Privacy Policy
This Privacy Policy describes how the One Daydream Campaign Reporter ("the app", "we", "our", "us") collects, uses, stores, and protects information when you connect your Facebook or Meta business assets to the app.
1. What data we collect
When you authorise the app via Facebook Login, we access campaign and ad data through the Meta Marketing API. This includes:
- Ad account, campaign, ad set, and ad metadata (names, IDs, status, schedule)
- Performance metrics (impressions, reach, clicks, spend, conversions, frequency, CPM, CPC, CTR)
- Audience and placement breakdowns where you have permission to view them
- Page and business identifiers needed to scope the data to assets you own
We do not collect your Facebook password, private messages, friends list, or any personal data unrelated to advertising performance.
2. How we use your data
We use the data solely to generate campaign performance reports for the account owner who authorised the connection. Reports may include charts, tables, and AI-assisted summaries derived from the metrics listed above. Reports are delivered only to the account owner and any recipients they explicitly choose to share a report link with.
3. How we store and secure your data
- Data is transmitted between Meta and the app over HTTPS (TLS 1.2+).
- Data is stored on infrastructure hosted by DigitalOcean in Sydney, Australia.
- Access tokens issued by Meta are stored encrypted at rest and used only by the server component of the app.
- Administrative access to the app's backend requires authenticated, role-based login with hashed passwords (no plaintext storage).
- We retain campaign data only as long as needed to generate and serve reports for the account owner. Tokens can be revoked by you at any time.
4. We do not sell or share your data with third parties
We do not sell, rent, or otherwise share your Meta data with third parties for advertising, analytics aggregation, or any other purpose. The only third-party services involved in operation of the app are infrastructure providers strictly necessary to deliver the service (e.g. DigitalOcean for hosting, Resend for transactional email, Anthropic for AI summary generation), and they process data only under contractual confidentiality obligations and only on our instruction.
5. Your right to request deletion
You can request deletion of all data the app holds about you at any time. See the Data Deletion Instructions page for the request procedure. We will process and confirm deletion within 30 days.
You may also revoke the app's access to your Meta data at any time from your Facebook account's Settings → Business Integrations page; doing so prevents any further data collection.
6. Changes to this policy
We may update this policy as the app evolves. Material changes will be reflected in the "Last updated" date above.
7. Contact
For privacy questions or requests: dale.corrigan@blss.com.au
See also the Terms of Service and Data Deletion Instructions.