Privacy Policy — Smo AlFkr / مركز سمو الفكر
Introduction
Smo AlFkr ("we", "us", "our") operates the website smoalfkr.com and related services (the "Service"). This Privacy Policy explains: what personal data we collect, how we use it, who we share it with, how long we keep it, and how you can exercise your rights. It applies to data collected directly from you and data received from third parties (including Meta/Facebook/Instagram) when you connect accounts.
Controller & Contact
Data Controller: Smo AlFkr / مركز سمو الفكر
Address: [[POSTAL_ADDRESS — CITY, COUNTRY]]
Privacy contact email: [[PRIVACY_EMAIL]]
What information we collect
We collect only the personal data that you consent to provide or that is necessary to operate the Service. Typical categories:
- Directly from you: name, email address, phone number, profile picture, messages, content you upload (images, files).
- From Meta/Facebook/Instagram (when you connect an account): data returned by the permissions you approved. Example permissions we may request (only request what you actually use):
| Permission / Scope | Purpose / data returned |
|---|---|
public_profile, email | Basic profile (name, profile picture), login / contact |
pages_show_list, pages_read_engagement | List pages you manage, read basic page data |
pages_manage_posts, pages_manage_engagement | Create and manage posts on Facebook Pages on your behalf |
leads_retrieval (or leads_access) | Retrieve Facebook Lead Ads submissions to deliver to your CRM |
instagram_basic, instagram_content_publish | Read Instagram Business account basic info and publish content |
Important: Only request and store the exact fields required for your features. During Meta App Review / Data Use Checkup you must list the exact scopes your app requests and show how you use each permission.
Purpose & Lawful Basis for Processing
We use personal data for:
- Providing and operating the Service (account creation, scheduling posts, user settings).
- Publishing content to your connected Facebook/Instagram Pages when you authorize us.
- Retrieving lead form submissions and delivering them to your CRM or workflow.
- Responding to support requests, sending transactional messages (booking confirmations), and complying with legal obligations.
We rely on consent (when you connect a Meta account and approve permissions), contractual necessity (to provide the Service), and legitimate interests (security, fraud prevention) where applicable.
How we share data
We do not sell personal data. We may share data with:
- Third-party service providers (hosting, email, analytics) who process data on our behalf under contract.
- Platforms you connect (e.g., Meta) — only the data required for the integration you authorized.
- Legal or regulatory authorities when required by law.
If we transfer data internationally, we protect transfers with appropriate safeguards (e.g., standard contractual clauses). Contact us for details.
Retention periods
We retain personal data only as long as necessary. Example retention periods (adjust to your operations and local law):
| Data category | Retention |
|---|---|
| Account profile & credentials | While account active + 2 years after deletion |
| Lead form submissions | [[LEADS_RETENTION_MONTHS]] months (or as configured per client) |
| Support messages & attachments | [[SUPPORT_RETENTION_MONTHS]] months |
Adjust these values to match your actual retention policy and legal requirements.
Your rights & choices
Depending on applicable law you may have rights to:
- Access the personal data we hold about you
- Request correction, restriction, or deletion
- Withdraw consent for processing based on consent
- Receive a copy of your data (data portability)
To exercise any rights, contact: [[PRIVACY_EMAIL]]. We will respond within the time required by applicable law.
How to disconnect or delete Meta-connected data
If you connected Facebook/Instagram to our Service:
- Remove our app from Facebook/Instagram: Settings → Apps and Websites on your Facebook account.
- Or ask us to delete any copies of data we received by emailing [[PRIVACY_EMAIL]] with subject: Delete my data.
We will follow Meta's data deletion rules and confirm completion to you. During App Review you should show reviewers where users can find the privacy policy link and how to revoke permissions.
Security
We implement reasonable technical and organizational measures to protect data (encryption in transit, access controls, secure backups). However no system is 100% secure. In case of a data breach we will follow applicable notification rules and inform affected parties when required.
Children
Our Service is not directed to children under [[CHILD_AGE_THRESHOLD — e.g., 13/16]]. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us at [[PRIVACY_EMAIL]] and we will delete it.
Changes to this policy
We may update this Privacy Policy. Material changes will be posted on this page with an updated "Last updated" date and, where appropriate, notified to users by email or via the Service.
Notes for Meta App Review & Data Use Checkup
- The Privacy Policy must be publicly accessible over HTTPS and the URL entered into Meta App Dashboard.
- During App Review, provide a short video demonstrating the flows where users consent to permissions and where the privacy policy link is visible.
- Ensure the policy language exactly matches the permissions your app requests. Do not claim you do not store data if you keep lead copies.
Contact
Privacy contact: [[PRIVACY_EMAIL]]
Postal address: [[POSTAL_ADDRESS — CITY, COUNTRY]]