Privacy Policy — Effective March 6, 2026

Legal Documentation

Privacy Policy
Palm Paradise Insights

How we collect, use, and protect your data — and how we comply with Meta's Platform Terms for our social media management services.

📅 Effective: March 6, 2026 🔄 Last Updated: March 6, 2026 ✉️ Contact: privacy@palmparadiseinsights.com
This Privacy Policy applies to Palm Paradise Insights and its social media management platform (the "Platform"), including all related applications, services, APIs, and integrations — including those connecting to Meta Platforms (Instagram, Facebook, and WhatsApp). It governs how we collect, use, disclose, and protect personal data from our clients, end users, and individuals whose data is processed through our Platform.

§ 01 Who We Are

Palm Paradise Insights ("Palm Paradise Insights," "we," "us," or "our") is a technology and product-building consultancy headquartered in the United States. Our Platform enables business clients ("Clients") to manage, schedule, publish, and analyze content across their Meta-owned social media accounts, including Instagram, Facebook Pages, Facebook Groups, and WhatsApp Business accounts.

In our capacity as a technology provider acting on behalf of Clients, Palm Paradise Insights functions as a data processor or service provider with respect to data that Clients control. In other respects — such as our own business operations and Platform analytics — we act as a data controller. Where relevant, this Policy distinguishes between these roles.

  • Website: palmparadiseinsights.com
  • Privacy Email: privacy@palmparadiseinsights.com

§ 02 Scope of This Policy

This Policy applies to:

  • Clients who access or use the Platform under a service agreement with Palm Paradise Insights;
  • End users of Client-operated social media accounts whose data may be accessed through Meta Platform APIs;
  • Visitors to our website at palmparadiseinsights.com and any related subdomains; and
  • Any individual whose personal data is processed in connection with our services.

This Policy covers all applications, tools, and services operated by Palm Paradise Insights, including integrations with Meta's Graph API, Instagram Graph API, WhatsApp Business API, and any other Meta Platform SDKs or APIs. It is not limited to data processed solely on our website.

§ 03 Data We Collect

3.1 Data You Provide Directly

When Clients register for or use our Platform, we may collect:

  • Account registration data: name, business name, email address, phone number, and billing information;
  • Authentication credentials: OAuth tokens obtained through Meta's login flows (stored securely; passwords are never stored in plaintext);
  • Client content: social media posts, captions, images, videos, and other materials submitted for scheduling or publication;
  • Support communications: messages, emails, or correspondence with our team; and
  • Survey and feedback data: optional information provided in response to surveys or product feedback requests.

3.2 Data Collected Automatically

When Clients and authorized users access our Platform, we may automatically collect:

  • Device and browser information: device type, operating system, browser type and version;
  • Usage data: pages viewed, features accessed, session duration, and click-stream activity;
  • Log data: IP addresses, access timestamps, error logs, and referrer URLs;
  • Cookies and similar technologies: session identifiers, preference cookies, and analytics identifiers (see Section 9); and
  • API activity logs: records of API calls made to and from Meta Platforms on behalf of Clients.

3.3 Meta Platform Data

In the course of providing our social media management services, we access Meta Platform Data through Meta's APIs solely on behalf of and as authorized by our Clients. This may include:

  • Facebook Page data: page name, category, follower counts, insights/analytics, and published posts;
  • Instagram Professional Account data: account name, username, follower counts, media objects, comments, mentions, and basic analytics;
  • WhatsApp Business data: business profile information, message templates, and messaging analytics (message content is not stored by Palm Paradise Insights beyond transient processing);
  • User engagement data: likes, comments, shares, and reach metrics associated with Client-managed content;
  • Audience analytics: aggregate and anonymized demographic insights provided by Meta (not individually identifiable); and
  • User identifiers: platform-specific user IDs (e.g., Page-Scoped User IDs) returned by Meta APIs, as permitted by Meta's Platform Terms.
Palm Paradise Insights does not use Meta Platform Data to build or augment individual user profiles for advertising or profiling purposes. We do not sell, lease, or share Meta Platform Data with third parties except as strictly required to provide services to Clients and as permitted under Meta's Platform Terms and applicable law.

