Adfynx LogoAdfynx

Meta Account Connection

Comprehensive guide on how Adfynx connects to and uses your Meta account, addressing your most important security and privacy concerns.

How Meta Connection Works

OAuth Authorization Flow

Adfynx uses Meta's official OAuth 2.0 authorization flow to connect your Meta account. The entire process is secure, transparent, and you remain in control at all times.

Step-by-Step Process

  1. You click "Connect Meta Account" - In the Adfynx platform, you click the connect button.
  2. Redirect to Meta authorization page - You're redirected to Meta's official authorization page (domain is facebook.com). This page is controlled by Meta, not Adfynx.
  3. You log in on Meta's page (if not already logged in) - You enter your Meta account and password on Meta's page. Adfynx cannot see this process and does not receive your password.
  4. You review and authorize permissions - Meta displays a list of permissions Adfynx is requesting (ads_read access only). You can review each permission's description, then decide whether to authorize.
  5. Meta issues an Access Token - If you agree to authorize, Meta generates an Access Token and redirects you back to Adfynx. Adfynx receives this token.
  6. Adfynx uses the token to access your data - Adfynx uses this token to call Meta API and pull your authorized advertising data. The token is encrypted and stored in our database.

Key Points:

  • • Your password is only entered on Meta's page; Adfynx never sees it
  • • You can clearly see which permissions Adfynx is requesting
  • • You can revoke authorization anytime; the token becomes invalid immediately

Permissions We Request

Minimal Permissions

We only request ads_read permission - the minimum read-only access needed to provide our analytics and insights services. This permission allows us to read your ad accounts, campaigns, ad sets, ads, and performance data.

This permission is read-only. We cannot modify, create, or delete your ads.

Permissions We Will NOT Request

  • Read or send private messages
  • Post to your personal profile or Page (unless you explicitly enable auto-posting feature)
  • Access your friends list or personal information (unless required by feature)
  • Manage your account settings or security settings

Token Lifecycle

Token Validity Period

  • Meta-issued Access Tokens typically have a 60-day validity period
  • If Meta provides a Refresh Token, we automatically refresh before expiration
  • If token expires and cannot be refreshed, you need to re-authorize

Token Storage

  • Tokens encrypted at application layer using AES-256 before database storage
  • Encryption keys stored in separate key management service (AWS KMS)
  • Tokens only briefly decrypted in memory when calling Meta API; never written to logs or sent to frontend

Token Revocation

  • You can disconnect anytime in Adfynx platform; we immediately delete stored tokens
  • You can also revoke authorization directly in Meta account settings; tokens become invalid immediately
  • If we detect token invalidation (e.g., you revoked on Meta side), we stop using that token and notify you to re-authorize

How to Disconnect

Disconnect Within Adfynx Platform

  1. Log in to Adfynx
  2. Go to "Account Settings" → "Connected Accounts"
  3. Find the Meta account you want to disconnect
  4. Click "Disconnect" button
  5. Confirm the action

What Happens After Disconnection:

  • • We immediately delete the stored Access Token
  • • We stop pulling new data from Meta
  • • Your previously generated analysis reports are retained (as historical snapshots), but you can manually delete them
  • • You can reconnect anytime

Revoke Authorization on Meta Side

  1. Log in to your Meta account
  2. Go to "Settings & Privacy" → "Settings"
  3. Click "Apps and Websites"
  4. Find "Adfynx"
  5. Click "Remove"

What Happens After Revocation:

  • • Adfynx's Access Token becomes invalid immediately
  • • We can no longer access your Meta data
  • • Next time you try to use Adfynx, the system will prompt you to re-authorize

Data Synchronization & Caching

Sync Frequency

  • Real-time data: When you view reports in Adfynx, we call Meta API in real-time to pull latest data

Caching Strategy

  • To improve performance and reduce API calls, we may briefly cache Meta-returned data (max 15 minutes)
  • Cached data only used for display and analysis, not retained long-term
  • You can click "Refresh" button on report page to force-pull latest data

Data Consistency

If you modify or delete ads on Meta side, we detect changes on next sync. Historical report data are snapshots and won't change due to your Meta-side modifications.

Permission Change Notification

If we need to request new permissions (e.g., to support new features), we will:

  1. Notify you in advance: Explain new permission's purpose via email or in-platform notification
  2. Request your authorization: You need to actively agree to grant new permission
  3. Provide choices: If you don't agree to new permission, you can continue using existing features (if new permission is optional)

We will not request new permissions without your consent.

Security Best Practices

Protect Your Meta Account

  • Enable two-factor authentication (2FA)
  • Use strong passwords; don't reuse across websites
  • Regularly check "Apps and Websites" list; remove unused apps
  • If you detect suspicious activity, immediately change password and revoke all third-party app authorizations

Protect Your Adfynx Account

  • Use strong passwords; don't reuse across websites
  • Enable two-factor authentication (coming soon)
  • Don't share your login credentials with others
  • Regularly check account activity logs

If You Suspect Account Compromise

  • Immediately change Adfynx and Meta passwords
  • Revoke Adfynx authorization on Meta side
  • Contact security@adfynx.com to report suspicious activity

Verifiable Statements

  • • You can view Adfynx's permission list in Meta's "Settings" → "Apps and Websites"
  • • You can view connected Meta accounts and authorization time in Adfynx's "Account Settings" → "Connected Accounts"
  • • You can view when we accessed your Meta data in Adfynx's "Account Settings" → "Activity Log"
  • • You can disconnect anytime in Adfynx or Meta side; tokens become invalid immediately
  • • We provide export functionality; you can download all analysis reports generated in Adfynx

Frequently Asked Questions

A: Absolutely not. Authorization happens on Meta's official page. Your password is only entered on Meta's page. Adfynx only receives the Access Token issued by Meta; we never see your password.

Last updated: December 19, 2025

Adfynx - AI-Powered Ad Insights