1. Information We Collect
Account Information
When you register for FBReach, we collect:
- Name and email address
- Password (stored as a secure bcrypt hash — never in plain text)
- Account creation date and subscription plan
Facebook Page Data
When you connect a Facebook Page, we collect:
- Page name, Page ID, and Page category
- Page access token (encrypted at rest) to post on your behalf
- Page engagement metrics (likes, reach, comments) for your analytics dashboard
Usage Data
We automatically collect usage data including posts you create and schedule, AI content generation requests, and feature usage counts for quota enforcement.
2. Facebook Data & Permissions
FBReach uses the Facebook Graph API. We only request permissions that are strictly necessary for the features you use. We request the following Facebook permissions:
pages_show_list— To display your connected Facebook Pagespages_manage_posts— To publish and schedule posts on your Pagespages_read_engagement— To show likes, comments, and reach in your analyticspages_manage_engagement— To enable auto-reply to comments (Pro feature)pages_read_user_content— To read incoming messages for auto-replyread_insights— To display page performance analytics
We do not access your personal Facebook profile, friends list, or any data unrelated to your business Pages. You can revoke FBReach's access to your Facebook Pages at any time from your Facebook Settings → Apps and Websites.
3. How We Use Your Information
- To provide and operate the FBReach service
- To publish posts to your Facebook Pages at scheduled times
- To generate AI-powered content using your product descriptions
- To send auto-replies to customer messages on your Pages (Pro plan)
- To display analytics and performance data for your Pages
- To enforce usage quotas (Free vs Pro plan limits)
- To send important service notifications via email
We do not sell your data to third parties. We do not use your data for advertising.
4. Data Storage & Security
- All data is stored on secure servers (Neon PostgreSQL with TLS encryption)
- Passwords are hashed using bcrypt — never stored in plain text
- Facebook access tokens are stored encrypted
- All connections use HTTPS/TLS
- Authentication uses secure HTTP-only cookies
5. Data Sharing
We share your data only with the following third-party services, strictly for operating FBReach:
- Meta (Facebook) — To publish posts and read page data via Graph API
- Groq / Anthropic — To generate AI content (only your product description is sent, never personal data)
- Neon — Database hosting
- Upstash Redis — Task queue for scheduled posts
We never sell, rent, or share your personal information with advertisers or data brokers.
6. Data Retention
- Your account data is retained as long as your account is active
- Published post history is retained for 12 months
- When you delete your account, all personal data is permanently deleted within 30 days
- Facebook access tokens are deleted immediately when you disconnect a Page
7. Your Rights
You have the right to:
- Access — Request a copy of all data we hold about you
- Correction — Update inaccurate personal information
- Deletion — Request deletion of your account and all associated data
- Portability — Export your post history and account data
- Withdrawal — Disconnect your Facebook Pages at any time
To exercise any of these rights, email us at mozahidislam343@gmail.com.
8. Data Deletion
To delete all your data from FBReach, email mozahidislam343@gmail.com with subject "Delete My Data". We will permanently delete all your data within 7 business days and confirm by email. You can also disconnect individual Facebook Pages at any time from your Dashboard → Connected Pages → Remove. This immediately deletes the page access token from our servers. See our Data Deletion page for full steps.
9. Cookies
FBReach uses the following cookies:
access_token— HTTP-only session cookie for authentication (expires in 1 hour)refresh_token— HTTP-only cookie for session renewal (expires in 30 days)
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
10. Contact Us
If you have any questions about this Privacy Policy, please contact us at mozahidislam343@gmail.com.