Privacy Policy
Last updated: January 1, 2025
This Privacy Policy describes how Mediamer ("we", "us", or "our") collects, uses, and protects your personal information when you use our Facebook management platform. By using Mediamer, you agree to the collection and use of information in accordance with this policy.
1. Information We Collect
1.1 Account Information
When you register, we collect: full name, email address, username, and password (stored as a bcrypt hash — never in plain text).
1.2 Facebook Data
When you connect your Facebook account, we collect and store:
- Facebook User ID:Your unique Facebook identifier (public information)
- Facebook Access Token:Encrypted token used to perform actions on your behalf via Facebook API
- Display Name & Profile Picture:Retrieved from Facebook API for display purposes only
- Facebook Pages:List of Pages you manage (IDs and names only)
- Ad Accounts:List of Ad Account IDs you have access to
1.3 Usage Data
Post history, comment logs, scheduled jobs, and transaction records generated by your use of the service.
1.4 Technical Data
IP address, browser type, and access timestamps — used solely for security monitoring and debugging.
2. How We Use Your Information
We use the information we collect only to:
- ✓Provide and operate the Mediamer service
- ✓Execute Facebook actions you explicitly request (posting, commenting, scheduling)
- ✓Process payments and manage your subscription plan
- ✓Send important account notifications (security alerts, plan expiry)
- ✓Improve and develop our service
- ✓Detect and prevent fraud or security violations
3. Facebook Permissions We Request
Mediamer requests the following Facebook permissions. Each permission is used for a specific, limited purpose:
| Permission | Why We Need It | How It's Used |
|---|---|---|
pages_show_list | Required | Display your Facebook Pages in the app for selection |
pages_manage_posts | Required | Create and publish posts to your Pages on your behalf |
pages_read_engagement | Required | Read comments and reactions to enable auto-reply features |
pages_manage_engagement | Required | Post comments and reactions as requested by you |
ads_management | Required | Create Ad Creatives to publish carousel posts via Ads API |
ads_read | Required | Read Ad Account IDs to associate with your posts |
publish_video | Required | Upload and publish video content to your Pages |
pages_read_user_content | Required | Read user-generated content on your Pages |
offline_access | Required | Maintain access without requiring you to re-authenticate frequently |
read_insights | Optional | Display Page performance statistics |
We request only the minimum permissions necessary to provide the service. You can revoke any permission at any time from your Facebook App Settings.
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal information. We share data only in these limited circumstances:
Facebook / Meta Platforms
When you request actions (posting, commenting), we transmit necessary data to Facebook API on your behalf. This is the core function of the service.
Infrastructure Providers
We use trusted hosting and database providers (e.g., cloud servers) who process data solely to operate our service under strict confidentiality agreements.
Legal Requirements
We may disclose information if required by law, court order, or to protect the rights and safety of our users.
Business Transfer
In the event of a merger or acquisition, user data may be transferred. We will notify you before any such transfer.
5. Data Security
We implement industry-standard security measures:
🔐 Password Hashing
bcrypt with salt rounds — passwords are never stored in plain text
🔒 HTTPS/TLS
All data transmission is encrypted in transit
🎫 JWT Authentication
Short-lived tokens with automatic expiry
🛡️ Role-Based Access
Strict access control — users can only access their own data
🗄️ Encrypted Storage
Access tokens stored securely in encrypted database fields
🔍 Security Monitoring
Automated detection of suspicious login attempts
7. Your Rights
You have the following rights regarding your personal data:
8. Data Retention
We retain your data for as long as your account is active or as needed to provide the service.
9. Children's Privacy
Mediamer is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will delete it immediately.
10. International Data Transfers
Your data may be processed on servers located outside your country. We ensure appropriate safeguards are in place for any international transfers, in compliance with applicable data protection laws.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email or an in-app notification at least 30 days before the changes take effect. Continued use of the service after changes constitutes acceptance.
12. Contact Us
Mediamer Privacy Team
Email: [email protected]
Data Deletion Requests: mediamer.vn/data-deletion
We respond to all privacy inquiries within 72 hours.
Facebook Platform Policy Compliance
Mediamer complies with the Facebook Platform Policy and Facebook Developer Terms.
- ✓ We only request permissions necessary for the service
- ✓ We do not sell or misuse Facebook user data
- ✓ We provide a Data Deletion callback endpoint
- ✓ Users can revoke access at any time
- ✓ We comply with Facebook's data retention requirements