ROAS Shield

Legal

Data Deletion

Last updated: 2026-05-09

You can ask us to delete all the data we hold about you in two ways. Both result in full deletion within 30 days.

Two paths to delete

We accept deletion requests through two channels: a Meta-initiated callback (when you remove our app from your Meta account) and a direct email request to our privacy team. Choose whichever is easier for you. Both produce the same outcome: a complete deletion of your data, finished within 30 days from when we receive the request.

Path 1: From your Meta account

This is the fastest path if you have already disconnected, or want to disconnect, our app from your Facebook or Instagram account.

  1. Open Meta and go to Settings and privacy, then Apps and Websites.
  2. Find ROAS Shield in the list of connected apps.
  3. Click Remove.

When you remove our app, Meta sends a signed deletion-request callback to us. We:

  • verify the signed request using HMAC-SHA256 against our App Secret,
  • create a deletion request record tied to your Meta user ID,
  • return a confirmation code and a status URL of the form https://adcp.example.com/data-deletion/{code},
  • enqueue a deletion job that runs after 30 days, deleting all data tied to your Meta user ID across every workspace you were connected to,
  • send a status update once the deletion completes.

You can use the confirmation code at any time before the 30-day window expires to check progress (see "Check the status of a request" below).

Path 2: Email request

If you prefer, send an email to [email protected] with the subject Delete my data. Include:

  • the email address on your ROAS Shield account, or your Meta user ID if known,
  • a brief confirmation that you want all your data deleted.

We acknowledge every request within 5 business days. Deletion completes within 30 days from the date we receive the request. We email you when the deletion finishes.

If you do not have a ROAS Shield account but a Page or Instagram account you manage was connected by another administrator, you can still request deletion by email; provide the Page or account name and the period during which it was connected.

What gets deleted

When we process a deletion request, we remove the following from every workspace tied to your Meta user ID:

  • workspace records (name, settings, subscription metadata),
  • Meta connection records (encrypted access tokens, Meta user ID hash),
  • Page, Instagram, and ad-account connections,
  • knowledge-base documents and their embeddings,
  • comment records authored by your Meta user ID hash, and the moderation actions linked to them,
  • AI classification and reply records linked to those comments.

If you delete only your own account but the workspace continues with other administrators, only the records personally tied to your user (sessions, audit-log actions you initiated, your account data) are deleted. The workspace itself remains for the other administrators.

What is retained, and why

Full deletion is the default. The two narrow exceptions are:

  • Audit logs are retained for 90 days after deletion completes, and then permanently removed. Audit logs do not contain comment content; they contain the metadata of moderation actions for compliance reporting.
  • Financial records (Stripe invoices, VAT records) are retained for 6 years where UK HMRC rules require it. These records contain billing data only, never comment content or Meta connection data.

If you ask us to disregard either exception, we cannot, because both are required by law. We can confirm in writing what we hold under each exception.

Check the status of a request

Visit https://adcp.example.com/data-deletion/{confirmation-code} to see the status of any deletion request. The page polls our backend every 5 seconds and shows one of:

  • Pending: request received, deletion scheduled.
  • Processing: the deletion job has started.
  • Complete: all data has been deleted.
  • Failed: something prevented deletion. Contact [email protected] for a manual review; we honour the request even if our automated path failed.

If you arrive at the status page and see We can't find this deletion request, the confirmation code may have expired (status pages stay live for 30 days after deletion completes) or the code does not match a known request. Email us and we can confirm the deletion from our records.

Questions

For anything not covered here, or to request a copy of your data before deletion, contact [email protected]. Our wider obligations and your rights under UK and EU GDPR are set out in the Privacy Policy.