Meta App Privacy Policy

Privacy for Montiva’s self-hosted Postiz integration with Meta.

This policy explains how Montiva Group’s Meta app connects authorized Facebook Pages and Instagram professional accounts to Montiva’s privately operated, self-hosted Postiz system for social media publishing and management.

Scope and app operator

Montiva Group operates a Meta app that connects Facebook and Instagram accounts to Montiva's self-hosted Postiz instance. In this policy, that integration is called the “App.” Montiva Group is responsible for the App and the Meta Platform data it processes.

The App is used to let authorized Montiva personnel connect and manage Montiva-controlled Facebook Pages and Instagram professional accounts, prepare and schedule content, publish that content through Meta's APIs, review publishing results, manage selected engagement, and view available performance information.

Information the App collects or receives

Depending on the Meta products connected, the permissions granted, and the Postiz features used, the App may receive or store:

  • Meta account and authorization information, such as a user or business identifier, name, connected account identifiers, granted permissions, and access tokens needed to keep the integration connected.
  • Facebook Page information, such as Page names, Page identifiers, Page access information, connected business information, and the list of Pages the authorizing person is permitted to manage.
  • Instagram professional account information, such as account identifiers, usernames, profile information available through the granted permissions, and the Facebook Page or business associated with the account.
  • Social content and publishing data, such as captions, links, images, videos, scheduled publication times, post or media identifiers, publication status, and error information.
  • Engagement and performance data made available by Meta, such as comments selected for review or response, reactions, reach, impressions, and other Page, account, post, or media insights.
  • Technical and security information generated by the self-hosted service, such as login activity, IP-derived information, request logs, device or browser details, API responses, and diagnostic events used to operate and protect the App.

The App does not request a person's Facebook or Instagram password. Authentication occurs through Meta, and Meta determines which permissions are presented for approval.

Meta permissions the App may use

The App may request permissions needed for the Facebook and Instagram features configured in Postiz. These may include permissions to list manageable Pages, read Page engagement, manage posts and engagement, access business relationships, publish Instagram content, manage Instagram comments, and read available insights. The specific set shown during authorization may vary based on the connected account and enabled features.

Montiva uses data obtained through a permission only to provide the corresponding internal publishing, engagement, analytics, security, or troubleshooting function described in this policy.

How and why information is used

  • Authenticate authorized users and maintain approved connections
  • Display the Pages and professional accounts available to connect
  • Create, schedule, publish, update, or remove requested social content
  • Show publishing results, selected comments, and available insights
  • Allow an authorized person to respond to selected engagement
  • Refresh or revoke access tokens and maintain integration reliability
  • Detect misuse, secure the system, troubleshoot errors, and keep audit records
  • Comply with applicable law and Meta's terms and policies

Montiva does not use Meta Platform data for unrelated advertising, does not sell it, and does not use it to build profiles about people for sale or use by data brokers.

How information is shared

Meta Platform data is processed within Montiva's self-hosted Postiz environment and is transmitted to Meta when necessary to perform an authorized action, such as publishing a post or retrieving permitted account information. Information may also be available to:

  • Authorized Montiva personnel who need it to manage the connected social channels or maintain the system.
  • Infrastructure, database, storage, backup, security, and support providers that process information for Montiva under appropriate safeguards.
  • Government authorities or other parties when disclosure is required by law or reasonably necessary to protect rights, safety, and security.

Montiva does not sell or rent Meta Platform data.

Retention

Montiva retains connected account data, access tokens, scheduled and published content, media, publishing records, available analytics, and operational logs for as long as reasonably needed to operate the App, maintain business records, secure and troubleshoot the service, comply with legal obligations, and resolve disputes.

Access tokens are retained only while needed for an authorized connection and may stop working earlier if they expire or are revoked by Meta or the authorizing user. Deleted information may remain for a limited period in protected backups before being overwritten through normal backup-retention cycles.

How to disconnect the App or request deletion

You can stop the App's access in either of these ways:

  • Remove the Facebook or Instagram channel from Montiva's Postiz instance if you have access to that internal system.
  • Revoke the App's access through the apps, websites, or business integrations area of your Facebook or Instagram account settings.

To request deletion of data obtained through the App, email contact@montivagroup.com with the subject “Meta App Data Deletion Request.” Include the name of the Facebook Page or Instagram account involved and enough information for Montiva to locate and verify the connection. Do not send your password or access token.

After verifying the request, Montiva will disconnect the relevant integration and delete Meta-derived personal data it controls unless retention is required for legal, security, fraud-prevention, or other legitimate operational purposes. Montiva will respond with the status of the request and normally complete it within 30 days. Residual backup copies will be removed through normal backup expiration.

Security

Montiva uses reasonable administrative, technical, and organizational safeguards designed to protect App data. These include restricting access to authorized personnel, protecting credentials and tokens, maintaining the self-hosted environment, and monitoring for misuse. No storage or transmission method is completely secure, so absolute security cannot be guaranteed.

Your choices and rights

You may contact Montiva to ask for access to, correction of, or deletion of personal information the App controls. Depending on your location, applicable law may provide additional privacy rights. Montiva may verify your identity and authority over the connected Page or account before acting on a request.

Children's privacy

The App is an internal business tool and is not directed to children under 13. Montiva does not knowingly use the App to collect personal information from children under 13.

Changes to this policy

Montiva may update this policy when the App, Postiz configuration, Meta permissions, data practices, or applicable requirements change. The “Last updated” date at the top of this page will show the latest revision.