GDPR stands for General Data Protection Regulation. It is a law enforced by the European Union to protect end users’ personal data. This law enforces multiple aspects of data security. This documentation explains how we protect your data, what our responsibilities are, and what your responsibilities are. We strongly suggest that you read all documentation or articles about GDPR before deciding whether to use our application. We are not responsible for any negligence or faults on data protection caused by you or any third party. Take your time to read carefully and act wisely.
Personal data refers to any information that belongs to an individual. This may include a person’s name, image, email address, physical address, social media content, location, computer IP address, and more. The ownership of personal data is absolute—wherever it is stored, it belongs solely to the user. A data collector or data user cannot show, save, share, or perform any activity with the user’s personal data without explicit or implicit permission.
If a user grants permission for their data to be used for a specific purpose (such as storing or viewing), an application admin may act accordingly. For example, posting on social media implicitly grants permission for public or private contacts to view the content. However, the application admin is not responsible for comments made by others.
Application admins are responsible for disclosing any data-sharing activity with third parties. Further details are provided throughout this document.
Developers are responsible for safeguarding user personal data stored on the backend. This includes how user data (name, phone number, email, etc.) and system-generated information (such as interaction logs) are stored on the server and in the database.
Users will be notified of all temporary (cookies, sessions) and permanent (database) data stored. All personal data will be erased permanently upon account deletion or service cancellation.
Developers may require temporary access to server credentials for support or maintenance before the application goes fully online. Application admins should change credentials afterward. Developers are not responsible for credential leaks or security flaws outside the development environment. As with all online systems, some risk always remains.
Application admins have full access to user personal data stored on servers and databases. Admins can view, copy, or share this data. However, all data usage and any sharing with third parties must be disclosed explicitly before user registration.
Admins must prevent unauthorized extraction of data through forms, surveys, or misleading methods. Because admins hold the highest privileges, they also hold the highest responsibility for safeguarding user data.
Users should read all documentation carefully before submitting data. They are responsible for keeping their credentials safe. Although passwords may be encrypted in databases, predictable or weak passwords make accounts vulnerable. Users should update credentials if any suspicious activity occurs.
Always think before submitting personal information online.
When you delete your account or cancel your subscription, you may choose to permanently delete all related data. This action is irreversible. Back up any necessary data before deletion.
Most personal data is encrypted in the database. In case of a data breach, hackers will only obtain encrypted hashes. Some data, such as usernames, cannot be encrypted because it must be displayed upon login.
Users can choose whether to save cookies or sessions. Even if saved, these are destroyed after logout. We recommend not saving credentials in the browser—use credential management tools instead.
We do not save or track activity for commercial purposes. Only essential security logs (like login time or IP) may be stored. Upon account deletion, all related data is erased.
We do not record, analyze, or use personal activity to influence user decisions or sell products.
Users receive email notifications for key actions like account creation and password changes. If unusual activity is observed, credentials should be updated.
Users will be notified of any updates to the Privacy Policy or Disclaimer.
We enforce HTTPS and secure all traffic. Even if intercepted, data remains encrypted.
We do not collect any hidden or unauthorized data. After deployment, we cannot access the application without admin credentials.
We implement encryption, secure database connections (MySQLi), SQL injection prevention, and input validation.
However, we do not take responsibility for breaches caused by server misconfiguration, admin negligence, weak passwords, or infrastructure vulnerabilities. Admins must ensure server security.
Yes, sending bulk messages through our system is GDPR compliant. This is because users opt in to your Facebook Page by initiating a Messenger conversation, creating a valid lead record. All messages must include an unsubscribe link or an alternative opt-out method, which we already provide.