Privacy Policy

We collect only the minimum information necessary to provide the service:

• Registration data: Full name, username, and securely hashed password
• Facebook Page data: Page name, Page ID, and Page Access Token
• Activity data: Activated posts, replied comment IDs, and timestamps
• Subscription data: Plan type, start date, and expiry date

Your information is used solely for the following purposes:

• Managing your account and authenticating your identity securely
• Connecting your Facebook Pages and delivering automated replies
• Managing your subscription status and access rights
• Maintaining system security and preventing abuse or unauthorized access
• Providing customer and technical support when requested

Your Facebook Page Access Token is sensitive information that grants access to your page. Here is exactly how we handle it:

• Stored securely on our server in an encrypted environment
• Never shared with any third parties under any circumstances
• Used exclusively to send automated replies via the Facebook Graph API on your behalf
• Permanently and irreversibly deleted when you disconnect a page or delete your account

We implement industry-standard security measures to protect your data:

• Passwords are hashed using bcrypt with salt before storage — never stored in plain text
• Authentication is managed via secure HTTP-only JWT cookies to prevent XSS attacks
• All data transmission is encrypted via HTTPS/TLS
• Server access is restricted and monitored — only administrators can access user data

While we implement strong security practices, no method of internet transmission is 100% secure. We cannot guarantee absolute security but commit to addressing any breach promptly.

We do not sell, trade, rent, or share your personal information with any third parties, with only these two limited exceptions:

• Facebook / Meta: Only when making Graph API calls to send automated replies on your behalf — as per your explicit configuration
• Legal requirements: If required by applicable law, court order, or valid legal process — we will notify you if legally permitted to do so

Our service uses only one cookie for essential functionality:

• token: An HTTP-only authentication cookie used to maintain your login session — expires after 30 days

We do not use any tracking cookies, advertising cookies, or third-party analytics cookies. Your browsing behavior is never monitored or recorded.

We retain your data only for as long as your account is active and the service relationship continues. When you delete your account:

• All personal information and account data is permanently deleted within 24 hours
• All connected Facebook Pages and Access Tokens are removed immediately
• All post configurations and automated reply history are purged
• Backups containing your data are overwritten within 30 days

You have full control over your data and the following rights at any time:

• Access and review your personal data through the account settings page
• Disconnect any Facebook Page and revoke its Access Token instantly
• Request complete account deletion and removal of all associated data
• Update your profile information including full name and password
• Opt out of the service at any time by deleting your account

To delete all your data from DoctorFile, follow these steps:

• Log in to your account at doctorfile.xyz
• Go to Pages section and disconnect all connected Facebook Pages
• Contact the administrator to request full account and data deletion
• Alternatively, revoke app permissions directly from Facebook Settings → Apps and Websites

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us through the platform's support channels.

We take all privacy concerns seriously and aim to respond to all inquiries within 48 hours.