Privacy & data use

How hello@ handles your data

hello@ helps you create and manage advertising on your own Meta ad account. This page explains exactly what we access, why, how long we keep it, and how to delete it. It is a plain-language summary; it is not legal advice.

What we access from Meta — and why

• Your ad accounts (ads_management, ads_read) — to create, manage, and report on the campaigns you build in hello@.
• Your Facebook Page & Instagram (pages_show_list, pages_read_engagement) — so ads run under your brand. We do not post to your organic feed.
• Your Pixel — to measure conversions and optimize spend.
• Your business assets, read-only (business_management) — so you can pick which account and Page to connect.

What we never do

• Spend money without your approval — every ad is created paused until you set it live.
• Post organic content to your Page or feed.
• Read your personal messages, friends, or profile.
• Sell your data or share it with advertisers.

What we store, and for how long

We store an encrypted access token to act on your behalf, plus the identifiers you select (ad account, Page, Instagram, Pixel) and the campaigns/offers you create in hello@. We do not store your Meta password or any payment details — those stay with Meta. We keep this data for the life of your connection and delete it within 30 days of disconnecting or closing your account.

Sub-processors

We share data only with the processors needed to run the service: Meta (Marketing API), our hosting/database provider, our email provider, and our payments provider. We do not sell data or use it to train models for other customers.

Deleting your data

You can disconnect and delete everything anytime from Promote Studio → Manage connection → Disconnect & delete my data. That revokes hello@'s access at Meta and removes your connection, campaigns, and offers. You can also remove the app from your Meta settings, which triggers the same deletion automatically. Check the status of a deletion request on the data-deletion status page.

Security & compliance

Access tokens are encrypted at rest and only ever used server-side. hello@ complies with the Meta Platform Terms and Developer Policies and limits its use of Platform Data to providing this service.