Privacy Policy

Privacy Policy for Prizma Social

Last Updated: 2025-06-27

This Privacy Policy describes how Prizma Partner AB ("we," "us," or "our") collects, uses, and discloses your information in connection with your use of our Prizma Social application (the "Service").

This policy is specifically for users who authenticate with and grant permissions to the Service, particularly through the Meta (Facebook and Instagram) Business platform.

1. Information We Collect

When you connect your Meta Business account to our Service, we collect specific data required to provide our functionality. We are committed to collecting only the minimum data necessary.

a. From You Directly:

  • User Information: When an administrator from your agency authenticates with the Service, we may receive your name and email address from Meta to identify you as an authorized user.

b. From Your Connected Meta Business Account (On Behalf of Your Clients):

Our Service operates using the Meta On-Behalf-Of (OBO) architecture, designed for agency-client relationships. When your agency authenticates and manages a client's assets, we request access to the following information about your clients' connected accounts:

  • Facebook Page Data:
    • Page ID, Page Name, and a Page Access Token.
    • The permission to manage posts (pages_manage_posts) and read engagement (pages_read_engagement, pages_manage_engagement).
  • Instagram Business Account Data:
    • Instagram Business Account ID, Username, and Profile Information.
    • The permission to publish content (instagram_content_publish) and manage comments (instagram_manage_comments).
  • Business Management Information (business_management):
    • This permission is required to facilitate the secure, programmatic connection between our agency's application and your client's business assets. It allows us to generate the necessary secure tokens to act on your behalf without you sharing passwords. We do not store or use any other business details beyond what is required for this connection.

c. Content You Provide:

  • Post Content: We process the text and images you provide for the specific purpose of creating and publishing social media posts to the platforms you select.

2. How We Use Your Information

We use the information we collect solely for the following purposes:

  • To Provide the Service: To discover the Facebook Pages and Instagram accounts you are authorized to manage, and to publish the content you create to those selected platforms on your behalf.
  • Authentication: To securely authenticate your session and verify that you have the necessary permissions to perform actions.
  • Token Management: To generate, store securely, and use the necessary Page Access Tokens and System User Tokens required to interact with the Meta API.
  • Content Storage: Images you upload for posts are temporarily stored on secure cloud infrastructure (Supabase) to generate a public URL required by the Meta API for publishing. These images are deleted immediately after the post is successfully published or if the publishing attempt fails.

3. How We Share Your Information

We are committed to your privacy and do not sell, rent, or trade your information. We only share information in the following limited circumstances:

  • With Meta (Facebook/Instagram): We transmit your post content and the necessary tokens to the Meta API to fulfill your publishing requests. Our use of their API is governed by Meta's Platform Terms.
  • With Service Providers: We use Supabase for temporary cloud storage of media assets. Supabase is a trusted third-party service provider that is compliant with industry-standard security practices.

We do not share your client's data or your personal information with any other third parties.

4. Data Security and Storage

We implement industry-standard security measures to protect your information.

  • Access Tokens: All sensitive access tokens (Page Access Tokens, System User Tokens) are encrypted and stored securely.
  • Temporary Media: As stated above, images uploaded for posting are temporary and are deleted from our cloud storage provider after the API call is complete.
  • Data Minimization: We are committed to only collecting and storing the data that is essential for the functionality of the Service.

5. Your Rights and Choices

You have control over the information you provide to the Service.

  • Revoking Access: You can revoke the Service's access to your Meta data at any time through your Meta Business Manager settings by removing "Prizma Social" from your list of integrated apps or by revoking the partner relationship with Prizma Partner AB.
  • Data Deletion: If you revoke access, we will no longer be able to access your information. If you wish for any residual stored data, such as your user authentication record, to be deleted, please contact us.

6. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

7. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Prizma Partner AB
Address: Trångsundsvägen 26, 393 56 Kalmar
Email: kontakt@prizmapartner.se
Phone: 070-408 35 60

Kontakt