3.4 Data About End Users of Client Accounts

When our Clients manage their social media presence through our Platform, we may incidentally process data about individuals who interact with Client accounts (e.g., commenters, message senders). We process such data only as necessary to provide the contracted services. Clients are responsible for ensuring they have appropriate legal bases for processing such data and for maintaining their own privacy notices directed to their end users.

§ 04 How We Use Data

We use personal data only as clearly described below and only in ways consistent with this Policy.

4.1 To Provide and Operate the Platform

  • Authenticating Clients and managing account access;
  • Connecting to Meta APIs on behalf of Clients to publish, schedule, and manage social content;
  • Displaying analytics and reporting dashboards to Clients;
  • Processing and delivering scheduled posts and messages; and
  • Providing customer support and responding to inquiries.

4.2 To Improve Our Services

  • Analyzing aggregated, de-identified usage patterns to improve Platform features and reliability;
  • Conducting internal research and development; and
  • Identifying and resolving technical issues and errors.

4.3 To Fulfill Legal and Contractual Obligations

  • Complying with applicable laws, regulations, and legal processes;
  • Enforcing our Terms of Service and other agreements;
  • Detecting, preventing, and responding to fraud, security incidents, or policy violations; and
  • Notifying Clients of data subject rights requests communicated to us by Meta or received directly.

4.4 To Communicate With You

  • Sending transactional emails (e.g., account confirmations, receipts, security alerts);
  • Sending Platform updates, feature announcements, and maintenance notices; and
  • Sending optional marketing communications to Clients who have opted in (opt-out available at any time).

We do not use Meta Platform Data for any purpose other than providing the services our Clients have requested, and we do not use such data to deliver targeted advertising to end users of Meta platforms.

§ 05 Legal Basis for Processing

Where applicable law requires a legal basis for processing personal data (including under GDPR for EEA/UK residents), we rely on the following:

  • Contract performance: processing necessary to fulfill our agreement with Clients (e.g., providing the Platform);
  • Legitimate interests: processing necessary for our legitimate business interests (e.g., improving our services, fraud prevention), where such interests are not overridden by individuals' rights;
  • Legal obligation: processing required to comply with applicable law or respond to lawful government requests; and
  • Consent: where required by law (e.g., for optional marketing communications or certain cookie placements), we obtain prior consent that can be withdrawn at any time.

§ 06 User Consent & Meta Platform Permissions

Before our Platform accesses any Meta account on behalf of a Client, we obtain explicit, informed authorization from the Client through Meta's standard OAuth consent flow. This process clearly presents the specific permissions (scopes) being requested and the purpose for each.

We request only the minimum permissions necessary to deliver the contracted services. We do not request permissions that are not required for Platform functionality. Clients may revoke our access at any time through their Meta account settings or by contacting us at privacy@palmparadiseinsights.com.

Where our Clients use our Platform to communicate with or collect data from their own end users (e.g., via WhatsApp Business messaging), Clients are responsible for obtaining valid consent from those end users and for disclosing data practices in their own privacy notices.

§ 07 Data Sharing & Disclosure

We do not sell personal data. We share data only as described below.

7.1 Service Providers

We engage trusted third-party vendors to assist in operating the Platform (e.g., cloud infrastructure providers, payment processors, analytics services). These vendors are contractually obligated to use data only to perform services on our behalf, maintain appropriate security safeguards, and comply with applicable privacy laws and this Policy. We maintain a current list of key sub-processors and make it available to Clients upon request.

7.2 Clients

As a technology provider, we share data with Clients to the extent necessary for them to receive the contracted services. Clients determine the purposes and means of processing their own Client content and social data.

