Data Deletion

You can remove your data from PostBreeze at any time. This page explains what to do and what we do on our side.

1. What you can delete yourself, from the app

  • Disconnect a social account — go to Accounts in your workspace sidebar and click the trash icon next to the account. This immediately revokes your OAuth token, zeroes our stored access token ciphertext, deletes any cached comments for that account from our inbox table, and deletes raw analytics snapshots we hold for the account. The account row is marked disconnected on our side. For Facebook this disconnects every Page owned by the user; for LinkedIn this disconnects the personal profile and every company page row that shares the same OAuth credentials.
  • Delete an individual post or media asset — from the Posts or Media page inside your workspace.
  • Leave a workspace — from the Members page, you can remove yourself from workspaces you are a member of (the owner cannot leave without transferring ownership or deleting the workspace).

2. How to delete your entire PostBreeze account

Email [email protected] from the email address tied to your account with the subject line "Account deletion request". We will confirm the request, then:

  • Revoke every OAuth token issued to us for your connected Instagram and other social accounts.
  • Delete your user record and any workspaces you solely own, including posts, scheduled jobs, uploaded media, invitations, and memberships.
  • Remove media from object storage (Cloudflare R2) within the same deletion run.

We complete these operations within 30 days of your request. Some data is retained longer where law requires it — principally invoices and related billing records, which Swedish bookkeeping law requires us to keep for 7 years.

3. Meta (Instagram & Facebook Pages) data-deletion callback

If you revoke PostBreeze's access from inside Instagram (Instagram Settings → Apps and Websites) or from Facebook (Facebook Settings → Business Integrations), Meta sends us an automated deletion request. Our webhook at /api/webhooks/meta receives that request and runs the following purge in one transaction:

  • Every SocialAccount row matching your Facebook user id (across all Pages you administered through PostBreeze) and your Instagram user id is marked REVOKED.
  • The stored OAuth access tokens and refresh tokens on those rows are zeroed out so they can no longer be used to call Meta's API.
  • All inbox comment rows we cached for those accounts (the comments page-mention webhook delivered for your Pages) are deleted.
  • All raw analytics snapshots we hold for those accounts (followers, page views, post engagements, etc.) are deleted.

Meta's callback expects a JSON envelope with a confirmation code and a status URL; we return both so you can check the status of your deletion at any time. If you filed a deletion request via Meta and want to check its status or ask us to do more, email [email protected] with the confirmation code Meta gave you.

4. Backups

Our encrypted database backups are kept for 30 days before rotation. Within that window, deleted data still lives in a backup; after the window it is permanently gone.

5. Questions

Email [email protected] — we respond within a few business days.