Privacy Policy
Last updated: May 2026
1. What We Collect
FbDelete uses a two-step sign-in. Step 1: creating a FbDelete account stores your name, email address, and a bcrypt-hashed password (never in plain text). Step 2: connecting Facebook stores your profile picture URL and an AES-encrypted Facebook access token. We do not collect or store your Facebook password, Messenger message content, or any data beyond what is necessary to operate the service.
2. How We Use Your Data
Your data is used solely to: authenticate you to your FbDelete account, confirm your connected Facebook identity, display your account in the dashboard, and record your in-app activity log (which actions you took within FbDelete). We do not sell, share, or use your data for advertising.
3. Data Retention
Your data is retained until you delete your account (via the "Delete My Account & Data" button in the dashboard), at which point all records associated with your account are permanently deleted from our database. You can also disconnect Facebook alone at any time while keeping your FbDelete login.
4. Access Tokens
Facebook access tokens are stored encrypted (AES-256) in our database. They are used only to confirm your Facebook connection and are not sent to the browser extension or used to access your messages server-side. Sessions expire after 7 days.
5. Messenger Data & the Browser Extension
FbDelete's servers never access, read, store, or process your Messenger messages. Bulk deletion is performed by an optional, separately-installed browser extension that runs entirely in your own browser: it automates clicks on Facebook's own delete-conversation control, under your own logged-in session. The extension does not transmit message content, contact lists, or conversation data to FbDelete's servers, and does not use any private or undocumented Facebook API.
6. Cookies & Sessions
We use JWT tokens stored in your browser's localStorage to maintain your FbDelete session. No tracking cookies are used.
7. Third Parties
We use Meta's Facebook Login (OAuth 2.0) to verify your Facebook identity. We do not share your data with any other third parties. Our infrastructure is hosted on Vercel (frontend) and Railway (backend/database).
8. Security
We use HTTPS, bcrypt password hashing, encrypted token storage, rate limiting, and short-lived sessions to protect your data.
9. Your Rights
You can disconnect Facebook or delete your account at any time from the dashboard. For any other requests, contact us at privacy@fbdelete.com.
10. Meta Platform Compliance
The FbDelete website uses only official Meta OAuth endpoints, requesting only the "public_profile" permission — we never request access to your messages via the Facebook API. The FbDelete browser extension, however, automates the Facebook/Messenger web interface on your behalf to perform bulk deletions; this is not an official Meta-sanctioned integration, and using it is a choice you make independently of your FbDelete account connection. See our Terms of Service for the associated risks.