Privacy Policy

Last updated: 2026-04-22 · Extension: Evida (Chrome) · Contact: [email protected]

Summary

Evida is a Chrome extension that surfaces recent edits in Meta Ads Manager (who changed what and when). All data stays on your device. We do not run servers, we do not collect analytics, and we do not share anything with third parties except Meta's own Graph API — which you already authorize by pasting your own access token.

What data the extension handles

Data	Where it comes from	Where it's stored	Why
Meta User Access Token	You paste it in Settings	`chrome.storage.local` on your device	Required to call Meta Graph API on your behalf
User ID & name	Fetched from `/me` endpoint once after you paste a token	`chrome.storage.local`	Powers the "Only my edits" filter
Ad account list	Fetched from `/me/adaccounts`	`chrome.storage.local` (cached for session)	Populates the account dropdown
Activity log entries	Fetched from `/{account}/activities`	In memory for the popup; a local 7-day / 2000-entry cache may be stored in `chrome.storage.local` for alert previews	Rendered as the change feed and alert dry-run previews
Settings	You choose them	`chrome.storage.local`	User preferences (theme, refresh interval, active hours, filters)

All storage is local (chrome.storage.local). The extension does not use chrome.storage.sync — nothing is mirrored to your Google account or other devices.

What we do NOT do

We do not collect analytics, telemetry, crash reports, or usage metrics.
We do not store activity data on Evida servers.
We do not transmit your token, activity data, or any other information except to services needed for features you enable: graph.facebook.com, Evida's OAuth Worker, and user-configured Slack webhooks.
We do not read or modify pages outside adsmanager.facebook.com, business.facebook.com/adsmanager/*, and www.facebook.com/adsmanager/*. The content script is scoped to those Ads Manager paths.
We do not sell, rent, share, or transfer any personal information.
We do not use the data for credit-worthiness, advertising, or any purpose unrelated to showing you your own ad account change log.

Third parties

The extension can contact Meta Graph API (https://graph.facebook.com), Evida OAuth Worker (https://oauth.useevida.com) when you choose "Log in with Meta", and Slack incoming webhooks only when you explicitly configure a webhook URL. Meta's handling of Graph API requests is governed by their own Meta Platform Terms and Meta Privacy Policy.

Permissions explained

The extension requests the following Chrome permissions, each with a narrow purpose:

storage — save your token and settings on your device.
alarms — run the optional background refresh at the interval you configure (2 / 5 / 15 / 30 / 60 min). You can disable this entirely with "Manual refresh only".
tabs — identify the Ads Manager tab to push badge updates to. We do not read tab content from unrelated sites.
notifications — show optional Chrome alerts for critical changes.
identity — run the optional Meta OAuth login flow.
downloads — export the visible change feed as a CSV file.
host_permissions — scoped to graph.facebook.com, /adsmanager/* paths on Meta's domains, Slack webhook delivery, and Evida's OAuth Worker.

Data retention & deletion

All extension data lives in chrome.storage.local on your device. To delete everything:

Go to chrome://extensions.
Click Remove on "Evida".

Chrome will purge all extension storage. There is nothing stored elsewhere to delete.

To revoke your Meta access token independently, go to Meta's app settings and remove the app you generated the token with (typically "Graph API Explorer" or your own Facebook App).

Security

The token is kept in chrome.storage.local, which is isolated from web pages and other extensions.
API requests use the Authorization: Bearer <token> header — the token is never placed in request URLs, where it could leak into DevTools recordings, proxy logs, or screen shares.
The extension does not inject inline <script> into Meta's pages; it only appends small <span class="mab-ago"> badge nodes next to campaign rows.
No remote code is loaded. All JavaScript ships inside the extension package.

Data deletion

Because Evida stores data locally on your device, deleting your data is instant and does not require contacting us. You have two options:

Disconnect from Meta and wipe local storage. Open the extension → Settings → Disconnect. This clears your access token and all cached campaign edits from chrome.storage.local.
Uninstall the extension. Right-click the Evida icon in Chrome → Remove from Chrome. Chrome automatically purges the extension's storage on uninstall.

You can also revoke Evida's access token directly in your Meta Business Settings at any time — Evida loses all API access immediately.

If you authorized Evida via "Login with Meta" and want us to confirm deletion of any residual logs (short-lived token prefix hashes kept for rate-limit and abuse prevention, up to 30 days), email [email protected] from the email tied to your Meta account. We respond within 30 days per GDPR.

Children

The extension is intended for professional marketers managing their own (or their employer's / client's) Meta ad accounts. It is not directed at children under 13 and does not knowingly collect any information from them.

Changes to this policy

If the policy materially changes, the new version will be posted at the same URL and the "Last updated" date at the top will be revised. Material changes would typically coincide with a major version bump of the extension (e.g., 2.0.0).

Contact

Questions, concerns, or data requests:

[email protected]

This policy covers version 1.12.1 of Evida. If you are reading a stored copy, check the latest version on the project page.