KeyGum

Data Deletion

Version: 2026-05-01 Effective date: 2026-05-01

This page explains how KeyGum honours data-deletion requests, how to make one, and how it interacts with the Platforms (Facebook, Instagram, Threads, X, LinkedIn, YouTube, TikTok, Pinterest) we connect to on your behalf.

KeyGum is operated by Ett Två AB (Org.nr 559580-5614, with registered office at Mörbydalen 8, 182 52 Danderyd, Sweden), doing business as "KeyGum".

Who can request deletion

There are three different audiences who can ask us to delete data, with three different procedures:

  • Account holders (the developer / business that signed up for a KeyGum customer account) — request deletion of your own customer account from app.keygum.com → Settings → Delete Account. This triggers a 30-day grace window for restoration; after the window we delete the customer record and cascade-remove every connected profile, OAuth token, audit-log entry tied to the account, and queued publish job. See Privacy Notice §6 for the full retention table.
  • Platform end-users (an individual whose Facebook / Instagram / Threads account was connected by an Account holder, and who has now removed the KeyGum app from the Platform) — Meta automatically notifies us via a programmatic callback (see below). You do not need to email us; the deletion happens within minutes of you clicking "Remove" on the Platform.
  • Anyone whose personal data appears inside Customer Content — email privacy@keygum.com. We act as a processor for Customer Content, so we will forward your request to the Account holder who owns the data and assist them in fulfilling your right of erasure under GDPR Article 17. We typically respond within 30 days (extendable to 90 under Article 12(3) for complex requests).

How the Meta data-deletion callback works (technical detail)

When you remove the KeyGum app from your Facebook, Instagram, or Threads account in those Platforms' Settings → Apps and Websites flow, Meta sends a signed_request HTTP POST to one of:

  • https://api.keygum.com/v1/oauth/data-deletion-callback/meta (Facebook + Instagram)
  • https://api.keygum.com/v1/oauth/data-deletion-callback/threads (Threads)

We:

  1. Verify the request signature against the relevant Meta App Secret (HMAC-SHA256). Unverified requests are rejected with HTTP 400.
  2. Find every KeyGum profile whose Platform account_id matches your Meta user ID under the matching platform set.
  3. Revoke each profile (set status to revoked, null out the encrypted OAuth token, set updated_at).
  4. Write one profile.data_deletion_callback row per affected customer to our immutable audit log.
  5. Mint a UUID confirmation code and persist a 90-day public-status summary in our cache (your code → {processed_at, profiles_affected, customer_count}).
  6. Respond to Meta with { url, confirmation_code } per Meta's specification. Meta then surfaces those values to you in their UI.

Following the URL we returned shows you a public status page confirming when the deletion ran and how many of your connected profiles were affected.

What gets deleted vs. retained

Deleted from primary storage:

  • The connected profiles row (status set to revoked, encrypted credentials cleared);
  • Any in-flight publish jobs the worker was about to send to the deleted profile;
  • The OAuth tokens themselves — irreversible AES-256-GCM ciphertext is overwritten with NULL.

Retained on a fixed schedule:

  • Audit-log entries documenting the deletion itself, retained for two years for security and regulator-inspection purposes (Privacy Notice §6).
  • Database backups, which contain the data prior to deletion, until they rotate on the standard schedule (up to 120 days post-deletion, see Privacy Notice §6 / DPA §9).
  • Invoicing / accounting records that we are legally required to retain under the Swedish Bokföringslagen (7 years). Held by Stripe and our bookkeeping software, not in KeyGum's primary database.

We do not train any AI or machine-learning model on Customer Content (Privacy Notice §3). There is no "training corpus" copy to delete.

Verifying a deletion request

If you have a confirmation code from Meta or from us, the public status page is:

https://api.keygum.com/v1/oauth/data-deletion-status?id=<your-confirmation-code>

The page shows when the deletion was processed and how many connected profiles were affected. The summary expires after 90 days; the audit-log record persists for 2 years and is queryable on request.

How to request deletion as a developer / Account holder

  1. Sign in to app.keygum.com.
  2. Visit Settings → Delete Account.
  3. Confirm via 2FA step-up.
  4. The account enters a 30-day grace period during which you can cancel the deletion. After 30 days, deletion runs automatically.

You may export your data before deletion via Settings → Export (or by emailing privacy@keygum.com until the v2 self-serve export tooling ships).

How to revoke connected accounts directly on the Platform

If you only want to disconnect one connected account (not delete your whole KeyGum customer record), do it on the Platform itself:

  • Facebook / Instagram / Threads: Settings → Apps and Websites → find "KeyGum" → Remove
  • LinkedIn: Settings → Data privacy → Permitted Services → KeyGum → Remove
  • YouTube / Google: myaccount.google.com/permissions → KeyGum → Remove access
  • TikTok: Settings → Apps and Websites → KeyGum → Remove
  • Pinterest: Settings → Apps → KeyGum → Disconnect
  • X (Twitter): Settings → Security and account access → Apps and sessions → Connected apps → KeyGum → Revoke access
  • Bluesky: App Passwords → revoke the password issued to KeyGum

The Platform-side revoke takes effect immediately on the Platform. Our Service detects the revocation when our adapter next calls the Platform API; we then mark the profile expired automatically. You may also disconnect from the KeyGum dashboard at app.keygum.com → Profiles → Disconnect, which calls the Platform's revoke endpoint and clears our local copy in one step.

Contact

  • Privacy / data-subject requests: privacy@keygum.com
  • General support: support@keygum.com
  • Postal: Ett Två AB, Mörbydalen 8, 182 52 Danderyd, Sweden

Supervisory authority: Integritetsskyddsmyndigheten (IMY), Box 8114, 104 20 Stockholm — imy@imy.se, +46 8 657 61 00.

Ett Två AB, Sweden — privacy@keygum.com