OXPI

Last updated: June 9, 2026

Meta API Disclosure

This page explains how OXPI uses Meta APIs when a business user connects Facebook or Instagram to OXPI.

Purpose of the Meta integration

OXPI uses Meta APIs to help a business manage selected Facebook Pages, Instagram business accounts, ad accounts, Lead Ads forms, campaign workflows, social publishing, and CRM lead status feedback from one business operations workspace.

Permissions and product use

  • pages_show_list: list Pages the business user can connect and select.
  • pages_read_engagement: read Page context needed for lead, post, and engagement workflows.
  • pages_manage_metadata: subscribe selected Pages to webhooks such as Lead Ads events.
  • leads_retrieval: retrieve full Lead Ads submissions for selected Pages and forms.
  • ads_read: read ad account and campaign context used for attribution and reporting.
  • pages_manage_ads: connect selected Pages to approved advertising workflows.
  • business_management: access business asset relationships needed to connect the correct Pages and ad accounts.
  • ads_management: create or update campaigns only after explicit business-user approval.
  • pages_manage_posts: publish approved Page posts from the social calendar.
  • pages_manage_engagement: publish approved replies to Page comments when the business enables reply workflows.
  • pages_read_user_content: read Page comment context needed to prepare reply drafts.
  • instagram_basic: identify the selected Instagram business account.
  • instagram_content_publish: publish approved Instagram content from the social calendar.
  • pages_messaging, instagram_manage_messages, instagram_manage_comments: prepare and send approved replies only when the business enables inbox or comment workflows.
  • read_insights: read Page, Instagram, and campaign insights for reporting and optimization recommendations.

Data OXPI stores

  • Encrypted OAuth access tokens and Page access tokens.
  • Meta account identifier, connected account name, granted permissions, token status, and consent timestamps.
  • Selected Page, ad account, Instagram business account, and Lead Ads form identifiers.
  • Lead Ads identifiers, field data needed to create CRM leads, and campaign/ad attribution where available.
  • Campaign draft, approval, spend, publishing, and status-sync audit records.
  • Webhook delivery and API action logs needed for security, support, retries, and compliance.

Business-user control

OXPI acts only for the connected business and selected assets. Ad spend, campaign publishing, public social posts, and outbound replies require business-user authorization or preconfigured approval rules. The business user can disconnect Meta from OXPI at any time.

Data sharing and AI processing

OXPI does not sell Meta data. OXPI does not use Meta data for unrelated advertising. AI assistance may process connected business content only to provide requested OXPI features, such as draft campaigns, suggested replies, summaries, lead classification, and operational recommendations. OXPI does not use Meta data to train generalized or non-personalized AI or machine learning models.

Deletion

Users can disconnect Meta inside OXPI, revoke OXPI from Meta Business Integrations settings, or email support@oxpi.co.il with a data deletion request. Meta's automated data deletion callback is available at /api/v1/meta/data-deletion. Meta app removal and permission revocation notices are handled at /api/v1/meta/deauthorize so stored tokens are cleared and the user must reconnect before OXPI can use Meta APIs again.