Data Deletion Instructions

Last updated: May 20, 2026 (v2)

How to delete your data

Murmur supports two paths to remove your data, depending on whether you are a Facebook / Instagram user whose data we synced via OAuth or a Murmur dashboard user (advertiser).

Option 1 — Request deletion by email (recommended)

Email [email protected] with the subject "Data Deletion Request" from the address you signed up with (or include the Facebook user ID or Page name we synced from your account). We process manual requests within 30 days.

Note: Removing Murmur via Facebook's Settings & Privacy → Settings → Apps and Websites → Remove (or the equivalent "Business Integrations" flow) revokes Murmur's ongoing permission to access your data, and also triggers our deauthorize callback which deletes the data we have already synced (see Option 2 below). Your data is therefore removed automatically; you only need the email path above for legacy cases or if you also want your Murmur dashboard account closed.

Option 2 — Automatic, via Meta's callbacks

Murmur implements two Meta-initiated callbacks at our backend that both result in deletion of data tied to your Facebook / Instagram user ID:

• Data Deletion Request Callback — fires when Meta sends us a valid signed deletion request on your behalf.
• Deauthorize Callback — fires when you remove Murmur from your Facebook account or revoke its permissions. Per Meta Platform Terms §3.d.i.2(d), revoking your account / permissions is treated as a deletion trigger; we honour this by performing the same cascade deletion as for explicit deletion requests.

For either path, we process the request within seconds, write an audit record, and return a confirmation code to Meta. The exact circumstances under which Meta sends a deletion request (as opposed to deauthorize) are determined by Meta; see Facebook Help for current Meta-side flows.

If you receive a confirmation code from Meta, you can paste it at https://murmurlink.com/data-deletion/status/<code> to verify what was removed.

What gets deleted

• Your KOL profile and the encrypted Facebook / Instagram access tokens tied to it
• All synced posts, comments, and replies under your pages
• Connected Facebook Ad Accounts you authorized via OAuth, including the encrypted Marketing API user access token and any cached ad / ad creative metadata
• Comments you wrote on KOL pages are anonymized (your name and user ID are nulled; the public comment content on Meta itself is unaffected)

Note: ad accounts connected before May 19, 2026 may not be matchable by this automatic callback (the authorizing user ID was not recorded for legacy connections). If you authorized an ad account prior to that date and want it removed, please email us using the contact below.

Contact

For questions about data deletion, contact us at [email protected].