Privacy Policy.

Information You Provide

When you create an account or use our Services, you may provide us with:

• Account Information: Email address, password, first name, and last name
• Organization Details: Organization name and your role within it
• Business Information: Business name, website URL, and advertising goals
• Advertising Metrics: Monthly ad budget, target return on ad spend (ROAS), average order value, and cost per lead targets
• Payment Information: Billing details processed securely through Stripe (we do not store full payment card numbers)
• Feedback: Any feedback, bug reports, or feature requests you submit

Information Collected Automatically

When you interact with our Services, we automatically collect:

• Device Information: Browser type, operating system, and device type
• Usage Data: Pages visited, features used, and interaction patterns
• Network Information: IP address and approximate geographic location (city/country level)
• Referral Data: How you found our Services, including referral URLs and marketing campaign parameters

Information from Third-Party Integrations

When you connect your advertising accounts, we access Meta (Facebook/Instagram) Ads Data: Ad account information, campaign structures, ad performance metrics, audience targeting settings, and creative assets. We access this data through Meta's official API with your explicit authorization.

If you choose to use our Auto-Implement feature, we also use Meta's API to make authorized changes to your ad account settings, campaigns, ad sets, and ads on your behalf. These changes are only made when you explicitly authorize each Auto-Implement action.

Cookies and Similar Tracking Technologies

We use cookies, pixels, and similar technologies on our website and app to keep you signed in, measure how the Services are used, and support advertising attribution. For a categorized list of the specific cookies we set, their purposes, and how long they last, see our Cookie Policy.

We use the information we collect to:

• Provide Our Services: Sync your advertising data, generate AI-powered optimization recommendations, and display performance analytics
• Maintain Your Account: Authenticate your identity, manage your subscription, and communicate account-related updates
• Improve Our Platform: Analyze usage patterns to enhance features, fix issues, and develop new capabilities
• Process Payments: Handle subscription billing and payment processing through Stripe
• Provide Support: Respond to your inquiries and provide customer assistance
• Ensure Security: Detect and prevent fraudulent activity, abuse, and security threats

AI Recommendations and Auto-Implement

We use automated systems, including artificial intelligence, to analyze your advertising data and generate recommendations (for example, suggestions to scale, pause, or modify campaigns). If you enable our Auto-Implement feature, we make the recommended changes in your connected ad accounts on your behalf when you authorize the action. Recommendations are tools to assist your decision-making, and you remain in control of which actions are applied to your account.

We work with a small number of service providers (subprocessors) to deliver and operate the Services. They fall into the following categories:

• Cloud infrastructure, databases, and storage — to host the application and store your data.
• Authentication, payments, and email — to sign you in, bill your subscription, and send you account messages.
• Product analytics and customer support — to understand how you use the Services and help you when you contact us.
• Advertising attribution — to measure the effectiveness of our marketing on Meta, TikTok, and Google.
• AI model providers — to generate the recommendations and analyses that power AdAdvisor.
• Public web content extraction — to gather publicly available information about the businesses you analyze.

For the current list, including the specific vendor, what each one does for us, and where it operates, see our Subprocessors page. These providers are contractually obligated to protect your information and to use it only for the services they provide to us.

Some of our advertising service providers — specifically Meta, TikTok, and Google — receive data that is used to deliver, measure, or optimize advertising. Under California law, this may be considered a “sale” or “sharing” of personal information for cross-context behavioral advertising even though no money changes hands. You can exercise your right to opt out as described in Section 7.

We offer a Model Context Protocol ("MCP") server that lets you connect your AdAdvisor account to third-party AI assistants and developer tools (for example, Claude, ChatGPT, Cursor, and similar clients) so those assistants can read your advertising data and perform actions in your connected ad accounts that you authorize.

How You Connect

You authenticate to our MCP server through an OAuth flow tied to your AdAdvisor account or by issuing an API key from your AdAdvisor settings. Each connection is scoped to a single AdAdvisor organization. You can revoke API keys or disconnect the integration at any time from your account settings.

What Flows Through the Server

When you instruct your AI assistant to perform an action (for example, "list my campaigns" or "pause this ad set"), the assistant sends a request to our MCP server and our server returns the relevant data or performs the requested change in your connected ad account. The data returned may include the account, campaign, ad set, ad, audience, creative, and performance information described in Section 1.

Logging

We log MCP requests and responses, together with associated user, organization, and timing information, for security, abuse prevention, billing, debugging, and operational monitoring. These logs are retained as described in Section 6 (Data Retention).

