1. Who We Are
Lyttix Solutions INC (“Lyttix,” “we,” “our,” or “us”) provides social-media automation and analytics through:
- Websites: https://lyttix.com https://social.lyttix.com https://chatbot.lyttix.com
- The Lyttix Dashboard (the “Platform”)
- Mobile/desktop widgets, plug-ins and APIs that connect with Meta and Google services.
We are the data controller for information collected via these Services.
Contact: privacy@lyttix.com | +1-504-446-4396
Data Protection Officer (DPO): dpo@lyttix.com
2. Scope
This Policy applies when you:
- Visit our sites or use the Platform
- Authorise our Facebook, Instagram or YouTube integrations
- Communicate with us by email, chat or social media.
It does not govern third-party sites we merely link to.
3. Information We Collect
| Category | Examples | Source | Purpose | Legal Basis* |
|---|---|---|---|---|
| Account Data | Name, email, password hash | Direct | Create & secure your account | Contract |
| Meta Page / IG Account Data | Page ID & name; visitor posts & comments (pages_read_user_content); scheduled posts (pages_manage_posts); metadata & webhook settings (pages_manage_metadata); locale (pages_user_locale); gender** (pages_user_gender); timezone (pages_user_timezone); engagement metrics (pages_read_engagement); comment moderation (pages_manage_engagement, instagram_manage_comments); conversations (pages_messaging, HUMAN_AGENT) | Graph API | Publish content, moderate comments, display analytics, respond to messages | Contract, Legitimate interest |
| Instagram Direct Message Data | Thread ID, message text, media attachments, sender Instagram Scoped ID, timestamps (instagram_manage_messages) | Graph API | Show DMs in your inbox; allow human agents to reply within 24 h (or 7 days with HUMAN_AGENT tag) | Contract, Legitimate interest |
| YouTube Data | Channel ID, video IDs, scheduled uploads | YouTube API | Video scheduling & analytics | Contract |
| Usage Data | Log files, IP, browser, device, cookies | Automatic | Security, debugging, analytics | Legitimate interest |
| Billing | Card last-4 digits, Stripe transaction IDs | Payment processor | Charge subscription | Contract |
* GDPR Art. 6(1)(b) or (f); consent obtained where required (e.g., marketing emails).
** Gender values are aggregated/anonymised for insights only; we never profile individuals by gender.
4. Meta Permissions We Request & Why
| Permission | Why We Need It |
|---|---|
| pages_read_user_content | Read visitor posts & comments so you can moderate them in one inbox. |
| pages_manage_posts | Create, schedule, edit and delete Page posts from the Dashboard. |
| pages_show_list | Display your Pages so you can choose which to connect. |
| pages_manage_metadata | Subscribe to Page webhooks and update messaging settings. |
| pages_user_locale / pages_user_gender / pages_user_timezone | Show aggregated audience locale, gender and timezone insights. |
| pages_manage_engagement | Hide, delete or reply to Page comments and reactions. |
| pages_read_engagement | Pull likes, shares and other metrics for performance reports. |
| pages_messaging | Read and send Page messages; works with the HUMAN_AGENT tag (manual replies within 7 days). |
| instagram_manage_comments | Reply to, hide or delete Instagram comments. |
| instagram_content_publish | Publish Reels, photos and videos to Instagram Business accounts. |
| instagram_basic | Fetch media objects and profile info for the posting queue. |
| instagram_manage_messages | Read and respond to Instagram Direct Messages. Free-form replies allowed within 24 h of the user’s last message; a human agent may reply up to 7 days using the HUMAN_AGENT tag. We do not send unsolicited or promotional messages outside these windows. |
| business_management | Authenticate Business System Users and manage assets in Business Manager. |
| read_insights | Show reach, impressions and follower-growth charts. |
| Human Agent | Allows a live agent to respond up to 7 days after the user’s last message. |
| Business Asset User Profile Access | Retrieve a commenter’s public name & profile picture for the moderation UI. |
You may revoke any permission at any time in Facebook: Settings & Privacy › Settings › Business Integrations.
5. How We Use Information
- Operate and improve the Platform
- Secure the Service (monitor logs, prevent fraud)
- Communicate with you (updates, invoices, support)
- Comply with legal obligations.
We never sell or rent personal data and we do not use Meta or Google data for ad-targeting or profiling outside the functions you enable.
6. Sharing
We share data only with:
- Service providers bound by confidentiality (AWS, Stripe, Sentry, etc.)
- Law enforcement or regulators when legally required
- Affiliates or successors in case of merger or acquisition (with prior notice).
7. Retention
- Account data – while subscription is active + 90 days
- Logs – 30 days, then anonymised
- FB/IG media cache – 24 hours
- Instagram DM content – 90 days (or delete sooner via Dashboard)
- Encrypted backups – rotated every 30 days.
8. Your Rights
Wherever you live you may:
- Access, correct, port or delete your data
- Object to / restrict processing
- Withdraw consent (e.g., marketing email opt-out).
Email privacy@lyttix.com; we respond within 30 days.
9. How to Delete Your Data
A. From Lyttix
- Log in → Account › Settings › Plan → Cancel Plan.
- Submit the Data Deletion Form at https://legal.lyttix.com/data/.
B. Revoke on Facebook/Instagram
Facebook → Settings & Privacy › Settings › Business Integrations → Lyttix → Remove.
C. Revoke on Google
Visit https://security.google.com/settings/security/permissions and remove Lyttix.
Our backend receives Meta’s deauthorize callback and wipes related records within 30 days.
10. Security
- TLS 1.3 in transit; AES-256 at rest
- Principle of least privilege on servers
- Annual penetration tests & continuous vulnerability scans.
11. International Transfers
We host in the United States. Cross-border transfers rely on Standard Contractual Clauses, the UK Addendum or adequacy decisions.
12. Children
The Services are not directed to children under 13. Contact us if you believe we have inadvertently collected such data.
13. Cookies
We use strictly-necessary, functional and analytics cookies. You can disable cookies in your browser, but parts of the Platform may not work.
14. YouTube API
Lyttix accesses YouTube channels only after you grant explicit OAuth consent. We store channel IDs, access tokens and scheduled-upload details solely to manage your content and display analytics; we never share YouTube data with third parties and we comply with Google’s API Services User Data Policy. Revoke access any time in Google Security settings (see §9).
15. Changes
We may update this Policy. If the changes are material, we’ll give at least 7 days’ notice by email or in-app banner.
16. Contact
Email: privacy@lyttix.com
Phone: +1-504-446-4396