How NexusForge protects your workspace, tokens, and media.

What we collect

• Account data: username, email, biometric opt-in, and authentication tokens.
• Workspace settings: niches, posting cadence, default posting times.
• Social credentials: Meta App ID/secret + long-lived user token, soon YouTube/Instagram OAuth tokens. Encrypted at rest.
• Media: uploaded short/long videos retained per Storage Policy slider.
• Operational logs: every upload, schedule, post, retry, credential change. Logs now store actor + JSON context.

How Facebook/Meta data is used

• Permissions requested: pages_show_list, pages_manage_posts, pages_read_engagement, business_management.
• Endpoints: /me/accounts to list admin pages; /PAGE_ID/videos//feed when you hit “Post Now” or schedule.
• Tokens never leave your workspace. Disconnecting Facebook or deleting your workspace purges them immediately.
• Instagram automations reuse Meta tokens and inherit the same security controls.

Data retention & deletion

• Uploads live only for the number of days defined in the Storage Policy screen (default 30 days).
• Admins can shorten or extend retention any time; changes cascade through the backend tasks that delete stored media.
• All traffic is TLS, and secrets use the encryption key configured in Django settings.

Contact & requests

Need a data processing addendum, want to delete a workspace, or have a question for Facebook App Review?

support@nexusforge.app

We usually respond within one business day.