contact usLet's Talk
Call

Meta Platform Privacy

Lofingo Meta App Privacy Policy

This policy explains how Lofingo handles information when a user connects a Facebook Page or an Instagram professional account to a Lofingo product.

Effective: June 15, 2026Last updated: June 15, 2026
01

User-authorized access

Lofingo accesses only the Meta accounts, Pages, professional Instagram accounts, and permissions that the user authorizes.

02

Protected credentials

OAuth credentials are handled by secured backend components and encrypted before durable storage. We never ask for a Facebook or Instagram password.

03

User-controlled removal

Users can disconnect accounts in Lofingo and may request deletion of associated Meta data using the instructions below.

01 / Scope

Who this policy applies to

This policy applies to the Meta Platform connection operated by Lofingo Pvt. Ltd. ("Lofingo," "we," "our," or "us"). It supplements the general Lofingo Privacy Policy and covers information received through Facebook Login for Business, the Facebook Pages API, and the Instagram API.

Meta's own products and services are governed by Meta's policies. This policy governs Lofingo's handling of data after a user chooses to connect a Meta account to Lofingo.

02 / Information

Meta data we access

The exact information available to Lofingo depends on the permissions granted by the user, the assets the user manages, and the features approved by Meta. It may include:

  • Authorization identity: Meta user identifier, display name, granted permissions, authorization status, and token expiry information.
  • Facebook Page information: Page identifier, Page name, assigned Page tasks or roles, and the Page credential required to access the selected Page.
  • Instagram professional account information: account identifier, username or display name, account type, and its relationship to the selected Facebook Page.
  • Content and engagement information: Page content and engagement data that Meta makes available under the permissions the user has granted.
  • Lofingo planning information: drafts, captions, content plans, selected platforms, intended publishing times, campaign notes, and other information the user creates inside Lofingo.
  • Operational metadata: connection status, selected account relationships, provider error state, and timestamps needed to operate, secure, and troubleshoot the connection.
We do not collect your Facebook or Instagram password.Authentication takes place on Meta's website. Lofingo receives an OAuth authorization result, not the password used to sign in.

03 / Current permissions

Permissions currently requested

instagram_basic

Identify an Instagram professional account connected to an authorized Facebook Page and display its basic account information.

pages_show_list

Show the Facebook Pages that the signed-in person is permitted to manage so the person can choose the correct Page.

pages_read_engagement

Read Page content and engagement information made available by Meta for the selected Page.

Lofingo does not currently request Meta permissions for creating, editing, deleting, or publishing Page and Instagram content. Those actions will be enabled only if Lofingo adds the relevant functionality, receives any required Meta approval, updates this policy where necessary, and the user separately grants the required permissions.

04 / Purpose

How we use Meta data

We use authorized Meta data to:

  • Connect and verify the user's Meta authorization.
  • Discover Facebook Pages and linked Instagram professional accounts the user is eligible to manage.
  • Let the user explicitly select which Page or Instagram account belongs to a Lofingo social media project.
  • Display connection health, permission status, expiry state, and reconnect or disconnect controls.
  • Read authorized Page content and engagement information for planning, reporting, and account-management workflows.
  • Create and organize local social media drafts, calendars, campaigns, and scheduling plans requested by the user.
  • In future approved versions, publish, update, delete, or moderate content only when the user initiates or approves the action and has granted the required Meta permissions.
  • Protect the service, diagnose failures, prevent abuse, and maintain an auditable account lifecycle.

Lofingo does not sell Meta Platform data. We do not use Meta access tokens for advertising, data brokerage, or unrelated profiling.

05 / OAuth and security

How connection credentials are protected

  • The user signs in through Meta's HTTPS authorization page.
  • Lofingo uses OAuth state validation and PKCE to protect the authorization flow.
  • The hosted authorization broker keeps pending flow data and an encrypted authorization result only for a short, configured time. A completed result is handed to the desktop application once and is then removed or allowed to expire.
  • Durable provider credentials are encrypted using AES-256-GCM and stored in the local Lofingo desktop application's protected account vault.
  • Provider credentials are not returned to the normal renderer interface and are not included in model-facing social tool inputs.
  • Sensitive OAuth query values, authorization codes, access tokens, encryption keys, and client secrets are excluded from ordinary application logs.

No system can guarantee absolute security. Lofingo uses reasonable technical and organizational controls and reviews access when the connection architecture changes.

06 / Sharing

When information may be shared

We disclose Meta data only as necessary to operate the requested service, comply with law, protect users or Lofingo, or complete a business transaction subject to appropriate safeguards. Relevant service providers may include infrastructure, security, monitoring, and support providers acting for Lofingo.

We do not give third parties independent rights to use Meta Platform data for their own advertising or marketing purposes.

07 / Retention

How long we keep information

OAuth flow state and broker handoff results are short-lived and expire automatically. Connected-account metadata and encrypted credentials remain available in the user's local Lofingo installation while the connection is active or while needed to provide the requested service.

When an account is disconnected, Lofingo removes the associated connection credentials and updates or removes dependent account relationships as required by the account hierarchy. Limited records may be retained where required for security, dispute resolution, fraud prevention, or legal compliance.

08 / User choices

Your controls and rights

  • Choose whether to connect a Meta account.
  • Review the permissions shown by Meta before granting access.
  • Select which eligible Facebook Page or Instagram professional account is connected to a Lofingo project.
  • Reconnect an expired or revoked authorization.
  • Disconnect an account from within Lofingo.
  • Remove Lofingo from the integrations or business integrations settings available in the user's Meta account.
  • Request access, correction, restriction, objection, or deletion where applicable under local law.

09 / Data deletion

How to request deletion of Meta data

Users may remove their connected Meta data using either of these methods:

  1. Disconnect inside Lofingo: Open the relevant Social Media project, open its connected accounts section, choose the Facebook or Instagram account, review the displayed impact, and confirm Disconnect.
  2. Remove access through Meta: Remove Lofingo from the business integrations or application permissions area provided by Facebook or Instagram. After removal, reopen Lofingo and disconnect the stale local connection if it remains visible.
  3. Send a deletion request: Email privacy@lofingo.com with the subject "Lofingo Meta App Data Deletion." Include the connected Page or Instagram account name and an email address where we can reply. Never send passwords, authorization codes, access tokens, or secret keys.

We may request reasonable information to verify the requester and identify the affected connection. We will process verified requests within the period required by applicable law and will confirm completion or explain any lawful retention requirement.

10 / Other provisions

Children, international processing, and changes

The Lofingo Meta App is intended for businesses and authorized account managers, not children. We do not knowingly provide this connection to individuals under 18.

Information may be processed in countries where Lofingo or its service providers operate, subject to applicable safeguards. We may update this policy as the product, permissions, law, or Meta requirements change. The effective date above identifies the current version.

11 / Contact

Contact Lofingo

Privacy requestsprivacy@lofingo.com
Legal questionslegal@lofingo.com
Company

Lofingo Pvt. Ltd.

Location

Greater Noida, Uttar Pradesh, India