Privacy Policy — Meta Review Environment
This policy applies to the standalone Meta App Review demonstration for CRM Flow. It is separate from any production CRM deployment.
What data is collected
- Meta user identifier and display name returned by the Graph API after OAuth.
- OAuth access tokens for the connected user and, when permitted, page-level tokens.
- Facebook Page identifiers and names used for Messenger on connected Pages.
- Instagram Business Account identifiers, usernames, and names linked to those Pages.
- WhatsApp Business Account (WABA) identifiers and associated phone numbers, when available.
- Raw JSON payloads received from Meta webhooks (Instagram, Messenger, WhatsApp, and related objects).
- Optional contact details submitted through the data deletion request form.
Why it is collected
Data is collected solely to demonstrate that CRM Flow can authenticate with Meta, list connected Instagram, Messenger, and WhatsApp Business assets, receive webhooks, and honor privacy commitments required for App Review.
How it is used
Information is displayed on the review dashboard inside this isolated environment. Tokens are used only to call Meta APIs needed to populate that dashboard during review. Data is not sold and not used for advertising.
How it is stored
Data resides in a dedicated PostgreSQL database for this review stack. Access tokens are encrypted at rest using a server-side key. Webhook payloads are stored as JSON text for inspection.
Data retention
Review data is kept only as long as needed for Meta validation. Operators can delete stored connection data at any time from the dashboard, which triggers removal of users, tokens, Pages, Instagram, WhatsApp, and webhook history in this database.
Data deletion instructions
Use the public data deletion page at /data-deletion to submit a formal request, or use the in-dashboard disconnect control which calls the backend deletion endpoint immediately.
Support contact
For questions about this review environment, privacy practices, or data handling, contact daniel.mazzulli@crownit.com.br.