Privacy Policy

Last updated: March 10, 2026

1. Introduction

OMMFlow ("we", "us", "our") is a social media management platform operated by Online Media Management (Pty) Ltd (omm-flow.com). This Privacy Policy explains how we collect, use, and protect your information when you use our platform at omm-flow.com.

2. Information We Collect

Account Information

  • Name and email address
  • Password (stored securely using bcrypt hashing)
  • Organization and role information

Social Media Data

  • Facebook Page and Instagram Business Account information
  • Post content, media, and engagement metrics
  • Comments and messages from your social media accounts
  • Analytics and insights data

Usage Data

  • Log data (IP address, browser type, pages visited)
  • Actions taken within the platform (audit log)

Meta Platform Data

OMMFlow is a Meta Platform partner and uses Meta's APIs to provide social media management services. When you connect your Facebook or Instagram accounts, we collect and process the following Meta Platform data:

  • Access Tokens: Encrypted OAuth tokens that allow us to access your Facebook Pages and Instagram Business accounts on your behalf
  • Page/Account IDs: Unique identifiers for your Facebook Pages and Instagram Business accounts
  • User Profile Data: Your name, profile picture, and account information from connected Meta accounts
  • Post Content: Content you create, schedule, or publish through our platform, including text, images, videos, and metadata
  • Comments and Messages: Comments on your posts, visitor posts to your Pages, and message metadata for Unified Inbox functionality
  • Engagement Metrics: Reactions, shares, impressions, reach, follower counts, and other analytics data from your connected accounts
  • Media Assets: Images and videos uploaded to our platform for publishing to your social media accounts

How We Use Meta Platform Data: We use this data solely to provide our social media management services, including: scheduling and publishing content, managing comments and community engagement, retrieving analytics for reporting, and displaying account information in our dashboard. We do not use Meta Platform data for advertising, profiling, or any purpose other than providing the services you have requested.

Data Retention: Meta Platform data is retained only as long as necessary to provide our services. Access tokens are stored until you disconnect your account. Post content and analytics are retained for 2 years to provide historical reporting. Inbox messages are retained for the lifetime of your workspace; you can request deletion via our data-deletion endpoint (see §8). Upon account disconnection or deletion request, we delete all associated Meta Platform data within 30 days, except where longer retention is required by law.

Meta Platform Terms: Our use of Meta Platform data is subject to Meta's Platform Terms and Data Processing Terms. We comply with all applicable Meta policies and requirements for Platform partners.

GDPR and POPIA Compliance: For users in the European Economic Area, our processing of Meta Platform data is conducted in accordance with GDPR requirements. For South African users, we comply with the Protection of Personal Information Act (POPIA). You have the right to access, correct, or delete your Meta Platform data at any time by contacting us or disconnecting your accounts through the platform settings.

3. How We Use Your Information

  • To provide and operate the OMMFlow platform
  • To publish content to your connected social media accounts
  • To retrieve and display analytics and engagement data
  • To manage comments and messages (Unified Inbox)
  • To generate reports for your clients
  • To send notifications about scheduled posts and account activity

4. Data Sharing

We do not sell your data. We share information only with:

  • Meta Platforms (Facebook/Instagram) — to publish content and retrieve analytics via their API
  • Your team members — within your organization on the platform
  • Your clients — via the client approval portal (only their own content)
  • Our publishing & Paid Media sub-processor — a specialized advertising and publishing service integrated with OMM Flow. Organic post content is relayed for multi-platform publishing. When Paid Media is activated for a client, ad creative, audience data, and campaign configuration are relayed through this sub-processor to the platform ad networks (Meta, Google, TikTok, LinkedIn, Pinterest, X). Custom-audience PII (emails, phones) is SHA-256 hashed client-side before transmission and never leaves your browser in cleartext. The current sub-processor identity is available to customers on request — email privacy@omm-flow.com.
  • Google (Analytics) — anonymous usage metrics (page views, session duration, referrer) only if you accept the cookie banner. No personally identifying information is sent. See our cookie policy for specifics + opt-out.

Paid Media — ad spend billing:When you activate the Paid Media add-on for a client, advertising campaigns are run against your client's own platform ad account (their Meta / Google / etc account). Ad spend is billed by the platform directly to your client — OMMFlow does not handle or process ad-spend funds. OMMFlow's Paid Media subscription fee (R499 per client per month) covers the software, the integration layer, audience management, and reporting only.

5. Data Storage & Security

Your data is stored on secure servers. We implement industry-standard security measures including:

  • SSL/TLS encryption for all data in transit
  • Bcrypt password hashing
  • JWT-based authentication with session expiry
  • Role-based access control
  • Daily database backups — compressed, transmitted over TLS, and stored in our offsite backup provider's encrypted storage

6. Data Retention & Deletion

We retain your data for as long as your account is active. You may request deletion of your data at any time by contacting us. Upon account deletion, we will remove your personal data within 30 days.

To request data deletion, email: privacy@omm-flow.com

7. Your Rights

Under POPIA (Protection of Personal Information Act), you have the right to:

  • Access your personal information
  • Correct inaccurate information
  • Request deletion of your data
  • Object to processing of your data
  • Withdraw consent at any time

8. Contact Us

For privacy-related inquiries:
Online Media Management (Pty) Ltd
Email: privacy@omm-flow.com
Website: omm-flow.com