1. Information We Collect
We collect information you provide directly to us when you create an account, connect your Instagram/Facebook via Meta API, and use our automation services. This includes:
- Account Data: Name, email address, and billing information.
- Meta Profile Data: Instagram/Facebook Account ID, Page ID, and username when you authenticate via Meta Business Login.
- End-User Interactions: When an end-user interacts with your connected account (via comments, direct messages, or story replies), we temporarily receive the content of the message, the end-user's platform ID, and their public username.
2. How We Process Data (Live Processing)
SYNCRO is an automation platform. To provide our core services, we must process live data in real-time using Meta Webhooks:
- Webhook Ingestion: We receive real-time webhook payloads from Meta when someone comments on your post, sends you a DM, or mentions/replies to your story.
- Keyword Matching: We process the text of these inbound messages strictly to match against the trigger keywords you have configured in your automations.
- Automated Responses: If a match occurs, we use the Meta Graph API to dispatch your pre-configured automated replies (both public comment replies and private DMs).
- Lead Capture: If you configure an automation to collect emails, we parse the conversation strictly for the purpose of extracting the provided email address to fulfill your lead magnet delivery.
- No AI Training: We do not use your data or your end-users' messages to train any AI, machine learning, or language models. Processing is strictly rule-based.
3. Meta API Usage & Permissions
Our application integrates directly with the Meta Graph API. We adhere strictly to all Meta Developer Policies and request only the absolute minimum permissions necessary to function:
instagram_manage_comments: To read incoming comments and post automated replies.instagram_manage_messages: To read incoming Direct Messages/Story mentions and send automated DMs.pages_show_list/pages_read_engagement: To verify your page ownership and configure the necessary webhooks.
4. Data Retention & Storage
We believe in data minimization. We only store data as long as necessary to provide our services:
- Action Logs: We store a history of automated actions (e.g., "DM Sent") for a limited time to provide you with analytics, help you troubleshoot, and prevent spam/enforce cooldowns. These logs contain the end-user's username and platform ID.
- Message Content: The raw text of incoming messages that do not match any automation is discarded immediately after processing. We do not store a permanent database of your inbox.
- Access Tokens: Meta OAuth access tokens are stored securely in our database to maintain your connection, and are immediately revoked and deleted if you disconnect your account.
5. Data Deletion
You have the right to request the complete deletion of your data and any data associated with your connected Meta accounts. When you delete your account, or disconnect an integration, we immediately delete all associated automations, logs, tokens, and leads.
For complete instructions on how to delete your data or your end-users' data, please visit our dedicated Data Deletion Policy.
6. Data Security
We implement robust security measures to protect your information. Your access tokens are encrypted at rest. Our webhook endpoints are secured and validate payload signatures to ensure all inbound data genuinely originates from Meta. We regularly review our security practices to ensure your data remains safe from unauthorized access.
7. Contact Us
If you have any questions about this Privacy Policy or our data processing practices, please contact our Data Protection Officer at privacy@syncro.com.
