Data Security & Privacy: Your Questions Answered

Your lead data is stored locally in your browser using Chrome's secure local storage. This means your data stays on your device by default. Optional cloud sync (for multi-device access or backup) uses encrypted storage on secure servers. You control whether data stays local or syncs to the cloud.

No, never. MyFBleads is a browser extension that adds functionality to Facebook's interface - it does not require your Facebook login credentials, does not store your password, and cannot access your Facebook account. The extension only interacts with what you can already see on screen.

Yes. All data transmitted between your browser and our servers uses TLS 1.3 encryption (the same security banks use). Cloud-synced data is encrypted at rest. Session tokens are cryptographically secure random values. We follow industry best practices for data protection.

Yes, you have full control. Export all your leads anytime via Settings → Import/Export as a JSON or CSV file. To delete your data, you can clear local storage from your browser, request account deletion from Settings, or contact support. We process deletion requests promptly.

Yes. We comply with GDPR, CCPA, and other privacy regulations. You own your data, can access it anytime, request corrections, or request deletion. We only collect data necessary to provide the service, don't sell personal information to third parties, and provide clear privacy policies.

For your account: email address and name (for login and support). For the service: leads you choose to capture (names, profile URLs, notes, tags). We also collect anonymous usage analytics to improve the product. We do not access your Facebook messages, friends list, or private information.

No. We never sell, rent, or share your personal data or lead information with third parties for marketing purposes. Your lead list is your business asset. We only share data with service providers necessary to run the platform (like cloud hosting), and they're bound by strict confidentiality agreements.

Your local data remains in your browser until you choose to delete it. Cloud-synced data is retained for 30 days after cancellation (so you can reactivate and recover it), then permanently deleted. You can export everything before canceling to keep a copy.

We implement multiple security layers: encrypted data transmission (TLS 1.3), encrypted data storage, rate limiting on all API endpoints, secure session management with automatic expiration, input validation to prevent injection attacks, and regular security audits. We follow OWASP security guidelines.

Team features let you control visibility. By default, leads are private to each user. Admins can enable team sharing where specified leads or pipelines are visible to the team. You control what's shared and what stays private.