Legal

Privacy Policy

Last updated: February 2026

Hermez ("we", "us", or "our") is committed to protecting your privacy. This policy explains what data we collect, why we collect it, and how you can control it.

1. Data We Collect

When you connect your Facebook account to Hermez, we receive and store the following data from Facebook Login:

  • Your Facebook User ID (a numeric identifier assigned by Facebook)
  • Your name and profile picture URL as shown on Facebook
  • A Facebook access token that allows Hermez to call the Graph API on your behalf
  • The Facebook Pages you manage (Page ID, name, Page access token, and Page picture)

We also collect standard account information such as your email address and a hashed password if you register directly.

2. What We Do Not Store

Hermez does not store Facebook Messenger conversations or message content in our database. Every conversation and message you view in Hermez is fetched live from the Facebook Graph API at the moment you request it and is never written to our servers.

3. How We Use Your Data

  • Authentication: Your Facebook UID and access token authenticate you and authorize API calls to your Pages.
  • Service delivery: Page tokens are used to retrieve conversations and send messages on your behalf via the Graph API.
  • Display: Your name and profile picture are shown inside the Hermez interface for identification purposes only.

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

4. Facebook Platform Policies

Hermez uses Facebook Login and the Graph API under Facebook's Platform Policies. Data received through these APIs is used only as permitted by those policies and only to provide the Hermez service to you.

5. Data Retention

Your data is retained for as long as your account remains active. You can disconnect Hermez from your Facebook account at any time via Facebook's App Settings, which triggers automatic deletion of your Facebook data from our servers. You may also delete your Hermez account entirely by contacting us.

6. Data Deletion

See our Data Deletion page for full details on how to remove your data.

7. Security

Access tokens are stored encrypted at rest. We use HTTPS for all data in transit. We limit access to personal data to authorized personnel only.

8. Children's Privacy

Hermez is not directed at children under 13. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy periodically. Continued use of Hermez after changes constitutes acceptance of the updated policy. We will note the "Last updated" date at the top of this page.

10. Contact

Questions about this Privacy Policy? Contact us at privacy@hermez.app.