Legal

Privacy Policy

Effective April 26, 2026

1. Who we are

SENDNXT (“SENDNXT”, “we”, “us”) provides a SaaS platform that lets Facebook Page owners run Messenger broadcasts and sequences, and (where available) send SMS campaigns. This policy explains what personal data we collect when you use our service, why we collect it, how long we keep it, and how you can delete it.

We act as a data controller for information about you, our customer (the Page owner). We act as a data processor for information about the Facebook users who message your Pages — you are the controller for that data.

2. Data we collect

From you (the Page owner)

  • Facebook account profile — your name, email, Facebook user ID, and avatar, returned by Facebook Login when you sign in.
  • Page access tokens — long-lived tokens issued by Facebook for the Pages you connect. Stored encrypted at rest.
  • Page metadata — Page name, category, IDs, and the permissions you have on each Page.
  • Billing and plan data — subscription status, plan tier, trial state, and (if applicable) SMS wallet balance.

From the people who message your Pages

  • Page-scoped IDs (PSIDs), public profile name, avatar, and locale, as returned by the Facebook Messenger Platform.
  • Inbound and outbound message bodies, attachments, timestamps, and delivery state for messages sent through SENDNXT.
  • Opt-out signals(e.g. inbound “stop”) so we can permanently block future sends to that contact.

We do notimport contacts. A contact only exists in SENDNXT after that person has sent your Page an inbound message, as required by Meta's Messenger Platform Policy.

Operational data

  • Server logs (IP, user-agent, request path, timestamps) used for security, abuse prevention, and debugging. Logs exclude tokens, full message bodies, raw Facebook user IDs, and full phone numbers.
  • Cookies strictly necessary to keep you signed in (one HTTP-only session cookie). We do not use third-party advertising cookies.

3. Why we use your data

  • To authenticate you via Facebook Login and keep you signed in.
  • To send Messenger and SMS messages on your behalf, exactly as you instruct.
  • To enforce Meta's 24-hour messaging window, message-tag rules, and opt-out behaviour.
  • To provide analytics, delivery state, and an inbox view of conversations on your Pages.
  • To bill you for your subscription and enforce plan limits.
  • To detect abuse, prevent platform-policy violations, and respond to security incidents.

4. Facebook permissions we request

We request the minimum set of Facebook permissions our features require:

  • public_profile, email — to create your account at sign-in.
  • pages_show_list — to list the Pages you can manage.
  • pages_messaging — to send Messenger messages from a Page you have selected.
  • pages_manage_metadata — to subscribe a Page to webhooks so we receive inbound messages.
  • pages_read_engagement — to read basic Page state needed to operate.

We never request scopes we do not actively use. You can revoke SENDNXT's access at any time from your Facebook settings; doing so will trigger account deletion (see Section 7).

5. How long we keep data

  • Active account data — for as long as your account exists.
  • Messages and contacts — for as long as the connected Page exists in your account, plus up to 30 days for backups.
  • Server logs — up to 30 days, then deleted.
  • Billing records — retained for the period required by applicable tax and accounting law after your account is closed.

6. Who we share data with

We share data only with the providers we need to operate the service:

  • Meta Platforms — to send and receive Messenger messages and to authenticate you.
  • SMS providers (e.g. Twilio, Plivo, or Sinch, depending on your selection) — to deliver SMS you send.
  • Hosting and infrastructure providers — to run the servers, databases, and queues that store and process your data.
  • Payment processor — to take payment for your subscription.

We do notsell your data, do not sell your contacts' data, and do not share data for third-party advertising.

7. Deleting your data

You can delete your data in any of the following ways:

  • Self-serve, in-app — sign in and delete your account from Settings. This permanently removes your user record, connected Pages, contacts, and messages.
  • From Facebook— remove SENDNXT from your Facebook account's “Apps and Websites” settings. Facebook will notify us and we will delete the same data automatically. See our data deletion instructions for the full process and how to verify deletion.
  • By email — write to privacy@sendnxt.com from the email address on your account.

Some records (e.g. invoices) are retained for as long as the law requires after deletion. Once retention expires, those records are deleted too.

8. Your rights

Depending on where you live, you may have the right to access, correct, port, restrict processing of, or delete your personal data, and to object to certain processing. To exercise any of these rights, contact us at privacy@sendnxt.com. We will respond within the timeframe required by applicable law.

9. Security

We encrypt third-party tokens (Facebook page access tokens, SMS provider credentials) at rest, transport all traffic over HTTPS, and verify webhook signatures before processing inbound payloads. We do not log access tokens, raw Facebook user IDs, full phone numbers, or message bodies.

10. International transfers

SENDNXT is operated from the Philippines. By using the service you acknowledge that your data may be processed in the country where our servers and our subprocessors are located.

11. Changes to this policy

If we make material changes we will post the updated policy here and update the effective date above. Continuing to use SENDNXT after a change means you accept the updated policy.

12. Contact

For any privacy question or request, write to privacy@sendnxt.com.