Third-Party AI Providers

The AI assistant you choose to connect is operated by a separate company (for example, Anthropic for Claude, or OpenAI for ChatGPT). When you use an AI assistant with our MCP server, that provider receives your prompts and the responses our server returns as part of its conversation with you. AdAdvisor does not control how the AI provider processes, stores, or further uses that information, and your use of any AI assistant is governed by that provider's own terms and privacy policy. You should review those terms before connecting AdAdvisor to an AI assistant.

Your Responsibility

You are responsible for the prompts you send through your AI assistant and for any actions you authorize the assistant to take in your connected ad accounts.

We implement reasonable technical and organizational measures to protect your information:

• Encryption: Meta access tokens are encrypted at rest in our database. All data transmission uses HTTPS/TLS encryption.
• Access Controls: We use role-based access controls and require authentication for all data access.
• Infrastructure Security: Our Services are hosted on secure cloud infrastructure with regular security updates.

While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security.

Reporting a Security Vulnerability

If you believe you have discovered a security vulnerability in our Services, please report it to us at security@adadvisor.ai so we can investigate and respond. Please do not publicly disclose the issue before we have had a reasonable opportunity to address it.

We retain your information for as long as your account is active or as needed to provide you with our Services. Specifically:

• Account Data: Retained while your account is active
• Advertising Data: Synced data from Meta is retained while your account is connected
• Payment Records: Retained as required for financial and legal compliance

When you request account deletion, we will completely remove all personally identifiable information and delete all Meta advertising data synced from your account.

You have the following rights regarding your information:

Access and Correction

You can access and update your account information through your account settings at any time.

Data Deletion

You may request complete deletion of your account and associated data by contacting us at support@adadvisor.ai. Upon verification of your identity, we will process your request within 30 days.

Disconnect Integrations

You can disconnect your Meta ad account at any time through your AdAdvisor settings or by revoking access through your Meta Business Settings.

Communication Preferences

You can manage your email preferences in your account settings or unsubscribe from marketing communications using the link provided in our emails.

Additional Rights for California Residents

If you are a California resident, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) gives you the following rights, subject to certain exceptions:

• Right to know the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business or commercial purposes for collecting it, and the categories of third parties with whom we shared it.
• Right to delete personal information we collected from you.
• Right to correct inaccurate personal information we hold about you.
• Right to opt out of the “sale” or “sharing” of your personal information for cross-context behavioral advertising. As described in Section 3, our use of Meta, TikTok, and Google advertising tools may constitute “sharing” under California law. To opt out, email us at support@adadvisor.ai with the subject line “Do Not Sell or Share.”
• Right to limit the use of sensitive personal information. We do not use or disclose sensitive personal information for purposes that would trigger this right.
• Right to non-discrimination for exercising any of these rights.

You may submit requests using the contact details in Section 12. You may also use an authorized agent acting on your behalf, provided you give the agent signed written permission and we are able to verify your identity. We will respond within the timeframes required by law.

Additional Rights for Residents of the EEA, the UK, and Switzerland

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the GDPR and equivalent local laws, subject to certain exceptions:

• Right of access to the personal data we hold about you.
• Right to rectification of inaccurate or incomplete personal data.
• Right to erasure (“right to be forgotten”) in certain circumstances.
• Right to restrict our processing of your personal data.
• Right to data portability for personal data you provided to us.
• Right to object to processing based on our legitimate interests, including processing for direct marketing.
• Right to withdraw consent at any time where we rely on your consent to process your personal data. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.
• Right to lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at support@adadvisor.ai.

Legal Bases for Processing (EEA, UK, and Switzerland)

Where the GDPR applies, we process your personal data on the following legal bases:

• Performance of a contract — to provide the Services to you and to administer your account.
• Legitimate interests — to operate, secure, and improve the Services, to communicate with you about your account, to prevent fraud and abuse, and to measure the effectiveness of our marketing.
• Consent — for non-essential cookies and similar technologies, for marketing communications where required, and for any other processing for which we ask for your consent. You may withdraw consent at any time.
• Compliance with a legal obligation — to retain records required for tax, accounting, and other legal purposes.

AdAdvisor is based in the United States. If you access our Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. These countries may have data protection laws that differ from those in your jurisdiction.

Where your personal data is transferred from the European Economic Area, the United Kingdom, or Switzerland to a country that has not been recognized as providing an adequate level of data protection, we rely on appropriate transfer mechanisms — such as the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable) — entered into with the recipient of the data, together with any supplementary measures required.

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we learn that we have collected information from a child, we will promptly delete it.

Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before providing any information.

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by email or through a notice on our Services. Your continued use of the Services after such notification constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, please contact us: