Privacy Policy
Last updated: January 6, 2026
Quick Summary
MyFBleads is a Facebook lead management tool. We collect data necessary to provide our CRM services, including your account information and the lead data you choose to save. We do not sell your data. Your lead data stays in your browser extension unless you explicitly sync it to our servers or third-party integrations you configure.
Table of Contents
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address - Used for account authentication, communications, and password recovery
- Name - Used to personalize your experience
- Password - Stored as a secure hash (PBKDF2 with 100,000 iterations); we never store plain text passwords
- Payment information - Processed and stored by Stripe; we do not store credit card numbers
1.2 Lead and Contact Data
When you use MyFBleads to manage leads, you may store:
- Names from Facebook profiles
- Facebook Profile IDs and profile URLs
- Messenger conversation links
- Contact information you manually add (email, phone numbers)
- Notes and tags you create
- Pipeline stages and follow-up dates
- Conversation history excerpts (if you use voice training features)
Important: Lead data is stored locally in your browser by default. It is only transmitted to our servers if you enable cloud backup, or to third-party services (like HighLevel) if you configure those integrations.
1.3 Usage and Analytics Data
We collect anonymized usage data to improve our service:
- Feature usage - Which features you use and how often
- Error reports - Technical errors that occur (without personal data)
- Extension version and browser information
- Subscription status and plan type
1.4 Device Information
For security and fraud prevention:
- Device fingerprint - A hash generated from your browser characteristics (not a unique identifier that can be used across sites)
- IP address - Used for rate limiting and security; not stored long-term
- Session information - To manage your login sessions
1.5 Information from Third Parties
- Facebook - We access publicly visible profile names and IDs from Facebook pages you interact with. We do not access your Facebook login credentials or private messages beyond what you explicitly provide.
- Stripe - Payment status and subscription information
- Endorsely - Affiliate referral tracking (if you came via an affiliate link)
2. How We Use Your Information
We use your information to:
- Provide our services - Store and manage your leads, send notifications, sync data
- Process payments - Manage your subscription and billing
- Communicate with you - Send service updates, respond to support requests
- Improve our product - Analyze usage patterns to fix bugs and add features
- Ensure security - Detect and prevent fraud, unauthorized access, and abuse
- Comply with legal obligations - Respond to lawful requests from authorities
We do NOT:
- Sell your personal data to third parties
- Use your lead data for advertising
- Share your data with other users
- Access your Facebook login credentials
- Read your private Facebook messages (we only process what you explicitly share with us)
3. Data Storage and Security
3.1 Where Your Data is Stored
- Browser Extension (Local) - Lead data, settings, and preferences are stored locally in your browser using Chrome's storage APIs. This data is not accessible to other extensions or websites.
- Our Servers - Account information, subscription data, and cloud backups (if enabled) are stored on Cloudflare's global infrastructure.
- Third-Party Services - If you configure integrations, your data may also be stored by those services (see Section 4).
3.2 Security Measures
We implement industry-standard security practices:
- Encryption in transit - All data is transmitted over HTTPS/TLS
- Password security - PBKDF2 hashing with per-user salts (100,000 iterations)
- Session management - Token-based authentication with session limits
- Rate limiting - Protection against brute force attacks
- Access controls - Role-based access to prevent unauthorized data access
3.3 Your API Keys
If you configure AI providers (OpenAI, Anthropic, Grok), your API keys are:
- Stored locally in your browser extension
- Transmitted directly from your browser to the AI provider
- Never transmitted to or stored on our servers
4. Third-Party Services
We use the following third-party services:
4.1 Essential Services
- Cloudflare - Hosting, CDN, and security (Privacy Policy)
- Stripe - Payment processing (Privacy Policy)
4.2 Optional Integrations (User-Configured)
If you choose to configure these integrations, your data will be shared with them according to their privacy policies:
- GoHighLevel - CRM sync (Privacy Policy)
- OpenAI - AI message generation (Privacy Policy)
- Anthropic - AI message generation (Privacy Policy)
- xAI (Grok) - AI message generation
- Zapier/Make - Webhook automation (data sent to URLs you configure)
4.3 Analytics and Marketing
- Endorsely - Affiliate tracking for referrals (Privacy Policy)
5. AI Features and Your Data
5.1 AI Message Generation
When you use AI features to generate messages:
- Your conversation context and instructions are sent to the AI provider you've configured (OpenAI, Anthropic, or xAI)
- We do not store the content of AI-generated messages on our servers
- Each AI provider has their own data handling policies
5.2 Voice Training
If you use our voice profile feature:
- You provide sample messages from your conversations
- This data is processed to create a writing style profile
- The profile is stored locally in your browser extension
- Sample messages may be sent to AI providers for analysis (not stored by us)
AI Provider Data Use: Third-party AI providers may use data sent to their APIs according to their own privacy policies. We recommend reviewing their policies and not sharing sensitive personal information in AI prompts.
6. Cookies and Tracking
6.1 Cookies We Use
- Authentication cookies - To keep you logged in
- Preference cookies - To remember your settings
- Affiliate cookies - To track referrals (via Endorsely)
6.2 Browser Extension
The MyFBleads Chrome extension:
- Does not use cookies
- Uses Chrome's local storage APIs
- Only runs on Facebook.com and Messenger.com
- Cannot access data from other websites
7. Your Rights and Choices
7.1 All Users
You have the right to:
- Access your data - Export your leads and settings from the extension
- Correct your data - Update your account information anytime
- Delete your data - Request complete account deletion
- Opt out - Disable cloud backup, analytics, or specific features
7.2 European Users (GDPR)
If you're in the European Economic Area, you additionally have:
- Right to data portability
- Right to restrict processing
- Right to object to processing
- Right to lodge a complaint with a supervisory authority
Legal basis for processing: Contract performance (providing our service), legitimate interests (security, product improvement), and consent (marketing communications).
7.3 California Users (CCPA)
California residents have the right to:
- Know what personal information is collected
- Know if personal information is sold or disclosed and to whom
- Opt out of the sale of personal information (we do not sell personal information)
- Request deletion of personal information
- Not be discriminated against for exercising these rights
7.4 How to Exercise Your Rights
To exercise any of these rights:
- Email us at [email protected]
- Use the data export feature in the extension settings
- Contact us through the support system in your dashboard
8. Data Retention and Deletion
8.1 Retention Periods
- Account data - Retained while your account is active, deleted 30 days after account deletion request
- Lead data - Stored locally until you delete it; cloud backups retained for 90 days after deletion
- Usage analytics - Aggregated and anonymized after 12 months
- Payment records - Retained for 7 years for legal/tax compliance
- Support tickets - Retained for 2 years after resolution
8.2 Account Deletion
When you delete your account:
- Your account data is marked for deletion immediately
- Data is permanently deleted from our servers within 30 days
- Backups are purged within 90 days
- Local extension data remains until you uninstall the extension
- Data shared with third-party integrations must be deleted through those services
9. International Data Transfers
We operate globally using Cloudflare's infrastructure. Your data may be processed in:
- United States
- European Union
- Other countries where Cloudflare operates
We rely on Standard Contractual Clauses and other appropriate safeguards for international transfers from the EU/EEA.
10. Children's Privacy
MyFBleads is not intended for use by anyone under 18 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately at [email protected].
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Posting the updated policy on this page
- Updating the "Last updated" date
- Sending an email notification for significant changes
- Showing a notice in the extension for major changes
Your continued use of MyFBleads after changes constitutes acceptance of the updated policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices:
For data protection inquiries, we aim to respond within 30 days. For urgent security concerns, please include "URGENT" in your email subject line.