Privacy Policy
Last updated July 3, 2026
CO-MSG ("CO-MSG", "we", "us") operates the collaboration workspace at co-msg.com, including the Social Studio tool. This policy explains what we collect, how we use it, and your choices. Questions: contact@co-msg.com.
Information we collect
- Account data — your name, email address, and password (stored hashed) when you register.
- Google sign-in data — if you choose "Sign in with Google", Google shares your name, email address, and profile picture from the Google Account you select. We use it only to create or access your CO-MSG account.
- Workspace content — messages, tasks, projects, meetings, documents and social posts you create in your workspace.
- Connected social data — when you connect a social account (e.g. Facebook or Instagram), we access the accounts you explicitly choose: your Facebook Pages, linked Instagram Business accounts, posts you publish through CO-MSG, and their engagement/insights. With your permission we also access messages and comments for the unified inbox. We store the access token needed to perform these actions.
How we use information
We use your information only to provide the service you asked for: to publish and schedule the posts you create, show performance insights, and (if enabled) let you read and reply to comments and messages. Social actions are always initiated by you — we never post or reply on your behalf without your action.
Data obtained through Meta
Data obtained through the Facebook and Instagram platforms is used solely to provide the in-app features described above, in accordance with the Meta Platform Terms and Developer Policies. We do not sell it, use it for advertising or profiling, or share it except with the sub-processors that run our service.
Signing in with Google
When you use "Sign in with Google", we receive basic profile information (your name, email address, and profile picture) from the Google Account you choose, solely to authenticate you and create or access your CO-MSG account. We request only these basic sign-in scopes and do not access any other Google data.
CO-MSG's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We do not sell this data, use it for advertising, or share it with third parties except the sub-processors that run our service. You can revoke CO-MSG's access at any time from your Google Account permissions.
Storage, security & sharing
Access tokens and content are stored per workspace and transmitted over encrypted HTTPS connections. We do not sell your data. We rely on service providers (cloud hosting and email delivery) that process data on our behalf under confidentiality obligations.
Retention & deletion
You can disconnect any social account at any time from Social Studio — this immediately removes its stored access token from CO-MSG. You can request deletion of your connected social data at co-msg.com/data-deletion, and removing the CO-MSG app from your Facebook settings triggers automatic deletion of the related tokens.
Your rights
You may access, correct, export, or delete your personal data by contacting contact@co-msg.com. We respond to verified requests promptly.
Changes
We may update this policy; material changes will be posted here with a new "last updated" date.
