Meta (Facebook) API usage

01What Ma Belle Note does with your Facebook account

When you connect your Facebook account to Ma Belle Note, the product accesses the Facebook Business Page(s) you administer to perform, on your behalf and with your explicit authorization, two strictly scoped operations:

• List the Pages your account administers, so you can pick the ones you want to operate inside Ma Belle Note.
• Read the Recommendations posted on the selected Pages, along with the related visitor content (comments tied to a Recommendation), to display them in your private dashboard and generate copyable reply drafts.

No other operation is performed. We do not publish anything on your Page, we do not reply to any review from inside the application, we do not modify or delete any content, we send no reactions, no mentions, no advertising, no private messages, and we do not touch the settings of your personal account or your Page.

When you wish to reply to a Recommendation, Ma Belle Note provides you with a one-click copyable reply draft and a deep link to Facebook; you post the reply yourself, manually, from Facebook.

02Which scopes are requested and why

pages_show_list

Strictly required to list the Pages your Facebook account administers, so that you can select which ones to connect to Ma Belle Note. Without this scope, we cannot present you with a list of choices.

pages_read_engagement

Strictly required to read the public Recommendations posted on the Page(s) you have chosen to connect (binary "Recommends" / "Does not recommend" sentiment plus free text where present). This scope is the foundation of the product on the Facebook side: without it, no Recommendation can be centralized.

pages_read_user_content

Strictly required to read content posted by visitors on your Page when it is tied to a Recommendation (explanatory comments, reply mentions). This scope allows Ma Belle Note to analyze the full context of a Recommendation, extract themes for AI Highlights, and generate a relevant reply draft.

03How your consent is obtained

The Facebook Login for Business authorization flow is never triggered in the background. It only runs when you explicitly click "Connect my Facebook Page" inside the application.

Before the Meta consent screen appears, Ma Belle Note shows you an in-app explanation listing the two operations that will be performed on your behalf: read your Page's Recommendations and read the related visitor comments. You then grant access on Meta's official consent screen, which lists the requested scopes and the Pages concerned.

You retain full control over which Pages you connect — you can connect a single Page among several, or disconnect each Page individually from Location Settings.

04Compliance with the Meta Platform Terms

• Strict read-only: no publication, no comment, no reaction, no write action is ever sent to Facebook from Ma Belle Note. The only scopes requested are read scopes (`pages_show_list`, `pages_read_engagement`, `pages_read_user_content`).
• No third-party programmatic access: only authenticated owners of a Page can see their own data through their own session in the product. We do not expose API access to third parties through our Meta App, and we do not resell or redistribute the content.
• Proportionate storage: Recommendation data is stored only for as long as strictly necessary to provide the Service (throughout the connection). On voluntary disconnection, on revocation from Facebook, or on subscription termination, historical Recommendations remain visible for 30 days to allow export, then are purged.
• Prompt deletion on request: a Data Deletion Callback is exposed in production. Upon receipt of a Meta-issued request, Ma Belle Note purges the associated data within a maximum of 30 days and confirms the deletion to Meta (see the dedicated section below).
• Strict authorization scope: we only operate on Pages your Facebook account is authorized to administer. No HTML scraping, no access to third-party Pages, no Page ID guessing.
• No prohibited operations: we do not create, modify, or delete Recommendations left by visitors. We send no automatic notifications to visitors or to the merchant's friends, we trigger no advertising, and we never read the merchant's personal social graph (friends, groups, private messages).
• Annual Data Use Checkup: every year we renew the data-use justification with Meta in line with the Platform Terms.

05How to revoke access

You can stop Ma Belle Note's access to your Facebook account at any time, through three independent channels:

1. From your Ma Belle Note settings: open Location Settings → Review sources and click "Disconnect" on the relevant Page. The tokens we store are immediately deleted.
2. From your Facebook account: Settings & privacy → Settings → Apps and websites → Ma Belle Note → Remove. Access is immediately revoked on Meta's side.
3. Automatically via the Meta Data Deletion Callback: whenever you revoke Ma Belle Note from Facebook, Meta automatically notifies our Service via a public callback URL. Upon receipt, we purge the associated data within a maximum of 30 days and confirm deletion to Meta with a verifiable tracking identifier.

Revocation immediately stops synchronization. Historical Recommendations already imported into Ma Belle Note remain accessible for 30 days to allow export, then are purged unless the connection is re-established in the meantime.

06Token storage and security

• Page access tokens (long-lived, ~60-day lifetime) are encrypted at rest in our database.
• They are never exposed to the browser, never sent to a third party, never included in an email or a log.
• Only backend services strictly required for syncing can decrypt them, for the duration of a single API call.
• Token renewal is performed automatically server-side before expiry. On failure (revoked token, deleted Page, lost admin rights), we stop synchronization and prompt you to reconnect your Page.
• A revocation on Facebook's side automatically triggers the deletion of the tokens on our side, either via the Data Deletion Callback or at the next failed call.

07Data processed

The data accessible through the scopes above and actually processed by Ma Belle Note is strictly the following:

• Identifier and name of the Pages you administer (only those you choose to connect).
• Public Recommendations posted on those Pages: binary sentiment ("Recommends" / "Does not recommend"), free text where present, publication date.
• Author as publicly displayed on Facebook (name, public profile picture) — we do not access any private data from the profile.
• Visitor comments explicitly tied to a Recommendation (where they exist), for contextual analysis.
• Technical identifiers (Page ID, Recommendation ID) required for traceability and uniqueness of each review.

No data from your personal social graph (friends, groups, events, private messages, personal photos, posts unrelated to Recommendations) is read, stored, or analyzed.

08AI sub-processing of Recommendation content

The text of a Recommendation may be transmitted to an AI model provider (Anthropic or OpenAI, listed in DPA Schedule 3) to generate a reply draft, detect sentiment, and extract themes (AI Highlights). These transmissions occur within the framework of the sub-processors already authorized in the DPA, are governed by Standard Contractual Clauses (SCCs) when they involve a transfer outside the EU, and never give rise to model training on your data (no-training).

09Contact

For any question regarding this Meta API usage or to report a concern, please contact us at [email protected]. We respond within 5 business days.

This page is updated whenever our Meta integration changes. Any significant evolution (new scope, new operation, change in storage, addition of Instagram) will be reflected here and, if necessary, undergo a new Meta App Review.