Legal

Privacy Policy

Last updated: May 29, 2026

messengerapp is a business inbox that lets a small team of operators reply to Facebook Page messages and Instagram Business Direct conversations from a single web interface. This policy explains what data we collect from Meta platforms (Facebook, Instagram), how we store it, how long we keep it, and how to ask us to delete it.

messengerapp is operated for internal business use by the company that owns the connected Facebook Pages and Instagram Business accounts. We do not sell, share, or use this data for advertising.

Who we are

Service: messengerapp
Website: https://messengerapp.ge
Contact: ops@messengerapp.ge

What we collect from Meta

When a Facebook Page or Instagram Business account is connected by an authorized administrator, messengerapp receives and stores:

Message content — the text, images, and short videos sent in conversations between the connected Page or Instagram Business account and its customers.
Sender identifiers — Meta's Page-scoped sender ID, the customer's display name and profile picture as provided by Meta, and (only when the customer chooses to share it via a Quick Reply) their phone number.
Page and Instagram account metadata — Page name, Page ID, Instagram username, Instagram Business account ID.
Page Access Tokens — issued by Meta during the OAuth Login flow, used to send replies and subscribe to webhooks. Stored encrypted at rest.
Operator activity — which operator on the customer's team sent each reply, and when.

What we do with it

Display inbound messages to authorized operators inside the customer's tenant.
Send replies typed by operators back to the customer through Meta's Send API.
Show the customer's profile information and conversation history to the operator handling the conversation.
Subscribe each connected Page to our webhook so we receive new messages without polling.

We do not use this data for advertising, profiling, or training machine-learning models. We do not sell it. We do not share it with any third party other than the Meta platforms it originated from.

Where we store it

messengerapp is hosted on Hetzner Cloud (EU region) behind Cloudflare for DNS and TLS termination. Data at rest is stored in:

PostgreSQL for conversation records, operator accounts, and tenant configuration.
MinIO (S3-compatible object storage) for image and video attachments, retained for 30 days.
Redis for short-lived realtime delivery state.

Page Access Tokens are encrypted with AES-256-GCM using a key held only by our channels service. All internal service-to-service calls use HMAC-SHA-256 signatures.

How long we keep it

Messages and conversation metadata: retained for the lifetime of the connection. When a Page is disconnected, its conversations remain readable to the tenant admin for audit; full deletion is available on request (see below).
Image and video attachments: 30 days from receipt or send, then automatically purged from object storage.
OAuth onboarding sessions: 15 minutes from creation, then expired.
Operator session cookies: 14 days from last activity.

Who can see it

Conversation data is scoped per tenant. An operator can only see conversations belonging to their own tenant and to the Pages assigned to them. Tenant administrators can see all conversations for their tenant. The messengerapp system administrators can see operational metadata (queue depth, error rates) but message content is restricted to authorized personnel under a need-to-know rule.

Your rights

If you are an end-user whose messages to a connected Page or Instagram Business account have been received by messengerapp, you can ask us to delete the data we hold about you. See the Data Deletion Instructions page for how to submit a request. We will respond within 30 days.

You can also revoke our app's access to a Page at any time from Facebook's Apps and Websites settings; this stops further data collection from that Page but does not retroactively delete already-stored messages — for that, use the deletion link above.

Changes to this policy

We update this page when we change how we collect or store data. The "last updated" date at the top of this page reflects the latest revision. Material changes are also communicated to tenant administrators through the admin console.

Contact

Questions about this policy or about your data: ops@messengerapp.ge.