Privacy Policy

Last updated: February 2026

OrbytPulse ("we", "our", or "the app") is a Facebook Messenger automation tool that allows business page owners to connect their Facebook Pages and automatically reply to incoming messages using AI-generated responses based on their product inventory.

---

1. Information We Collect

• Account information: Email address and hashed password when you register.
• Facebook page data: Page name, page ID, category, and page access token obtained through Facebook OAuth.
• Inventory data: Product names, descriptions, prices, quantities, images, and notes that you add manually.
• Message data: Incoming messages from Facebook Messenger users and outgoing AI-generated replies, stored for dashboard analytics and conversation context.

2. How We Use Your Information

• To authenticate your account and manage your connected Facebook Pages.
• To generate AI-powered replies to incoming Messenger messages using your inventory as context.
• To display message statistics on your dashboard.
• We do not sell, share, or disclose your data to third parties except as required to operate the service (OpenAI API for AI generation, Facebook Graph API for messaging).

3. Facebook Data

OrbytPulse uses the Facebook Graph API to:

• Read the list of pages you manage (requires pages_show_list).
• Subscribe your page to webhook events (requires pages_manage_metadata).
• Send automated replies on your page's behalf (requires pages_messaging).

Page access tokens are stored securely and used only to send replies on behalf of the connected page. We do not access your personal Facebook profile or post on your behalf outside of Messenger replies.

4. Message Data and User Privacy

When a Facebook user messages your connected page, their Messenger PSID (a page-scoped user ID assigned by Facebook) and message text are stored to maintain conversation history and enforce rate limits. We do not collect or store personal information about the people messaging your page beyond what Facebook provides in the webhook payload.

5. Data Retention

Your data is retained as long as your account is active. You may delete your account and all associated data by contacting us. Disconnecting a Facebook Page removes its stored access token.

6. Third-Party Services

• Facebook / Meta: Message delivery and page management via the Graph API. Subject to Meta's Privacy Policy.
• OpenAI: Message text is sent to OpenAI's API to generate AI replies. Subject to OpenAI's Privacy Policy.

7. Security

Passwords are stored as bcrypt hashes. Page access tokens are stored in a local SQLite database. We recommend running OrbytPulse on a secured server with HTTPS in production.

8. Contact

If you have questions about this privacy policy or wish to request data deletion, please contact the app administrator.