7.3 Meta Platforms

Data is shared with Meta only as required to execute API calls authorized by Clients (e.g., publishing a post or retrieving analytics). Such sharing is governed by Meta's own terms and privacy policy.

7.4 Legal and Regulatory Disclosures

We may disclose data if required to do so by law, court order, or governmental authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Palm Paradise Insights, our Clients, or the public.

7.5 Business Transfers

In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal data may be transferred to the successor entity, subject to at least equivalent privacy protections.

§ 08 Data Security

Palm Paradise Insights maintains administrative, physical, and technical safeguards appropriate to the sensitivity of the data we process. Our security measures include:

  • Encryption of data in transit using TLS 1.2 or higher;
  • Encryption of sensitive data at rest using AES-256 or equivalent;
  • Secure storage and handling of OAuth access tokens (tokens are never logged in plaintext);
  • Role-based access controls and multi-factor authentication for internal systems;
  • Regular security assessments, vulnerability scanning, and penetration testing;
  • Incident response procedures, including prompt notification to affected Clients and relevant authorities as required by applicable law; and
  • Employee training on data protection and security best practices.

If we experience a security incident that compromises user data, we will take immediate remedial action and notify affected Clients and applicable regulators in accordance with applicable legal requirements and Meta's incident reporting obligations.

§ 09 Cookies & Tracking Technologies

We use cookies and similar technologies on our website and Platform for authentication, security, and analytics:

  • Essential cookies: required for authentication, session management, and Platform security;
  • Analytics cookies: used to understand how Clients use the Platform (e.g., Google Analytics, configured with IP anonymization); and
  • Preference cookies: used to remember user settings and preferences.

We do not use cookies to track users across unaffiliated third-party websites for advertising purposes. Users may control cookies through their browser settings; however, disabling essential cookies may impair Platform functionality. Where required by law, we obtain consent prior to placing non-essential cookies.

§ 10 Data Retention & Deletion

10.1 Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law:

  • Client account data: retained for the duration of the service agreement and up to 90 days following account termination, then deleted or anonymized;
  • Meta Platform Data: retained only for as long as necessary to provide the contracted services; not retained beyond operational necessity;
  • Log and usage data: typically retained for 12 months for security and debugging purposes; and
  • Financial records: retained as required by applicable tax and accounting laws (typically 7 years).

10.2 Data Deletion

We delete personal data — and require our service providers to delete personal data — without undue delay when:

  • A user or Client account is terminated or deactivated;
  • A Client requests deletion of their data;
  • Data is no longer necessary for the purposes for which it was collected;
  • Deletion is required by applicable law; or
  • Deletion is requested by Meta in accordance with Meta's Platform Terms.

Clients or individuals wishing to request deletion of personal data may contact us at privacy@palmparadiseinsights.com. We will respond to verifiable deletion requests within the timeframe required by applicable law (e.g., 45 days under CCPA; 30 days under GDPR).

§ 11 Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: the right to request a copy of the personal data we hold about you;
  • Correction: the right to request correction of inaccurate or incomplete data;
  • Deletion: the right to request erasure of your personal data, subject to certain exceptions;
  • Portability: the right to receive your data in a structured, machine-readable format;
  • Restriction: the right to request that we restrict processing in certain circumstances;
  • Objection: the right to object to processing based on legitimate interests or for direct marketing;
  • Withdrawal of consent: where processing is based on consent, the right to withdraw at any time without affecting prior lawful processing; and
  • Non-discrimination: the right not to receive discriminatory treatment for exercising your privacy rights.

To exercise any of these rights, contact us at privacy@palmparadiseinsights.com. We will verify your identity before processing your request and respond within the timeframe required by applicable law. If you are unsatisfied with our response, you have the right to lodge a complaint with a supervisory authority in your jurisdiction.

Palm Paradise Insights will notify Clients of any data subject rights requests received from Meta or from individuals relating to data processed on Clients' behalf, as required under Meta's Platform Terms.

