Privacy Policy
Last updated: March 12, 2026
BeeNerdy OÜ ("BeeNerdy", "we", "us") operates the TouchPoint platform, a social media management tool for agencies and businesses. This privacy policy explains how TouchPoint collects, uses, stores, and protects data obtained through Facebook, Instagram, and TikTok integrations.
Contact email for privacy inquiries: info@beenerdy.co
1. Data We Collect from Facebook, Instagram, and TikTok
When you connect a Facebook Page or Instagram Business Account to TouchPoint, we collect and store the following data:
- Facebook Page names and Page IDs
- Page access tokens (used to publish content and retrieve metrics on your behalf)
- Instagram Business Account IDs and usernames linked to your connected Facebook Pages
- The Facebook User ID of the person who authorized the connection
- Post engagement metrics: reactions, comments, shares, reach, and impressions
- Follower counts for connected Pages and Instagram accounts
- Published post IDs and permalinks
When you connect a TikTok account to TouchPoint, we collect and store the following data:
- TikTok user ID and username
- TikTok access tokens (used to publish videos and retrieve metrics on your behalf)
- Video engagement metrics: views, likes, comments, shares, and average watch time
- TikTok account follower count
- Published video IDs
2. How We Use Your Data
We use the data collected from Facebook, Instagram, and TikTok for the following purposes:
- Publishing content: Access tokens allow TouchPoint to publish posts, Reels, and Stories to your Facebook Page and Instagram account, and videos to your TikTok account on your behalf.
- Retrieving engagement metrics: We pull reach, impressions, reactions, comments, shares, and other engagement data to display in reporting dashboards. For TikTok, we collect views, likes, comments, shares, and average watch time.
- Performance reporting: Engagement data is displayed in dashboards that help you measure content performance over time across all connected platforms.
- Follower tracking: Follower counts are tracked over time to show audience growth trends on Facebook, Instagram, and TikTok.
- Post tracking: Published content IDs link content back to the TouchPoint planning tool for status tracking.
3. Data Storage and Security
- All data is stored in a PostgreSQL database hosted on Google Cloud SQL in the europe-west1 (Belgium) region.
- Google Cloud SQL encrypts all data at rest by default at the storage layer. Database access is restricted to the TouchPoint application service account.
- Page access tokens are stored in the database and protected by Google Cloud SQL's default encryption at rest. Access to tokens is restricted to the application service account through IAM policies.
- Media files (images and videos) are stored in Google Cloud Storage in the europe-west1 region.
- We do not share Facebook, Instagram, or TikTok data with third parties.
- We do not sell Facebook, Instagram, or TikTok data.
4. Revoking Access
You can disconnect your Facebook Page from TouchPoint at any time through the client settings in the TouchPoint platform. When you disconnect:
- The stored page access token for that Page is deleted from our database.
- The linked Instagram Business Account data is removed.
- Previously fetched engagement reports remain available until the data retention period expires (see Section 6).
You can disconnect your TikTok account from TouchPoint at any time through the client settings in the TouchPoint platform. When you disconnect:
- The stored TikTok access token is deleted from our database.
- The linked TikTok account data is removed.
- Previously fetched engagement reports remain available until the data retention period expires (see Section 6).
You can also remove TouchPoint from your Facebook account by visiting your Facebook App Settings. Removing the app triggers our deauthorize callback, which automatically deletes all stored tokens associated with your Facebook account.
For TikTok, you can revoke TouchPoint's access from your TikTok account security settings under "Third-party apps".
Deauthorize callback endpoint:
https://app.benerdy.it/api/meta-webhooks/deauthorize
5. Data Deletion
When a user requests data deletion through Facebook, our data deletion callback endpoint receives the request and performs the following actions:
- Deletes all stored page access tokens associated with the Facebook User ID.
- Deletes all Facebook Page data, Instagram account data, and TikTok account data linked to that user.
- Deletes cached engagement reports associated with the user's connected Pages.
- Returns a confirmation code and a status URL where the user can check deletion progress.
Data deletion callback endpoint:
https://app.benerdy.it/api/meta-webhooks/data-deletion
Data deletion status endpoint:
https://app.benerdy.it/api/meta-webhooks/data-deletion-status
Data retention: Engagement reports are retained for 12 months after a Page is disconnected or a deletion request is received, then automatically purged. All tokens and account linkage data are deleted immediately upon disconnection or deletion request.
6. Your Rights Under GDPR
BeeNerdy OÜ is the data controller for data processed through TouchPoint. We are registered in Estonia, a member state of the European Union. All data processing occurs within the EU (Google Cloud SQL europe-west1, Belgium).
Legal basis for processing: We process Facebook and Instagram data based on your explicit consent, granted when you authorize the TouchPoint application through Facebook's OAuth flow. For TikTok, consent is granted when you authorize TouchPoint through TikTok's login flow.
Your rights:
- Right to access: You can request a copy of all data we store about you and your connected accounts.
- Right to rectification: You can request correction of any inaccurate data we hold.
- Right to erasure: You can request deletion of your data at any time. This is also covered by the data deletion flow described in Section 5.
- Right to data portability: You can request your data in a machine-readable format (JSON export).
- Right to restrict processing: You can request that we limit how we process your data.
- Right to object: You can object to our processing of your data.
To exercise any of these rights, contact us at info@beenerdy.co.
Data processors: Google Cloud (hosting and database), Meta (Facebook/Instagram API provider), and TikTok (TikTok API provider) act as data processors under standard contractual clauses. Processing of Facebook and Instagram data occurs within the European Union. TikTok data may be processed on TikTok's servers according to their privacy policy, but data we store remains on our EU servers.
Supervisory authority: You have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local EU supervisory authority.
Data controller contact:
BeeNerdy OÜ
Email: info@beenerdy.co
7. Cookies
The beenerdy.co marketing website uses Google Analytics (measurement ID: G-5DYVKFBDH1) for anonymous traffic analysis. Google Analytics sets cookies to distinguish unique users and throttle request rates. No personally identifiable information is collected through these cookies.
The TouchPoint platform uses session cookies that are strictly necessary for authentication and platform functionality. These cookies do not track you across other websites.
8. Changes to This Policy
We may update this privacy policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page and notify active TouchPoint users by email.
9. Contact
For privacy inquiries or to exercise your data rights:
BeeNerdy OÜ
Email: info@beenerdy.co