1. What we collect
We only collect what we need to moderate comments and run your account. There are three sources: data you give us directly, data Meta sends us through the Graph API after you authorize the integration, and a small amount of technical data generated when you use the dashboard.
- Account data: name, work email, password hash, billing details. You provide this at sign-up.
- Meta integration data: Page IDs, ad account IDs, IG Business profile IDs, posts and ads attached to them, and access tokens issued by Meta when you authorize Sweep Inbox.
- Comment data: the public comments left on your Pages, ads, and IG posts, including the commenter's public Meta profile name and ID. We need this to classify and hide them.
- Moderation decisions: every hide, restore, and manual override you make, along with the signals our model used. We use these to retrain on your specific overrides.
- Usage telemetry: log-in times, dashboard pages visited, error reports, IP and user-agent. Used for security and product debugging.
- Support correspondence: messages you send us, including screenshots you attach.
2. How we use it
We use the data above to run the service you signed up for, improve our moderation models, keep the platform secure, and meet our legal obligations. We do not sell personal data, and we do not use Meta Platform data for advertising or to build profiles of commenters.
- Run moderation: classify comments in real time, hide what your profile flags, and surface decisions in your inbox.
- Improve the model: your overrides train a private fine-tune that biases our model toward your tolerance. Aggregate signals across customers improve the base model; we strip personal identifiers first.
- Account operations: billing, support, account recovery, abuse prevention, security monitoring.
- Legal: comply with Meta Platform Terms, applicable data-protection law, and lawful requests from authorities.
3. Meta Platform data
Sweep Inbox is built on the official Meta Graph API and was reviewed under Meta App Review. We only request the permissions strictly required to read public comments and hide or restore them on your behalf, typically pages_manage_engagement, pages_read_engagement, pages_read_user_content, instagram_manage_comments, ads_read, and business_management.
We do not scrape, automate logins, or use unofficial APIs. We do not message users, post on your behalf, or alter your ad creative. Access tokens are encrypted at rest. You can revoke our access at any time from your Meta Business Settings; your account here will stop receiving comments within seconds.
4. Where data lives, and how long
Data is hosted on managed infrastructure in Germany (Nuremberg). All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
- Comments and moderation decisions: kept for 24 months by default so you can audit and override historical decisions, then permanently deleted. To request a shorter retention window, email contact@sweep-inbox.com.
- Aggregated training signals: retained indefinitely in a form stripped of commenter identifiers (no Meta user ID, no comment text containing identifiable PII).
- Account, billing, and support records: kept while your account is active, plus up to 7 years after closure where required by tax and accounting law.
- Backups: encrypted backups roll over every 35 days.
5. Who we share data with
We rely on a small number of trusted providers to help us run the service: cloud infrastructure and storage, transactional email, product analytics and error monitoring, and customer support tooling. Each provider is bound by a written data-processing agreement and is required to handle data to a standard at least as protective as ours.
- Payments: DodoPayments for subscription billing.
- Authorities: when we receive a binding legal request, narrowly scoped to what the law requires.
6. Your rights
Whatever jurisdiction you sit in, you can ask us to show, correct, export, or delete the personal data we hold about you. Under GDPR (EU/UK), you also have the right to restrict or object to certain processing, withdraw consent, and lodge a complaint with your local supervisory authority.
To exercise any of these rights, email contact@sweep-inbox.com. We respond within 30 days. We verify identity before acting on any request that involves personal data.
7. Cookies and similar technologies
We use first-party cookies to keep you signed in, remember your locale, and protect against CSRF. We also use a small set of third-party cookies for product analytics and error monitoring. We do not run advertising cookies or cross-site trackers. You can clear cookies in your browser at any time; doing so will sign you out.
8. Children
Sweep Inbox is a B2B product for businesses running paid ads. It is not directed at anyone under 16, and we do not knowingly collect data from anyone under that age. If you believe a minor has created an account, email contact@sweep-inbox.com and we will remove it.
9. Changes to this policy
We will update this policy as the product evolves or the law changes. Material changes, anything that expands what we collect, who we share with, or how long we retain it, are announced at least 14 days in advance via email to the account owner. The date at the top of this page always reflects the current version.
10. Contact
Privacy questions, access requests, data-subject requests, and general legal contact: contact@sweep-inbox.com.