Privacy Policy

Last updated: June 3, 2026

This policy covers Ray Agent, our AI Messenger reply assistant (Facebook App ID: 977531558198523), operated at raysecurities.com.

What we collect

• Your Facebook Page access token, encrypted at rest with AES-256, so we can read incoming messages and send AI-generated replies on the connected Page.
• Messages your customers send to your connected Page, received via the Facebook Messenger webhook.
• Public Page metadata (about, hours, location, services, posts, photos) used as grounding context for AI replies.
• Your business information that you supply (name, products, FAQs, tone, reply examples).
• Usage statistics (reply counts, AI token usage) used for plan enforcement and billing.

Facebook permissions and why we request them

• pages_messaging — to send AI-generated replies from your Page inside the 24-hour standard messaging window using messaging_type=RESPONSE. Never used for broadcast, marketing, or proactive outreach.
• pages_read_engagement — to read your Page's About, hours, location, posts and photos so AI replies are grounded in your real business facts.
• pages_show_list — to display the list of Pages you manage so you can pick which one to connect. We store only the Page you select.
• pages_manage_metadata — to subscribe and unsubscribe our webhook to your Page so we receive incoming messages. No Page profile fields, posts, or public metadata are modified.
• business_management — a one-time ownership check via GET /me/businesses so a user cannot connect a Page they don't manage. No Business Manager assets are read or modified.

How we use it

• To generate AI replies via the Anthropic Claude API.
• To compute embeddings via Voyage AI for knowledge retrieval.
• To deliver replies via the Facebook Graph API on your behalf.
• For billing, abuse prevention, and platform-policy compliance.

What we never do

• Sell your data, your customers' messages, or your business info to third parties.
• Use your data to train AI models. Anthropic and Voyage process inputs without training on them under their commercial terms.
• Send marketing, promotional, broadcast, or proactive messages to your customers.

Data retention and deletion

• Conversations and messages are retained for 12 months by default.
• When you disconnect your Page, we immediately unsubscribe the webhook (DELETE /{page-id}/subscribed_apps), clear the encrypted access token, and delete all stored conversation data within 7 days.
• When you delete a business from the dashboard, all related conversations, messages, knowledge base entries, embeddings, and webhook events are permanently deleted via database cascade immediately.
• Facebook end users can request deletion of their conversation data directly. See below.

Your rights — Facebook user data deletion

Facebook end users can trigger deletion of their conversation data with us via Facebook's Data Deletion mechanism. Our callback endpoint is:

POST https://raysecurities.com/api/fb/data-deletion

Status of a given deletion request can be checked at:

GET https://raysecurities.com/api/fb/data-deletion/status?code={confirmation_code}

You can also request deletion by emailing [email protected].

Contact

For privacy questions, email [email protected].