Privacy Policy

Last updated: 16 May 2026

1. Introduction

This Privacy Policy explains how KeweShip ("KeweShip", "we", "our", or "us") collects, uses, stores, shares, and protects information when you use our shipping/courier services, our web application, our mobile application, or any feature that integrates with the Meta Platform (Facebook Pages, Instagram Pages, and the Facebook Marketing API). By creating an account or using our services you agree to the practices described below.

2. Who controls your data

The data controller is the company that operates KeweShip and the keweship.com domain. You can reach our privacy team using the contact information at the end of this policy.

3. Information we collect

3.1 Information you provide

  • Account information: name, email address, phone number, profile picture, role inside your company, and your login credentials.
  • Operational data: orders, parcels, customer addresses you create, comments, and assignments inside the system.
  • Support correspondence: messages, attachments, and contact requests you send us.

3.2 Information we receive from Meta (Facebook / Instagram)

When you connect a Meta account through our app, we use the Facebook Login and the Facebook Marketing API to read advertising data on your behalf. With your explicit OAuth consent we may receive:

  • Your Facebook user ID and basic public profile (public_profile).
  • The list of Pages you manage (pages_show_list), Page name, Page ID, and Page profile picture URL (pages_read_engagement).
  • The list of Ad Accounts you can access through your Business Manager (business_management).
  • Campaign, ad set, ad, and creative metadata, plus performance metrics such as spend, impressions, reach, clicks, and results (ads_read and, where you opt in, ads_management for in-app campaign creation/pause).
  • Optional Page conversation timing data used to compute reply-speed analytics (pages_messaging) — only when this feature is enabled by your administrator.

We do not request and we do not store your Facebook friends list, photos, posts, private messages, or any data unrelated to advertising and Page management.

3.3 Information collected automatically

  • Technical logs (IP address, browser/device type, request timestamps) used to secure the service and debug errors.
  • Cookies and local storage tokens used to keep you signed in and remember your language preference. We do not use third-party advertising cookies.

4. How we use your information

  • To deliver the courier and Sales/Ads management features you sign up for.
  • To display your Facebook Pages, ad-account picker, ad reports, and analytics inside our app.
  • To create or pause campaigns inside Meta on your behalf only when you explicitly trigger that action.
  • To detect, prevent, and investigate fraud, abuse, and security incidents.
  • To comply with legal obligations and lawful requests.

We never use your Meta data to build profiles for advertising to other users, and we never sell or rent your data.

5. Lawful basis for processing

We process personal data on the following legal bases: (a) performance of the contract you accept when using our service; (b) your explicit consent for the Meta permissions you grant during the OAuth flow; (c) our legitimate interest in keeping the service secure and operational; and (d) compliance with applicable law.

6. How we share information

  • Meta Platforms, Inc. — every API call we make is sent directly to graph.facebook.com using the access token you authorised.
  • Infrastructure providers — our hosting, database, and cache providers under written contracts that prohibit them from using the data for any other purpose.
  • Inside your company — administrators and team members of the company that owns your account can see operational data they are entitled to under their role permissions.
  • Legal process — when required to comply with a valid court order, subpoena, or law-enforcement request.

We do not share your Meta data with third-party advertisers or data brokers.

7. Data retention

We keep account information for as long as your account is active. Operational data (orders, parcels, ad reports) is kept for the period your administrator configures, typically up to 24 months. Cached Meta API responses are kept for the duration set in your tenant settings (the Facebook Ads warm-cache window) and are automatically refreshed or deleted when you disconnect the integration.

If you delete your account or revoke our Meta access, we delete or anonymise the affected personal data within 30 days, except where we must keep specific records for legal, accounting, or fraud-prevention reasons.

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate or incomplete data through the in-app Profile screen.
  • Delete your data — see our dedicated Data Deletion Instructions.
  • Withdraw your consent for the Meta integration at any time from facebook.com → Settings → Business Integrations; doing so immediately stops all future data access.
  • Lodge a complaint with the data-protection authority of your country.

9. Security

We protect your data with TLS encryption in transit, encrypted credential storage, role-based access control, audit logging, and routinely reviewed server hardening. No system is 100% secure; if we ever discover a personal-data breach affecting you, we will notify you and the appropriate authorities as required by law.

10. International transfers

KeweShip operates servers in Iraq and the European Union. When data is transferred outside your country we rely on the standard contractual clauses or equivalent safeguards required by applicable law.

11. Children

Our service is intended for businesses and adults. It is not directed to children under the age of 13 (or 16 where local law requires a higher age), and we do not knowingly collect personal data from such children. If we learn we have collected data from a child without parental consent, we will delete it.

12. Third-party links

Our pages may link to third-party websites (for example facebook.com or instagram.com). Their privacy practices are governed by their own policies, not by this one.

13. Compliance with Meta Platform Terms

This service uses the Facebook Login and Marketing API in compliance with the Meta Platform Terms and Developer Policies. We process Meta data only for the purposes you authorised, never sell it, and apply the same protections that this Privacy Policy describes for our own data.

14. Changes to this policy

We may update this Privacy Policy when our practices change or the law requires it. The "Last updated" date at the top reflects the latest revision. Material changes will be announced inside the application before they take effect.

15. Contact

For privacy questions, access requests, or complaints, please contact us:

  • Email: support@keweship.com
  • Postal: KeweShip — Privacy Team, available on request through the contact form on our website.

You can also delete your personal data using the steps on our Data Deletion Instructions page.