Privacy Policy
Effective Date: January 21, 2025 | Версия на русском
This Privacy Policy explains how Zhito Systems ("we", "us", "our") collects, uses, stores, and protects information when you use our messaging automation services for Instagram and Facebook business accounts (the "Service").
This policy applies to business account owners and administrators who connect their Meta (Facebook/Instagram) accounts to our Service.
1. Information We Collect
When you authorize our application through Meta Platform, we collect and process the following categories of data:
1.1 Account Information
- Facebook Page ID and Instagram Professional Account ID
- Page/Account name and profile information
- Access tokens (securely stored and encrypted)
1.2 Message Data
- Message content (text, attachments, media URLs)
- Sender and recipient identifiers (page-scoped IDs)
- Message timestamps and metadata
- Conversation thread identifiers
1.3 Webhook Data
- Real-time messaging events received via Meta Webhooks
- Comment notifications (if applicable permissions are granted)
Note: We only access data that you explicitly authorize through Meta's permission system. We do not access personal Facebook profiles or data beyond the connected business accounts.
2. How We Use Your Data
We use collected data exclusively for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Display and manage inbox messages | Contract performance |
| Execute automated responses based on your rules | Contract performance |
| Store conversation history for your reference | Contract performance |
| Maintain service functionality and troubleshoot issues | Legitimate interest |
We do NOT use your data for:
- Advertising or marketing purposes
- Selling or renting to third parties
- Profiling users for purposes unrelated to the Service
- Training machine learning models on your content
3. Data Storage and Retention
3.1 Storage Location
Your data is stored on secure servers with industry-standard encryption. Access tokens are encrypted at rest using AES-256 encryption.
3.2 Retention Period
- Message data: Retained for 90 days from receipt, or until you disconnect the integration, whichever occurs first.
- Access tokens: Retained only while your account is connected. Tokens are deleted within 24 hours of disconnection or revocation.
- Account metadata: Retained while your account is active. Deleted within 30 days after account termination.
You may request earlier deletion at any time. See our Data Deletion Instructions.
4. Data Sharing and Third Parties
4.1 We Do Not Sell Data
We do not sell, rent, or trade your personal data or message content to any third party.
4.2 Service Providers (Data Processors)
We use trusted infrastructure providers to operate our Service:
- Cloud hosting: For secure data storage and processing
- Database services: For data persistence
All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.
4.3 Legal Requirements
We may disclose data if required by law, court order, or government regulation, or to protect rights, safety, or property.
5. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption in transit (TLS 1.2+) and at rest (AES-256)
- Access tokens stored with encryption and rotated regularly
- Access restricted to authorized personnel on a need-to-know basis
- Regular security reviews and monitoring
- Secure webhook verification using Meta's signature validation
6. Your Rights
You have the following rights regarding your data:
- Access: Request a copy of data we hold about your account
- Deletion: Request deletion of your data (see Data Deletion)
- Rectification: Request correction of inaccurate data
- Portability: Request data export in a machine-readable format
- Withdraw Consent: Disconnect your account and revoke access at any time
- Objection: Object to certain processing activities
To exercise these rights, contact us at support@zhito-systems.work.
7. Meta Platform Compliance
Zhito Systems complies with Meta Platform Terms and Developer Policies. We access data only through official Meta APIs and Webhooks, respecting all permission scopes and rate limits. We promptly respond to any data access revocation by Meta or users.
If Meta determines that we have violated Platform Policies, we will cooperate fully and take corrective action, including data deletion if required.
8. International Transfers
If your data is transferred outside your jurisdiction, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent mechanisms recognized under applicable law.
9. Children's Privacy
Our Service is intended for business users. We do not knowingly collect data from individuals under 18 years of age. If we become aware of such collection, we will delete the data promptly.
10. Changes to This Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated effective date. For significant changes, we will notify you via email or through the Service interface.
11. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or your data:
We aim to respond to all inquiries within 7 business days.
Краткое описание (RU)
Политика конфиденциальности Zhito Systems
Мы собираем данные, необходимые для работы сервиса автоматизации сообщений:
- Идентификаторы страниц Facebook/Instagram и токены доступа
- Сообщения, вложения и метаданные переписки
- Данные Webhook-событий от Meta
Использование: Только для предоставления функций сервиса. Мы НЕ продаём данные и НЕ используем их для рекламы.
Хранение: Сообщения хранятся 90 дней или до отключения интеграции. Токены удаляются в течение 24 часов после отзыва.
Безопасность: Шифрование данных, ограниченный доступ, регулярная ротация токенов.
Ваши права: Доступ, удаление, исправление, экспорт данных. Запросы: support@zhito-systems.work
Meta Compliance: Мы соблюдаем Meta Platform Terms и Developer Policies.