Privacy Policy

1. Introduction

Reach Engine ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our social media automation service.

By using Reach Engine, you agree to the collection and use of information in accordance with this policy.

2. Data We Collect

Account Information

• Email address (from Clerk authentication)
• Name and profile information
• Account creation and last login timestamps

Social Media Data

• Comments on your Facebook Page posts
• Comments on your Instagram Business posts
• Comments on your YouTube videos
• OAuth access tokens (encrypted with AES-256-GCM)
• Platform account IDs and names

Automation Rules

• Keywords you define for automated responses
• Response templates you create
• Platform and type preferences (comment vs DM)

Activity Logs

• Timestamps of automated actions
• Matched keywords and selected responses
• Delivery status (success, failed, skipped)
• Error messages and failure reasons

3. How We Use Your Data

We use your information to:

• Provide and maintain our automation service
• Monitor social media platforms for comments matching your keywords
• Send automated responses according to your rules
• Track activity and provide logs of automated actions
• Enforce safety mechanisms (cooldowns, jitter delays, anti-spam)
• Comply with legal obligations and platform policies
• Improve and optimize our service

4. Data Storage & Security

Encryption

All OAuth access tokens are encrypted using AES-256-GCM encryption before being stored in our database. Encryption keys are stored separately and securely.

Data Storage Provider

We use Convex as our database provider. All data is stored securely in their cloud infrastructure with industry-standard security measures.

Access Controls

Access to your data is restricted to authorized personnel only and is logged for security auditing purposes.

5. Third-Party Services

We integrate with the following third-party services:

Meta Platforms (Facebook & Instagram)

• We use Meta's Graph API to access comments on your Pages and posts
• We comply with Meta Platform Policies
• Review Meta's Privacy Policy: https://www.facebook.com/privacy/policy

Google (YouTube)

• We use YouTube Data API to access comments on your videos
• We comply with YouTube API Terms of Service
• Review Google's Privacy Policy: https://policies.google.com/privacy

Other Services

• Convex: Database and backend services
• Clerk: Authentication and user management
• Trigger.dev: Background job processing

6. Your Rights

You have the right to:

Access Your Data

You can view all your data (rules, activity logs, connected accounts) through the dashboard.

Modify Your Data

You can update or delete your automation rules at any time through the dashboard.

Delete Your Data

You can disconnect social media accounts to revoke access. Contact us to request complete account deletion.

Data Portability

Request an export of your data by contacting us at [email protected].

Revoke Platform Access

You can revoke our access to your social media accounts directly from your Facebook, Instagram, or Google account settings.

7. Facebook Platform Policy Compliance

We comply with Facebook Platform Policies, including:

• Respecting the 7-day messaging window for Facebook and Instagram DMs
• Implementing rate limiting to avoid platform restrictions
• Using jitter delays and cooldowns to prevent spam
• Storing OAuth tokens securely with encryption
• Never sharing user data with third parties for advertising
• Honoring user permissions and access revocation

8. Contact Us

If you have questions about this Privacy Policy, please contact us:

• Email: [email protected]
• Website: reachengine.abdelkawi.me