§ 12 International Data Transfers

Palm Paradise Insights is based in the United States. If you are accessing our Platform from the European Economic Area (EEA), the United Kingdom, Switzerland, or other jurisdictions with data transfer restrictions, your personal data may be transferred to and processed in the United States or other countries.

We ensure that such transfers are subject to appropriate safeguards, which may include:

  • Standard Contractual Clauses (SCCs) as approved by the European Commission;
  • The EU-U.S. Data Privacy Framework or equivalent mechanisms; or
  • Other legally recognized transfer mechanisms as applicable.

§ 13 Children's Privacy

Our Platform is a business-to-business service not directed to individuals under 18 years of age. We do not knowingly collect personal data from children under 13 (or the applicable age of digital consent in the relevant jurisdiction). If we learn that we have inadvertently collected such data, we will delete it promptly. Clients must ensure that their use of the Platform does not result in the collection of data from minors in violation of the Children's Online Privacy Protection Act (COPPA) or equivalent laws.

§ 14 Compliance with Meta Platform Terms

Our use of Meta APIs and Platform Data is governed by Meta's Platform Terms and Developer Policies. In accordance with those terms, we affirm the following:

  • We access and process Meta Platform Data only as necessary to provide services to Clients who have authorized such access;
  • We do not use Meta Platform Data to build or augment user profiles for advertising or marketing purposes;
  • We do not sell, license, or otherwise transfer Meta Platform Data to third parties;
  • We do not use Meta Platform Data in any manner inconsistent with Meta's Platform Terms or applicable law;
  • We maintain appropriate security safeguards for all Meta Platform Data;
  • We delete Meta Platform Data when it is no longer necessary to provide the authorized services or when requested by Meta or the relevant data subject;
  • We will notify Clients of any data subject rights requests communicated by Meta relating to Client-controlled data; and
  • Our privacy policy is publicly accessible, hosted on a non-geo-blocked URL with a valid HTTPS certificate, and accessible by Meta's web crawlers.
This Policy is consistent with and no less protective than Meta's Platform Terms with respect to Meta Platform Data. Palm Paradise Insights does not process Meta Platform Data in any manner that supersedes, modifies, or conflicts with Meta's policies.

§ 15 Third-Party Links & Integrations

Our Platform may contain links to third-party websites or integrate with third-party services (such as CRM platforms or analytics tools). We are not responsible for the privacy practices of third parties. We encourage Clients to review the privacy policies of any third-party services they use in connection with our Platform.

§ 16 California Privacy Rights (CCPA / CPRA)

California residents have the following rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • The right to know what personal information is collected, used, shared, or sold;
  • The right to delete personal information, subject to certain exceptions;
  • The right to correct inaccurate personal information;
  • The right to opt out of the sale or sharing of personal information (we do not sell personal information);
  • The right to limit the use of sensitive personal information; and
  • The right not to be discriminated against for exercising privacy rights.

We do not sell personal information as defined under CCPA/CPRA. To submit a verifiable consumer request, contact us at privacy@palmparadiseinsights.com or at the mailing address listed in Section 1.

§ 17 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal requirements. We will post the updated Policy at this URL with an updated "Last Updated" date. Where changes are material, we will provide Clients with prior notice via email or through the Platform.

Continued use of the Platform following notice of changes constitutes acceptance of the updated Policy. If you do not agree to the updated Policy, you should discontinue use of the Platform and contact us to terminate your account.

§ 18 Contact Us

For questions, requests, or concerns about this Privacy Policy or our data practices, please reach out:

Palm Paradise Insights

privacy@palmparadiseinsights.com
palmparadiseinsights.com

If you are a Client acting as a Tech Provider managing data on behalf of your own clients, please notify us of any data subject rights requests or regulatory inquiries you receive relating to data processed through our Platform, so we may assist you in responding in a timely manner.