CanvasGlass API

Privacy Policy

Effective date: March 23, 2026

This Privacy Policy explains how Evadava ("we", "us", "our") collects, uses, stores, and protects personal data when users interact with the CanvasGlass API and related Facebook and Instagram publishing flows.

1. Data Controller

Controller: Evadava
Contact email: privacy@evadava.com

2. Data We Process

• Facebook and Instagram account identifiers returned by Meta APIs for authorized accounts.
• OAuth credentials and access tokens needed to perform requested actions.
• Content metadata such as captions, post timing, publish status, and asset references.
• Technical logs such as timestamps, API responses, request identifiers, and error details.

3. Purposes and Legal Bases

• Service delivery: account connection, content publishing, and status tracking requested by the authorized user.
• Security and abuse prevention: access control, audit logs, monitoring, and incident response.
• Legal compliance: record keeping and lawful request handling where required.
• Operational communication: support, troubleshooting, and platform-related notifications.

4. Data Sharing

We do not sell personal data. Data is shared only with service providers and infrastructure processors necessary to operate the service, subject to confidentiality and data protection obligations.

5. International Transfers

Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or other lawful transfer mechanisms.

6. Retention

• OAuth tokens are retained only while account access is active and operationally necessary.
• Operational logs may be retained for up to 12 months unless a longer period is required for security or legal reasons.
• Publishing records may be retained for auditability, troubleshooting, and service history, then minimized or deleted.

7. User Rights

Where applicable, users may request access, correction, deletion, restriction, objection, and data portability. Users may also revoke access through Meta account settings where supported.

8. Revocation

Users may revoke application access through Facebook or Instagram settings. After revocation, we stop further API actions and remove or invalidate retained credentials according to operational and legal needs.

9. Security

We implement reasonable technical and organizational safeguards, including access restriction, secure transport, secret handling, and operational logging.

10. Contact

For privacy questions or requests, contact privacy@evadava.com.

11. Changes to This Policy

We may update this policy from time to time. Material changes will be reflected by updating the effective date on this page.