Meta Platform Data Request Policy

Effective date: May 4, 2026

This policy explains how Vouch handles requests from public authorities for Meta Platform Data (for example, data obtained via Instagram Graph API permissions used by Vouch).

1. Scope

This policy applies to any request from a public authority that asks Vouch to disclose personal data or platform data received from Meta.

2. Legality Review Requirement

Vouch requires a legality review before any disclosure is made.

The request must be in writing and identify the issuing authority.
The request must include a valid legal basis and jurisdiction.
Requests that are incomplete, overbroad, or unclear are challenged or narrowed.
No disclosure is made until an authorized reviewer approves the request.

3. Data Minimization Rule

When disclosure is legally required, Vouch discloses only the minimum information necessary to satisfy the specific request.

Only data categories explicitly requested and legally required are included.
Time ranges are limited to what is strictly necessary.
Unrelated account, merchant, or customer data is excluded.

4. Request Documentation and Audit Trail

Vouch keeps an internal request log for each public-authority request and response.

Minimum log fields:

Date received
Requesting authority and country
Request reference number
Legal basis cited by the authority
Data categories requested
Data categories disclosed (if any)
Decision outcome (approved, narrowed, rejected)
Reviewer/approver name and date
Date of response and transmission method

5. Internal Procedure

Receive and register the request in the internal request log.
Perform legality and scope review.
Seek clarification or narrowing where needed.
Prepare a minimized response set if disclosure is required.
Record final decision, approver, and response details.

6. Contact

For questions about this policy, contact privacy@vouch.hk.