# Privacy Policy — Multigroup Poster Chrome Extension

# Privacy Policy — Multigroup Poster Chrome Extension

**Last updated:** May 3, 2026

**Effective:** Same as last updated

## 1. Who We Are

Multigroup Poster is a Chrome extension that helps users publish posts to multiple Facebook groups they belong to. It is operated by Multi Group Poster Inc.

**Contact:** multigroupposter@gmail.com

**Website:** https://multigroupposter.com

This Privacy Policy explains what data we collect, why we collect it, where it goes, and your rights.

## 2. The Short Version

We collect the **minimum** data needed to make the extension work: your email (for login), your list of Facebook groups (so you can pick where to post), and the posts you send (which go directly to Facebook on your behalf). We do not sell your data, do not run third-party advertising trackers, and do not use your data for any purpose unrelated to the extension's functionality.

## 3. Data We Collect

### 3.1 Account Data (collected when you sign in)

- **Email address** — required to identify your account and look up subscription status

- **Firebase user ID (UID)** — internal identifier from Google Firebase Authentication

- **Display name and profile picture URL** — if you sign in with Google, only what Google provides

We use Google Firebase for authentication. Firebase's privacy policy applies to the auth flow itself: https://firebase.google.com/support/privacy

### 3.2 Facebook Account Data (read from your Facebook session)

- **Your Facebook user ID** — extracted from Facebook's `c_user` cookie via the `cookies` permission

- **Your Facebook session tokens** (`fb_dtsg`, `lsd`, `jazoest`) — extracted from Facebook's HTML so we can post on your behalf. These are read in memory and never written to disk. They are sent only to Facebook's own servers when you publish a post.

- **Your list of Facebook groups** — fetched once when you click "Sync with Facebook," then cached locally in your browser. We do not transmit this list to any server other than Facebook.

- **Your active Facebook profile/page** — to support "Brand Mode" (posting as a Page).

We do not have access to your Facebook password and never request it.

### 3.3 Content You Create

- **Post text, images, and videos** — when you click "Publish," the content you wrote is sent directly to Facebook's GraphQL API on your behalf. We do not store copies of your post content on any server we control.

- **Scheduled campaigns** — stored in your browser's local IndexedDB until they fire.

- **Group selections, drafts, templates, and Spintax variations** — stored in your browser's local storage only.

### 3.4 Operational Data (sent to our servers)

- **Subscription/credit checks** — when you sign in, we query our subscription server using your email to determine your plan.

- **Doc ID telemetry** — anonymized Facebook GraphQL identifiers (no personal content) used to keep the extension working when Facebook updates their API.

- **Operational telemetry** — minimal counters for debugging. No personal content.

### 3.5 What We Do NOT Collect

- Your Facebook password

- Your friends list, messages, or photos beyond what you choose to post

- Browsing history outside Facebook

- Payment card numbers or financial details

- Health data, government IDs, or biometric information

- Cross-site tracking, advertising identifiers, or behavioral profiles

## 4. How We Use the Data

| Data | Used for |

|---|---|

| Email | Account identification, subscription lookup, support |

| Firebase UID | Internal account linking |

| Facebook session tokens | Authenticating your post requests to Facebook |

| Facebook groups list | Showing you the groups you can post to |

| Post content | Sent to Facebook on your behalf |

| Posting history (timestamps) | Rate-limiting to keep your account safe |

| Scheduled campaign data | Triggering scheduled posts |

| Subscription status | Showing your plan + remaining credits |

We do not use your data for advertising, do not sell it to anyone, and do not share it with marketing partners.

## 5. Third Parties Who Receive Your Data

### 5.1 Facebook (Meta Platforms)

What they receive: post content, group IDs, your Facebook session tokens (which they issued to you), and your Facebook user ID. Required for the extension's purpose.

### 5.2 Google Firebase

What they receive: your email and (if applicable) Google sign-in OAuth data. Used for authentication only. https://firebase.google.com/support/privacy

### 5.3 Multi Group Poster Servers

What they receive: your email (for subscription lookup), anonymized doc ID telemetry, and operational counters. TLS 1.2+ encryption.

### 5.4 We do NOT use:

- Google Analytics, Mixpanel, Segment, or any third-party analytics

- Advertising networks

- Third-party tracking pixels

- Any data broker

## 6. Where Data Is Stored

### 6.1 In your browser (deleted when you uninstall)

Account info, groups list, posting history, scheduled campaigns, drafts, templates, subscription cache. Chrome automatically deletes all browser-stored data on uninstall.

### 6.2 On our servers (kept until you request deletion)

Account record (email + UID), subscription status, doc ID telemetry submissions.

### 6.3 On Facebook

Posts you publish remain on Facebook according to Facebook's data policies.

## 7. Your Rights

### 7.1 Access and deletion

You can request a copy of all data we have about you, or permanent deletion of your account and all server-side data, by emailing **multigroupposter@gmail.com** with subject **"Privacy Request — [Access OR Delete] — [your email]"**. We respond within 30 days.

### 7.2 GDPR rights (EU/UK users)

You have additional rights including rectification, restriction of processing, data portability, and the right to lodge a complaint with your local data protection authority.

### 7.3 CCPA rights (California users)

You have the right to know what data we collect, request deletion, and opt out of "sale" of your data. We do not sell your data.

### 7.4 Removing the extension

Uninstall from `chrome://extensions` to stop all data collection. All browser-stored data is deleted automatically.

## 8. Data Security

- TLS 1.2+ encryption for all network communication

- Firebase Authentication uses Google's enterprise-grade security

- Server-side data stored with access controls

- No data shared with third parties except as listed in Section 5

## 9. Children's Privacy

Multigroup Poster is intended for users 18 years of age or older. We do not knowingly collect data from children under 13.

## 10. Permissions Explained

| Permission | Why we need it |

|---|---|

| `storage` | Saves your settings, drafts, and group lists in your browser |

| `cookies` | Reads Facebook session cookie (`c_user`) and Multi Group Poster auth cookie. Read-only. |

| `tabs` | Manages helper tab that talks to Facebook's API |

| `scripting` | Reads HTML structure on Facebook pages for groups/tokens |

| `alarms` | Triggers scheduled posts at the time you specified |

| `declarativeNetRequestWithHostAccess` | Modifies `Origin` header for Facebook API requests |

## 11. Changes to This Policy

If we change this Privacy Policy materially, we will post the updated version with a new "Last updated" date.

## 12. Contact

**Email:** multigroupposter@gmail.com

**Subject line:** "Privacy Question — [your topic]"

We aim to respond within 5 business days.

---

*Multigroup Poster Chrome Extension is a third-party tool and is not affiliated with, endorsed by, or sponsored by Meta Platforms, Inc. or Facebook. "Facebook" is a trademark of Meta Platforms, Inc.*