Privacy Policy

Last updated: 2026-04-22 · Extension: Evida (Chrome) · Contact: [email protected]

Summary

Evida is a Chrome extension that surfaces recent edits in Meta Ads Manager (who changed what and when). All data stays on your device. We do not run servers, we do not collect analytics, and we do not share anything with third parties except Meta's own Graph API — which you already authorize by pasting your own access token.

What data the extension handles

Data	Where it comes from	Where it's stored	Why
Meta User Access Token	You paste it in Settings	`chrome.storage.local` on your device	Required to call Meta Graph API on your behalf
User ID & name	Fetched from `/me` endpoint once after you paste a token	`chrome.storage.local`	Powers the "Only my edits" filter
Ad account list	Fetched from `/me/adaccounts`	`chrome.storage.local` (cached for session)	Populates the account dropdown
Activity log entries	Fetched from `/{account}/activities`	In memory during popup session; not persisted between reloads	Rendered as the change feed
Settings	You choose them	`chrome.storage.local`	User preferences (theme, refresh interval, active hours, filters)

All storage is local (chrome.storage.local). The extension does not use chrome.storage.sync — nothing is mirrored to your Google account or other devices.

What we do NOT do

We do not collect analytics, telemetry, crash reports, or usage metrics.
We do not run any server. There is no backend.
We do not transmit your token, activity data, or any other information to anyone other than graph.facebook.com (Meta's own API).
We do not read or modify pages outside adsmanager.facebook.com, business.facebook.com/adsmanager/*, and www.facebook.com/adsmanager/*. The extension's host_permissions are scoped to those paths.
We do not sell, rent, share, or transfer any personal information.
We do not use the data for credit-worthiness, advertising, or any purpose unrelated to showing you your own ad account change log.

Third parties

The only third-party service the extension contacts is Meta Graph API (https://graph.facebook.com). Requests are authenticated with the access token you provided. Meta's handling of those requests is governed by their own Meta Platform Terms and Meta Privacy Policy. We have no visibility into those requests — they go directly from your browser to Meta.

Permissions explained

The extension requests the following Chrome permissions, each with a narrow purpose:

storage — save your token and settings on your device.
alarms — run the optional background refresh at the interval you configure (2 / 5 / 15 / 30 / 60 min). You can disable this entirely with "Manual refresh only".
tabs — identify the Ads Manager tab to push badge updates to. We do not read tab content from unrelated sites.
host_permissions — scoped to graph.facebook.com (for the API) and /adsmanager/* paths on Meta's domains (for injecting inline badges). Not the rest of Facebook.

Data retention & deletion

All extension data lives in chrome.storage.local on your device. To delete everything:

Go to chrome://extensions.
Click Remove on "Evida".

Chrome will purge all extension storage. There is nothing stored elsewhere to delete.

To revoke your Meta access token independently, go to Meta's app settings and remove the app you generated the token with (typically "Graph API Explorer" or your own Facebook App).

Security

The token is kept in chrome.storage.local, which is isolated from web pages and other extensions.
API requests use the Authorization: Bearer <token> header — the token is never placed in request URLs, where it could leak into DevTools recordings, proxy logs, or screen shares.
The extension does not inject inline <script> into Meta's pages; it only appends small <span class="mab-ago"> badge nodes next to campaign rows.
No remote code is loaded. All JavaScript ships inside the extension package.

Data deletion

Because Evida stores data locally on your device, deleting your data is instant and does not require contacting us. You have two options:

Disconnect from Meta and wipe local storage. Open the extension → Settings → Disconnect. This clears your access token and all cached campaign edits from chrome.storage.local.
Uninstall the extension. Right-click the Evida icon in Chrome → Remove from Chrome. Chrome automatically purges the extension's storage on uninstall.

You can also revoke Evida's access token directly in your Meta Business Settings at any time — Evida loses all API access immediately.

If you authorized Evida via "Login with Meta" and want us to confirm deletion of any residual logs (short-lived token prefix hashes kept for rate-limit and abuse prevention, up to 30 days), email [email protected] from the email tied to your Meta account. We respond within 30 days per GDPR.

Children

The extension is intended for professional marketers managing their own (or their employer's / client's) Meta ad accounts. It is not directed at children under 13 and does not knowingly collect any information from them.

Changes to this policy

If the policy materially changes, the new version will be posted at the same URL and the "Last updated" date at the top will be revised. Material changes would typically coincide with a major version bump of the extension (e.g., 2.0.0).

Contact

Questions, concerns, or data requests:

[email protected]

This policy covers version 1.6.x of Evida. If you are reading a stored copy, check the latest version on the project page.