DeepDive Media · Legal

Privacy Policy

Effective Date: May 15, 2026

This Privacy Policy explains what data the DeepDiveTech Meta Command Center (the "Service") accesses through Meta's Marketing API and Pages API, how it is used, where it is stored, who has access to it, and how a business or individual can request deletion.

The Service is operated by DeepDive Media ("DeepDiveTech", "we", "us"). It is provided to advertising teams to help them manage and report on Meta ad campaigns across the Business Managers ("BMs") they are authorised to operate.

What we do NOT do: we do not collect data from end-consumers who see Meta ads, we do not retarget visitors, we do not sell or share data with advertising networks, and we do not write to your Facebook Pages or post on your behalf.

1.Who this policy applies to

This policy applies to users who sign in to the Service with a Google account, and to the Meta Business Managers, ad accounts, and Pages they choose to connect through our integration flow.

The Service is an internal media-buying console. We do not operate consumer-facing properties from this app.

2.Data we access from Meta

When a user authorises a Business Manager through our Facebook Login for Business flow, Meta issues us a System User access token tied to that BM. Using that token we read the following:

Category	Specific fields / endpoints	Scope required
Business / account identity	BM id + name, ad account id + name + currency + timezone, Page id + name (via `/me`, `/me/businesses`, `/me/adaccounts`, `/{business_id}/owned_ad_accounts`)	`business_management`, `pages_show_list`
Campaign / Ad Set / Ad metadata	id, name, status, effective_status, objective, budget (read-only), parent ids (via `/insights` at level=campaign/adset/ad)	`ads_read`
Performance metrics	Per-day spend, impressions, clicks, CTR, CPC, CPM, reach, conversions, and action breakdowns from `/act_{id}/insights` with `time_increment=1`	`ads_read`
Page engagement (read-only)	Page follower / fan count, category, public link, Instagram business account linkage	`pages_read_engagement`
Mutation actions (when explicitly invoked)	Pause / Enable on a campaign / ad set / ad; Clone (creates a paused copy). Both via `POST /{entity_id}` / `POST /act_{id}/campaigns`	`ads_management`

We also store a minimal user-profile record from Google Sign-In: name, email address, profile picture URL, and the user's role inside our application (Admin, Super, Team Lead, User, Read-Only). This is used for authentication and access control inside the Service. We do not receive your Google password.

3.Data we do NOT collect

We do not collect personally-identifying data about people who see, click, or convert from your ads. Insights are aggregated counts only.
We do not read Lead Ads form submissions. (We have not requested the leads_retrieval permission.)
We do not read Catalog product data. (We have not requested catalog_management.)
We do not post content to your Pages or modify Page settings.
We do not access private messages, comments, or user-level Page audience data.

4.How we use the data

Service delivery

We use the metadata and metrics above to render the dashboard views the user requested — account-level performance, campaign drill-down, daily trends, Page inventory, and integration health.

Caching and historical analysis

To minimise calls to Meta and to keep historical data available for trend analysis, the Service writes a warehouse copy of the same metrics into Google BigQuery and Google Cloud Storage. Once a day is past Meta's attribution-finalisation window (~48 hours), that record becomes immutable in our store.

Access control and audit

We store sign-in timestamps, IP addresses, and user roles to enforce permission boundaries and to detect abuse. This data is retained for up to twelve months.

Mutations only on explicit action

Pause, Enable, and Clone calls to Meta's Marketing API are only made when an authenticated user with the appropriate role clicks the corresponding button. No background process mutates your ads.

5.Where data is stored

All data is stored in Google Cloud Platform under our organisation. Region: us-central1. The specific storage targets are:

Google Cloud Storage— JSON snapshots of connected BMs, ad accounts, and the daily metrics rollup. Encrypted at rest. Access restricted to the Service's runtime service account.
Google BigQuery (dataset meta_analytics) — durable warehouse of entity metadata and time-series insights, partitioned by date.
Google Secret Manager — Meta App credentials and short-lived session secrets. Never exposed to the browser.

Data in transit between the Service and Meta is protected by TLS. Requests to Meta include the required appsecret_proof HMAC so a stolen token alone cannot be replayed.

7.Retention

User profile records: Retained for the lifetime of the user's account. Deleted within thirty (30) days of an account-deletion request.
Integration tokens (System User / OAuth): Retained until the user disconnects the BM, the token is revoked by Meta, or the user requests deletion.
Insights data (daily / hourly): Retained as long as the BM is connected, to power historical comparisons. Wiped on disconnect or on deletion request.
Sign-in audit logs: Up to twelve (12) months from event.
Aggregated, fully-anonymised analytics: May be retained indefinitely for service-improvement purposes. Cannot be re-identified to a user or BM.

8.Your rights

Subject to applicable law (including GDPR, India's DPDP Act, and the California Consumer Privacy Act), you may request:

Access to the data we hold about you or your BM
Correction of inaccurate data
Deletion of your data (see the next section)
Withdrawal of consent for the integration — done by clicking Remove on the connected BM inside /integrations, or by revoking the app under Facebook Business Integrations

9.Data deletion

See our dedicated Data Deletion Instructions page for the full process. In summary:

Click Remove next to the connected BM on the /integrations page — this revokes the token, deletes the warehouse rows for that BM, and clears any cached snapshots within thirty (30) days.
Email director@deepdivemedia.in from the account address with subject Data Deletion Request.
Meta's automated data-deletion callback hits the endpoint POST /api/meta/data-deletion on our domain — we respond with a confirmation code and a status URL as Meta requires.

10.Security

TLS 1.2+ on all client and server-to-server traffic.
Meta requests include appsecret_proof HMAC verification.
Role-based access control inside the Service (Admin / Super / Team Lead / User / Read-Only) with team-lead scoped BMs.
Secrets stored in Google Secret Manager with IAM-restricted access; never inlined in source or logs.
Cloud Run runs under a dedicated service account with the minimum IAM roles required (Storage Object Admin on our state bucket, BigQuery Data Editor + Job User on the analytics dataset).

In the event of a security incident affecting personal or business data, we will notify affected parties without undue delay and provide remediation guidance.

11.Changes to this Policy

We may update this policy from time to time. Material changes will be communicated in-product and the Effective Date at the top of this page will be updated. Continued use of the Service after a change constitutes acceptance of the updated policy.

12.Contact

Operator: DeepDive Media
Email: director@deepdivemedia.in
Subject lines we monitor: Data Deletion Request, Data Access Request, Security Disclosure