be resolved through:

• Good faith negotiations between the parties
• Mediation through recognized dispute resolution bodies
• Courts of competent jurisdiction in India