Marketing Lead ManagerCompliance & Data Protection
Last updated: [EFFECTIVE DATE]
Trust is the foundation of Marketing Lead Manager. This page summarizes how we protect data, honor platform policies, and give you control. It complements our Privacy Policy, Terms of Service and Cookie Policy.
Platform policy compliance
We access third-party data only through official APIs and in accordance with each platform's terms. Our use of data received from Meta APIs complies with the Meta Platform Terms, the Developer Policies, and applicable Limited Use requirements. We request the minimum permissions needed for each feature, and we do not use platform data for any purpose other than providing the features you choose. You can revoke our access at any time from your account settings or from your Meta Business/Facebook settings.
Data protection principles
- Data minimization, we collect and access only what a feature requires.
- Purpose limitation, data is used only to deliver the Service to you.
- No selling of data, we never sell or rent personal information.
- User control, disconnect any platform or delete your data at any time.
- Transparency, our policies plainly describe what we do with data.
GDPR & UK GDPR
For users in the EEA and UK, we process personal data under valid legal bases, support data-subject rights (access, rectification, erasure, portability, restriction and objection), and use appropriate safeguards for international transfers, Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum. Our lead supervisory authority is the UK Information Commissioner's Office (ICO). We have appointed a Data Protection Officer reachable at [email protected]. Data Processing Addendums are available on request.
CCPA / CPRA
California residents can request to know, delete or correct their personal information and to opt out of "sale" or "sharing." We do not sell or share personal information as defined under the CCPA/CPRA, and any advertising is business-targeted, not individual. Requests are handled without discrimination.
Security measures
| Area | Control |
|---|---|
| Encryption | TLS 1.2+ in transit; encryption at rest for stored data; token encryption and password hashing. |
| Access control | Least-privilege, role-based access; scoped API permissions per feature; database Row-Level Security (RLS). |
| Application hardening | HSTS, CSP headers, XSS/CSRF prevention, rate limiting, circuit breakers and abuse throttling. |
| Monitoring | Audit logging, security monitoring alerts, secret scanning and key rotation. |
| Incident response | Breach notification within 72 hours where required by law. |
| Data lifecycle | Category-based retention with deletion or irreversible anonymization on expiry; encrypted, rolling backups. |
| Vendor management | Sub-processors bound by confidentiality and data-protection terms. |
Your responsibilities
You are responsible for using the Service lawfully, including obtaining any consents required to contact your audience and to process their personal data, and following the messaging and advertising policies of each connected platform. See the Acceptable Use section of our Terms.
Reporting a concern
To report a security or privacy concern, or to request our Data Processing Addendum or sub-processor list, contact [email protected]. We take all reports seriously and respond promptly.
Marketing Lead Manager is an independent product. It is not affiliated with, endorsed by, or sponsored by Meta Platforms, Inc. "Instagram", "Facebook" and "WhatsApp" are trademarks of their respective owners.