Privacy Policy
Date of Last Revision: April 30, 2026
Metaroots respects the privacy of our customers and the users of this website, the social media pages we operate (including Facebook, Instagram, Twitter/X, and TikTok), and the third-party services we use on our customers’ behalf (collectively, the “Services”). This Privacy Policy identifies the practices of Metaroots and its affiliates (collectively, “Metaroots,” “we,” or “us”) as they relate to the collection, maintenance, use, sharing, and deletion of personal information collected through the Services. This Privacy Policy is part of the Terms of Service.
Personal Information We Collect
We may collect the following categories of personal information directly from you, from your interactions with the Services, or from third-party platforms you authorize us to access on your behalf:
- Identification and contact information: your name, business name, postal address, email address, and telephone number.
- Authentication credentials provided by third-party platforms (Facebook, Instagram, Google) when you grant Metaroots access to manage social media accounts on your behalf — specifically, OAuth access tokens issued by those platforms. These tokens are stored encrypted at rest and are never displayed in plaintext after issuance.
- Page and account metadata received via authorized API calls: the names, IDs, and categories of Facebook Pages and Instagram Business Accounts you authorize, the names of Google Business Profile locations you authorize, and basic profile fields associated with those resources.
- Content you submit through the Services: text, images, captions, scheduled post data, and any associated metadata, as defined in our Terms of Service.
- Analytics and engagement data returned by third-party platforms about posts published on your behalf — for example, post impressions, engaged users, click counts, and reach. We use this data only to report performance back to you and to inform our content recommendations.
- Technical data automatically collected when you visit our website, including IP address, browser type, device identifiers, and pages viewed, via cookies and analytics tools described below.
We do not request, receive, or store financial account numbers, payment card details, government-issued identification numbers, health information, or other categories of sensitive personal information. Payments to Metaroots are processed by third-party payment providers and governed by their own privacy policies.
How We Use Personal Information
We use the personal information we collect to: (a) provide, maintain, and improve the Services; (b) publish content to the social media accounts you have authorized; (c) generate reports and analytics on the performance of that content; (d) communicate with you about your account, new features, billing, and support; (e) detect and prevent fraud, abuse, or violations of our Terms of Service; and (f) comply with legal obligations.
Connected Social Media Accounts and Third-Party Platform Data
When you connect a Facebook Page, Instagram Business Account, or Google Business Profile to Metaroots, you authorize us to act on your behalf via the relevant platform’s API. Specifically:
- Meta (Facebook and Instagram). We use the Meta Graph API. The OAuth scopes Metaroots requests are: pages_manage_posts, pages_read_engagement, pages_show_list, read_insights, instagram_basic, and instagram_content_publish. These scopes collectively allow Metaroots to (i) list the Pages and Instagram Business Accounts you administer, (ii) publish posts on your behalf, (iii) read public engagement and insights data on those posts, and (iv) read the content you have published. We do not request access to your personal Facebook or Instagram timeline, your friends list, your direct messages, or the personal data of users who interact with your Page or Account.
- Google (Google Business Profile). We use the Google Business Profile API to publish posts to the locations you authorize. We do not access Gmail, Google Drive, or any other Google service.
- Token handling. Access tokens issued by these platforms are encrypted at rest using authenticated encryption, are stored only on systems Metaroots controls, and are never shared with any third party except as required to make API calls back to the issuing platform.
- Revoking access. You may revoke Metaroots’ access at any time through Facebook’s Settings → Business Integrations, Instagram’s Settings → Apps and Websites, or Google’s Account → Security → Third-party apps with account access. We honor revocations immediately on the platform side; on our side we delete the corresponding tokens and any cached page or account metadata within thirty (30) days, in accordance with Meta’s Platform Terms and comparable Google requirements.
How We Share Personal Information
We do not sell personal information. We share personal information only in the following limited circumstances:
- With the third-party platforms necessary to provide the Service you have requested — for example, transmitting your post content to Facebook so it can be published on your authorized Page.
- With service providers that operate infrastructure on our behalf (hosting, error monitoring, analytics) under written agreements requiring them to protect personal information and use it only for the purposes we specify.
- When required by law, including in response to a valid subpoena, court order, or other lawful request from a government authority.
- To protect the rights, property, or safety of Metaroots, our customers, or the public — for example, to investigate suspected fraud or violations of our Terms of Service.
- In connection with a merger, acquisition, financing, or sale of all or part of Metaroots’ business, in which case the acquirer will be bound by terms substantially equivalent to those in this Privacy Policy.
We do not publish your personal information to the general public. Content you authorize Metaroots to publish on your behalf — for example, a post scheduled to your Facebook Page — will of course appear publicly on that platform; that publication is the Service you requested, and the post is governed by the platform’s own privacy and content rules, not by this Privacy Policy.
Cookies and Analytics
Our website uses cookies and similar tracking technologies. We currently use the following:
- Google Analytics 4 to understand aggregate traffic patterns (sessions, pages viewed, referrers).
- Google Ads conversion tracking to measure the effectiveness of advertising campaigns we run.
- Meta Pixel to measure the effectiveness of Facebook and Instagram advertising campaigns we run.
You can control these technologies through your browser’s cookie settings, through opt-out tools provided by Google (tools.google.com/dlpage/gaoptout) and Meta (facebook.com/help/568137493302217), or by enabling Global Privacy Control or “Do Not Track” in your browser. We honor Global Privacy Control signals where applicable.
Data Security
We use reasonable administrative, technical, and physical safeguards to protect personal information, including encryption of OAuth tokens at rest, encrypted transport (HTTPS) for all data transmission, access controls limiting personal-information access to authorized personnel only, and routine review of access logs. However, no security measure is perfect, and we cannot guarantee that personal information will never be accessed by unauthorized parties.
Data Retention and Deletion
We retain personal information only as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. When you cancel your account or revoke a connected platform integration:
- OAuth tokens and cached page/account metadata are deleted within thirty (30) days.
- Content you have authored or scheduled through the Services is deleted within ninety (90) days, except where we are legally required to retain it.
- Aggregated, anonymized analytics data may be retained indefinitely.
You may request earlier deletion at any time by contacting us using the information in the “Contact Us” section below.
Your Rights
Depending on where you live, you may have the right to: (a) request a copy of the personal information we hold about you; (b) request that we correct inaccurate personal information; (c) request that we delete personal information; (d) request that we restrict or stop certain processing; (e) opt out of the sale or sharing of personal information (we do not sell personal information); and (f) lodge a complaint with a data protection authority. To exercise any of these rights, contact us using the information below. We will respond within forty-five (45) days, or such shorter period as required by applicable law.
California residents are entitled to additional disclosures under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). The categories of personal information we collect, the purposes for which we use them, and the parties with whom we share them are described in the relevant sections above. We do not sell personal information and we do not share it for cross-context behavioral advertising.
Children
Our Services are not directed to children under 18, and we do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete it. If you are a parent or guardian and believe your child has provided personal information to us, please contact us using the information below.
Cautions and Warnings
Please exercise caution when submitting personal information online. It is your responsibility to maintain the security of your passwords. We will never ask you for your account password by email; messages purporting to do so are likely phishing attempts and should be reported.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Date of Last Revision” at the top of the page and, for material changes, provide additional notice (for example, by email or by a banner on our website). Continued use of the Services after a revision becomes effective constitutes acceptance of the revised Privacy Policy.
Contact Us
If you have any questions about this Privacy Policy, or if you wish to exercise any of the rights described above, please contact us at:
Metaroots
Email: privacy@metaroots.com
Web: www.metaroots.com/get-started