Ad platform tokens: Meta long-lived tokens, Google OAuth refresh tokens, and ad account identifiers. Encrypted at rest with AES-256-GCM.
Ad performance data: aggregate metrics (spend, impressions, clicks, conversions) returned by Meta/Google APIs.
Chat history: prompts and responses you exchange with the AI agent, stored to provide conversation continuity.
Billing data: handled by Stripe; we store only the customer ID, subscription status, and last-4 of the card.
Operational logs: request timestamps, IP addresses, and audit entries (adSyncLogs) for security and debugging.
2. What We Do Not Collect
We do not collect ad creative content beyond what the ad platform APIs return for analytics.
We do not collect customer or end-user PII from your ad campaigns.
We do not sell or share your data with advertisers or data brokers.
3. How We Use Your Data
To operate and improve the Service, sync ad metrics, run AI analyses you request, send transactional email (billing, security alerts), and meet legal obligations.
4. Data Retention
Account and ad-metric data are retained while your account is active. After cancellation, data is held for 30 days for export, then deleted. Audit logs are retained for 12 months. Backups are purged on a 35-day rolling basis.
5. GDPR & Your Rights
If you reside in the EU/UK, you have the right to access, correct, export, restrict, or delete your personal data, and to lodge a complaint with your supervisory authority. Email privacy@admaxxer.com; we respond within 30 days.
6. Cookies
We use a session cookie for authentication and a CSRF cookie for security. No third-party advertising or tracking cookies are set on our marketing site.