Gravix Legal

Public policy pages for the internal Meta-powered app

PrivacyTermsData DeletionLogin
Internal Meta Operations Tool

Privacy Policy

This policy explains what Meta-related information Spotlight Media LLC processes through Gravix, how it is used inside the internal operations app, how long it is retained, and how people can ask for deletion.

At A Glance

Last updated March 17, 2026

  • Internal-only operations tool for company-owned Meta assets
  • Comment and message content retained for a 90-day window
  • Deletion requests can be made through the same social channel used for the interaction

Overview

This Privacy Policy explains how Spotlight Media LLC handles information used in Gravix, its internal Meta operations app. Gravix is an internal tool used only by authorized employees of Spotlight Media LLC. It is not a public SaaS product and it does not onboard outside client businesses.

The app supports Meta Ads Uploader, Meta Ads Reporting, and Comment Manager workflows for company-owned ad accounts, Facebook Pages, Instagram business accounts, Messenger inboxes, and Instagram Direct conversations.

Information We Collect

Depending on the workflow, the app may collect and store the following categories of information:

  • Meta interaction data, such as comment text, direct message text, reply text, timestamps, platform identifiers, conversation identifiers, and linked Page or Instagram account identifiers.
  • Profile or sender information made available by Meta for the workflow, such as display names, usernames, and Meta user or author IDs.
  • Internal workflow data, such as moderation status, claim history, final replies, AI-suggested replies, retry history, and employee action history.
  • Operational and security data, such as request IDs, error diagnostics, webhook receipt times, rate-limit telemetry, and access-control events.
  • Advertising and reporting data from company ad accounts, such as ad performance metrics, ad status, account selections, and publishing job records.

How We Use Information

We use this information only as reasonably necessary to operate the internal app, including to:

  • review, moderate, and respond to Facebook comments and Instagram comments
  • review and respond to Messenger and Instagram Direct conversations
  • generate internal reply suggestions for employees
  • publish and manage ads in company-owned ad accounts
  • show internal ad reporting and performance dashboards
  • detect failures, prevent abuse, troubleshoot operational issues, and maintain system security

We do not sell Meta platform data, and we do not use Meta platform data to build unrelated public user profiles.

AI Assistance And Service Providers

When employees use AI-assisted reply suggestions, relevant comment or message text and limited workflow context may be sent to third-party service providers that help us operate the app.

Today, the reply-generation workflow in this app uses Anthropic through its commercial API. We use that service only to generate internal moderation or response suggestions for authorized employees.

We may also use hosting, database, logging, queueing, and infrastructure providers to operate the app.

We require service providers to process data only to provide the services we request for the app, subject to their applicable commercial terms and our operational controls.

Sharing And Disclosure

We may share information only in limited situations, including:

  • with authorized employees who use the app for business operations
  • with service providers that host, secure, or support the app
  • when reasonably necessary to comply with law, respond to valid legal requests, or protect rights and security
  • when reasonably necessary to investigate abuse, fraud, or security incidents

Retention

Raw comment and message content, AI-generated suggestions, and related response content are automatically targeted for deletion after no longer than 90 days unless a shorter period is required by a deletion request.

Limited non-content operational records may be retained longer when reasonably necessary for security, fraud prevention, legal compliance, or troubleshooting, but we seek to minimize retained personal data.

If we receive a valid deletion request from Meta or the affected user, we will update or delete the relevant platform data as promptly as reasonably possible.

Your Choices And Deletion Requests

If you interacted with the business through a Facebook Page, Instagram account, Messenger conversation, or Instagram Direct conversation and want your data deleted, use the contact method tied to that same interaction and include the phrase Data Deletion Request.

Helpful details include:

  • the platform you used, such as Facebook, Instagram, Messenger, or Instagram Direct
  • the Page or Instagram account you contacted
  • your display name or username at the time of the interaction
  • an approximate date and time
  • a link, screenshot, or message snippet if available

We may ask for additional information that is reasonably necessary to locate the record and confirm the request relates to the interaction at issue.

Security

We use administrative, technical, and organizational measures designed to protect the information used in the app, including access controls, authenticated internal access, request correlation, rate limiting, structured diagnostics, and reduced raw-payload logging.

No system is perfectly secure, but we work to limit access to authorized employees and necessary service providers only.

Changes To This Policy

We may update this Privacy Policy from time to time to reflect changes in the app, our operations, legal requirements, or Meta platform requirements.

When we make material changes, we will update the date at the top of this page and use the revised policy going forward.