Privacy Policy

DinConnect, operated by Told You I Could Do It (An Australian-registered business (ABN)), handles account connections for our products. Last updated: 12 June 2026.

What we collect

• OAuth access credentials you grant when connecting a Google or Meta account (access tokens, refresh tokens), the scopes you approved, and a provider account identifier.
• Configuration data read on your behalf for the feature you connected — for example the list of your Meta pixels or Google Analytics properties so you can pick one.
• We do not collect your provider password (sign-in happens on Google/Meta), and we do not read content unrelated to the connected feature.

How we use it

• Solely to provide the feature you connected — e.g. creating conversion-tracking settings in your own ad account at your request, or sending your own conversion events to your own pixel/property.
• We never sell or rent data, never use it for advertising of our own, never share it with third parties except the provider APIs you connected, and never make changes you didn’t initiate.
• Google user data: our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
• Meta platform data: we comply with the Meta Platform Terms and Developer Policies.

Storage & security

• Tokens are encrypted at rest with AES-256-GCM; decryption keys live only in the server environment, never in code or backups of the database.
• Data is stored with our cloud providers (Vercel, Neon — US region) over TLS.
• Access is limited to the product the connection belongs to, via authenticated internal APIs.

Retention & deletion

• Connections persist until you disconnect them in the app, revoke access in your Google or Meta security settings, or ask us to delete them.
• Revoked connections and their tokens are deleted; we honour Meta’s data-deletion callback automatically when you remove our app on Facebook.
• You can request deletion any time — see Data deletion. We action requests within 30 days (normally immediately).

Your rights

Under the Australian Privacy Act (and the GDPR where it applies) you may request access to, correction of, or deletion of your data. Contact dylan@tyicdi.com.

Contact

Told You I Could Do It — dylan@tyicdi.com