IdeaCore
UAEN

Privacy Policy

Last updated: 2026-04-17

This Privacy Policy describes how {LEGAL_ENTITY_NAME} (company code {EDRPOU}, registered at {LEGAL_ADDRESS}) — the operator of IdeaCore BI Dashboard (ideacore.app) — collects, stores, uses, and protects personal data. Contact for privacy inquiries: [email protected].

1. Data we collect

  • Customer messages received via connected Facebook Pages and Instagram Business accounts (text, attachments, timestamps).
  • Public profile metadata of customers who message our Pages (display name, avatar URL, platform-specific user ID).
  • Email, Telegram, Viber, Webchat messages from other connected channels.
  • Account data of our internal staff (name, email, role, hashed password).
  • Technical data: IP address, user agent, session metadata for security audit.

2. Purpose of processing

  • Handling customer support and sales inquiries across channels.
  • Storing conversation history so agents can respond with context.
  • Aggregated analytics (response time, SLA compliance) — without exposing individual messages.

3. Legal basis

We process customer messages based on the legitimate interest of operating a customer support channel that the customer themselves initiated, and based on the business's contractual relationship with its customers. For internal employee accounts — contractual basis (employment).

4. Storage & security

Data is stored in a PostgreSQL database hosted on Railway, in the EU West region (Amsterdam, Netherlands). Traffic is protected by TLS and Cloudflare DDoS protection. Only authorized employees with role-based permissions can access customer data.

5. Meta / Facebook / Instagram data

When a business owner connects a Facebook Page or Instagram Business account to IdeaCore BI Dashboard, we receive access tokens and permission to read/send messages via the Meta Graph API. We store:

  • Page / IG account identifiers and names.
  • Incoming and outgoing message content.
  • Customer profile basics (name, avatar, platform user ID).

We do not share Meta data with third parties, do not use it for advertising, and do not sell it. Data is used solely to power the customer support inbox for the business owner.

6. Cookies

We use strictly necessary cookies to maintain authenticated sessions for staff (NextAuth JWT session cookie). No advertising or cross-site tracking cookies.

7. User rights (GDPR)

  • Right to access — request a copy of your data.
  • Right to rectification — correct inaccurate data.
  • Right to erasure — request deletion of your personal data.
  • Right to object — object to processing based on legitimate interest.

8. Data deletion

If you messaged one of our connected Facebook Pages or Instagram Business accounts and want your data removed, follow the instructions at Data Deletion Instructions. Meta data deletion callbacks are processed automatically via our endpoint POST /api/data-deletion.

9. Contact

For any privacy-related inquiries, write to [email protected].