Privacy Policy

Last updated June 28, 2026

This policy explains what data Crowdsweep collects when you connect your Facebook, Instagram, and Threads accounts, why we collect it, and how you can remove it at any time.

1. Who we are

Crowdsweep ("we", "us") provides a comment moderation tool for Facebook Pages, Instagram business accounts, and Threads profiles. We act as a data processor for the comment and ad data you authorize us to access, and as a data controller for your account information. You can reach us at privacy@crowdsweep.app.

2. Platforms we connect to

Crowdsweep integrates with the following Meta platforms via their official APIs:

  • Facebook — We connect to your Facebook Pages to read and moderate comments on your posts and ads.
  • Instagram — If you have an Instagram Business or Creator account linked to your Facebook Page, we read and moderate comments on your Instagram posts and ads.
  • Threads — If applicable, we connect to your Threads profile to read replies on your posts and hide replies that violate your moderation rules.

3. Data we collect

When you connect your account, you grant us a limited set of Meta permissions. The specific data we collect includes:

  • Comment text and metadata — The content of comments and replies on your posts/ads, including the commenter's public name, profile picture URL, and timestamp.
  • Page IDs and Page names — To identify which Facebook Page(s) and linked Instagram account(s) you want us to moderate.
  • Ad account IDs and ad metadata — To attribute comments to specific ads and campaigns and show you where problematic comments are concentrated.
  • Account information — Your name and email address (from Facebook Login) to operate your account and contact you about the service.
  • Access tokens — Encrypted tokens that allow us to make API calls on your behalf. These are never stored in plaintext.

4. Permissions we request

  • pages_show_list — to show you a list of your Pages so you can choose which one to connect.
  • pages_read_engagement, pages_read_user_content — to read comments posted on your Page's ads and posts.
  • pages_manage_engagement — to hide, unhide, or delete comments that you (or your rules) choose to action.
  • ads_read — to read which ad a comment belongs to and its spend.
  • instagram_basic, instagram_manage_comments — to read and moderate comments on your Instagram business content.
  • threads_basic, threads_read_replies — to read your Threads profile and the replies on your Threads posts.

5. What we do not do

  • We never post, comment, or send messages on your behalf.
  • We never access private messages, your password, or your personal friends list.
  • We do not sell, rent, or share your data for advertising or marketing purposes.
  • We do not use your data for any purpose other than providing the moderation service.

6. How we use your data

We use comment content solely to detect policy-violating comments (scam accusations, spam, off-topic content, and similar) and to let you moderate them. We use ad metadata to provide context in your dashboard. We use your account details to authenticate you and provide support.

7. Data retention

  • Comments and ad data — Retained only as long as your account is active and the associated Page is connected. Data is removed within 30 days of disconnection.
  • Moderation audit logs — Kept for up to 12 months so actions remain reversible and auditable, then automatically deleted.
  • Account information — Retained until you delete your account. Upon deletion, all associated data is removed within 30 days.
  • Access tokens — Revoked and deleted immediately when you disconnect a Page or delete your account.

8. Sharing and sub-processors

We share data only with infrastructure sub-processors required to run the service (for example, cloud hosting and database providers), each bound by confidentiality and data protection obligations. We do not sell or rent your data to anyone.

9. Security

Access tokens are encrypted at rest (AES-256), transmitted over TLS, and scoped to the minimum permissions you grant. Access to production data is restricted and logged.

10. Your rights and data deletion

You have the right to:

  • Access your data — View all data we hold about you from your dashboard.
  • Delete your data — Disconnect any Page or delete your entire account from Settings or via our Data Deletion page. All associated data will be removed within 30 days.
  • Revoke access — Remove Crowdsweep from your Facebook app settings at any time. We honor Meta's automated deauthorize and data-deletion callbacks, which trigger automatic deletion of your data.

To request data deletion, you can: (1) use the in-app Settings page, (2) visit our Data Deletion page, (3) remove Crowdsweep from your Facebook app settings, or (4) email us at privacy@crowdsweep.app.

11. Compliance with Meta Platform Terms

Our use and transfer of information received from Meta APIs adheres to the Meta Platform Terms and Developer Policies, including the Limited Use requirements.

12. Children

Crowdsweep is a business tool and is not intended for anyone under 18.

13. Changes

We may update this policy from time to time. Material changes will be announced in-app or by email, and the "Last updated" date above will change.

14. Contact

Questions about privacy? Email privacy@crowdsweep.app.