Privacy Policy
This Privacy Policy describes how Nexus ("we", "the App") collects, uses, stores, and shares information when authorized team members operate Facebook Pages through the App. Nexus is an internal-use tool intended for the operating team that owns or administers the Facebook Pages connected to it.
1. Information we collect
1.1 Information from Facebook
When an authorized operator connects a Facebook Page to Nexus, we receive the following data through Facebook's Graph API, scoped to the permissions granted by the operator:
| Permission | Data received |
|---|---|
public_profile | Operator's Facebook user ID, name, profile picture (default public fields) |
pages_show_list | List of Pages the operator administers (Page ID, name, category) |
pages_read_engagement | Page metadata (fan count, cover image, verification status), reactions, basic engagement metrics |
pages_read_user_content | Posts published on the Page, comments by visitors, ratings, and associated public commenter information (commenter name, ID, comment text) |
pages_manage_posts | Used to create, edit, and delete posts on the Page (does not provide additional data on its own) |
pages_manage_engagement | Used to reply to or moderate comments (no additional data collected) |
pages_manage_metadata | Page settings; webhook subscription metadata for the Page |
pages_messaging | Messenger conversation summaries and participant identifiers (only when this feature is enabled) |
read_insights | Aggregated analytics for the Page and posts (impressions, reach, clicks, engagements) |
Nexus does not request advertising or business-management permissions, and does not access ads accounts.
1.2 Information we collect ourselves
- Account information: username and hashed password used to log into Nexus, role assignment, and authorization tokens.
- Operational logs: limited audit logs (action, timestamp, operator ID) used for troubleshooting and security.
2. How we use the information
- Display Page analytics dashboards to authorized operators.
- Generate daily content suggestions using an AI model based on aggregated, non-personal Page metrics (see Section 4).
- Allow operators to create, edit, and publish content to the Pages they administer.
- Allow operators to view and reply to comments and Messenger conversations on the Pages they administer.
- Maintain audit logs for security and compliance.
We do not use the data for advertising, profiling of visitors, or selling to third parties.
3. Storage and security
- Data is stored in a self-hosted PostgreSQL database operated by the team.
- Page Access Tokens are stored encrypted at rest within the database.
- Network access to the storage layer is restricted to the application servers; the database is not exposed to the public internet.
- Authentication uses session tokens. Operator passwords are stored as salted hashes; we never store plaintext passwords.
4. AI / third-party processors
Nexus uses an AI service to generate daily content suggestions. The provider, scope of data shared, and processing location are disclosed below:
| Provider | Purpose | Data sent | Region |
|---|---|---|---|
| Zhipu AI (智谱 GLM) | Generating daily Page operation suggestions | Aggregated Page-level metrics and short text excerpts (e.g., headline counts, top-performing post types). We do not send raw visitor comments, commenter names, or commenter Facebook IDs to the AI provider. | People's Republic of China |
If you are concerned about cross-border transfer, please note that the AI suggestion feature can be disabled by the operator at the Page level; in that case no Page data is sent to the AI provider.
Other infrastructure providers (database hosting, deployment) only handle data in transit or at rest as part of standard hosting and do not access Page content for their own purposes.
5. Data retention
- Page content (posts, comments, insights): retained for as long as the Page remains connected to Nexus, plus up to 90 days after disconnection, after which the data is purged.
- Operator account data: retained while the account is active; deleted within 30 days of account closure.
- Audit logs: retained for up to 12 months for security purposes.
6. Your rights and choices
You have the right to:
- Access the data Nexus holds about you or about a Page you administer.
- Correct inaccurate information.
- Request deletion of your data (see Data Deletion Instructions).
- Withdraw the Facebook permissions granted to Nexus at any time via your Facebook account settings: facebook.com/settings/business_tools. Withdrawal stops further data collection but does not retroactively delete data already received; for that, submit a deletion request.
7. Children
Nexus is not intended for use by children under 13. We do not knowingly collect data from children. If you believe a child's data has been collected, please contact us so we can remove it.
8. Changes to this policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top will reflect any changes. Material changes will be communicated to authorized operators via the in-app notice.
9. Contact
For privacy questions or to exercise your rights, email guyue1592@gmail.com. We will respond within a reasonable timeframe, typically within 7 business days.
隐私政策
本隐私政策说明 Nexus("本应用")在授权团队成员通过本应用运营 Facebook 主页时,如何收集、使用、存储与共享信息。Nexus 是一款仅供内部使用的工具,仅供拥有或管理所连接 Facebook 主页的运营团队使用。
1. 我们收集的信息
1.1 来自 Facebook 的信息
当授权运营人员将 Facebook 主页连接到 Nexus 时,我们将通过 Facebook Graph API 接收以下数据,范围以运营人员授予的权限为准:
| 权限 | 接收的数据 |
|---|---|
public_profile | 运营人员的 Facebook 用户 ID、姓名、头像(默认公开字段) |
pages_show_list | 运营人员管理的主页列表(主页 ID、名称、分类) |
pages_read_engagement | 主页元数据(粉丝数、封面、认证状态)、反应、基本互动指标 |
pages_read_user_content | 主页发布的帖子、访客评论、评分及相关公开评论者信息(评论者姓名、ID、评论内容) |
pages_manage_posts | 用于在主页创建、编辑、删除帖子(本身不提供额外数据) |
pages_manage_engagement | 用于回复或管理评论(不收集额外数据) |
pages_manage_metadata | 主页设置;主页 Webhook 订阅元数据 |
pages_messaging | Messenger 会话摘要及参与者标识(仅在启用该功能时) |
read_insights | 主页与帖子的聚合分析数据(展示量、覆盖、点击、互动) |
Nexus 不申请广告或商务管理类权限,也不访问广告账户。
1.2 我们自行收集的信息
- 账户信息:登录 Nexus 使用的用户名与密码哈希、角色分配、授权令牌。
- 操作日志:少量审计日志(操作内容、时间戳、操作者 ID),用于排错与安全。
2. 我们如何使用这些信息
- 向授权运营人员展示主页分析仪表板。
- 使用 AI 模型基于聚合、非个人化的主页指标生成"今日运营建议"(见第 4 节)。
- 允许运营人员对其管理的主页创建、编辑、发布内容。
- 允许运营人员查看与回复其管理主页上的评论与 Messenger 会话。
- 维护审计日志以保障安全与合规。
我们 不会 将数据用于广告投放、对访客进行画像,或出售给第三方。
3. 存储与安全
- 数据存储于团队自行运维的 PostgreSQL 数据库。
- Page Access Token 在数据库中加密存储。
- 存储层网络访问仅限应用服务器,数据库不对公网暴露。
- 认证使用会话令牌;运营人员密码以加盐哈希形式存储,绝不存储明文密码。
4. AI / 第三方处理者
Nexus 使用 AI 服务生成"今日运营建议"。下面披露提供商、共享数据范围与处理地区:
| 提供商 | 用途 | 共享数据 | 地区 |
|---|---|---|---|
| 智谱 AI(Zhipu GLM) | 生成"今日运营建议" | 聚合后的主页级指标与简短文本片段(如标题计数、表现最佳的帖子类型)。我们不会将原始访客评论、评论者姓名、评论者 Facebook ID 发送给 AI 提供商。 | 中华人民共和国境内 |
如对跨境数据传输有顾虑,运营人员可在主页层面禁用 AI 建议功能,禁用后将不会有任何主页数据被发送给 AI 提供商。
其他基础设施提供商(数据库托管、部署平台)仅作为标准托管的一部分接触静态或传输中的数据,不会将主页内容用于自身目的。
5. 数据保留
- 主页内容(帖子、评论、分析):在主页连接 Nexus 期间持续保留;解除连接后保留最多 90 天,到期清除。
- 运营账户数据:账户激活期间保留;账户关闭后 30 天内删除。
- 审计日志:出于安全目的最长保留 12 个月。
6. 您的权利与选择
您有权:
- 访问 Nexus 持有的与您本人或您管理的主页相关的数据。
- 更正不准确的信息。
- 请求删除您的数据(见 数据删除说明)。
- 随时通过 Facebook 账户设置撤销授予 Nexus 的权限:facebook.com/settings/business_tools。撤销将停止后续数据收集,但不会自动删除已收集数据;如需删除,请提交删除请求。
7. 未成年人
Nexus 不面向 13 岁以下儿童。我们不会主动收集儿童数据。如您发现存在儿童数据,请联系我们移除。
8. 政策变更
我们可能不定期更新本隐私政策。顶部 "最后更新" 日期会反映任何变更。重大变更会通过应用内通知告知授权运营人员。
9. 联系我们
有关隐私问题或行使您的权利,请发送邮件至 guyue1592@gmail.com。我们将在合理时间内(通常 7 个工作日内)回复。