AdKit Privacy Policy

At https://adkit.so, we are committed to protecting the privacy of our users and customers. This Privacy Policy explains how we collect, use, and disclose personal information when you use our website

1. Information Collection

We collect information from you when you use our website or service, including:

• Device Information: When you visit our website, we collect information about your device, such as your IP address, browser type, and operating system. We also collect information about your browsing activity on our website, such as the pages you visit, the links you click, and the search terms you use.
• Log Data: We also collect log data when you access our website or service, which includes information about your device, browser, and internet service provider, as well as the date and time of your request.
• Cookies: We use cookies to improve your experience on our website and to remember your preferences. Cookies are small text files that are stored on your device when you visit a website.
• Google Analytics and Metrics: We use these services to track and analyze website traffic, usage, and behavior.
• Third-Party Services: We may also use third-party services such as Twitter for tracking and analyzing website traffic, usage, and behavior. These services may collect and share your personal information for their own uses and purposes. You can read more about Twitter's privacy policy here: https://twitter.com/en/privacy.

2. Use of Personal Information

We use the personal information we collect for the following purposes:

• To provide and improve our website and service
• To process your orders and payments
• To communicate with you about your account, orders, and other transactions
• To screen for potential risk or fraud
• To provide you with information or advertising relating to our products or services
• To comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

3. Disclosure of Personal Information

We do not sell or share your personal information with third parties for their own marketing or commercial use. However, we may share your personal information with third parties for the following purposes:

• Service Providers: We may share your personal information with third-party service providers who assist us with various aspects of our business operations, such as website hosting, data analysis, payment processing, and customer service.
• Compliance with Laws and Law Enforcement: We may disclose your personal information to government authorities or law enforcement officials in order to comply with applicable laws, regulations, or legal process.
• Protection of Rights and Safety: We may disclose your personal information to protect the rights, property, or safety of https://adkit.so, our users, or the public.

4. Meta Platform Data

If you connect your Meta (Facebook) advertising account to AdKit, the following applies:

• Data accessed: When you connect your Meta ad account, we access your ad account information, campaign data, ad performance metrics, Business Manager details, and Facebook Page names through the Meta Marketing API. This data is used solely to display and manage your advertising campaigns within our interface.
• Data storage: Your Meta access token is stored locally in your browser (localStorage) and is never transmitted to or stored on our servers. Campaign data and performance metrics are fetched in real-time from Meta's API and are not persisted on our servers.
• Data sharing: We do not share your Meta advertising data with any third parties.
• Revoking access: You can disconnect your Meta account at any time from within the app or by removing AdKit from your Facebook Business Integrations settings. Upon disconnection, all locally stored tokens are cleared.
• Data deletion: Since we do not store your Meta data on our servers, there is no server-side data to delete. If you request data deletion through Facebook, we confirm the request and clear any remaining references. You can also contact us at [email protected] for any data-related requests.

5. Google Ads Data

If you connect your Google Ads account to AdKit, the following applies:

• Data accessed: When you connect your Google Ads account, we access your account information, campaigns, ad groups, ads, keywords, and performance metrics through the Google Ads API. This data is used solely to display and manage your advertising campaigns within our interface.
• Data storage: Your OAuth refresh token is encrypted using AES-256-GCM before being stored in our database. Access tokens are short-lived, fetched on demand from Google's OAuth servers, and never stored. Draft campaign data (names, settings, ad content) is stored temporarily in our database while you are building campaigns and is cleared automatically after use. Live campaign data and performance metrics are fetched in real-time from Google's API and are not stored.
• Data sharing: We do not share your Google Ads data with any third parties.
• Revoking access: You can disconnect your Google Ads account at any time from within the app or by removing AdKit from your Google Account permissions. Upon disconnection, your stored credentials are deleted.
• Data deletion: When you disconnect your Google Ads account, your encrypted refresh token and any remaining draft data are deleted from our database. You can also contact us at [email protected] for any data-related requests.

6. Data Security

We implement the following measures to protect your data:

• Encryption in transit: All connections between your browser, our servers, and third-party APIs (including Google and Meta) are secured using HTTPS/TLS.
• Encryption at rest: Sensitive credentials such as OAuth tokens and API keys are encrypted using AES-256-GCM before being stored in our database. Encryption keys are managed separately from the database and are never exposed to client-side code.
• Access controls: All authentication tokens are processed server-side only and are never sent to or accessible from the browser. Access to production systems is restricted to authorized personnel.
• Minimal data retention: We only store data necessary to provide the service. Draft campaign data is temporary and cleared after use. Live advertising data is fetched on demand and not persisted. Credentials are deleted when you disconnect an account.
• Least-privilege API scopes: We only request the minimum API permissions necessary to provide the functionality you use.

7. Your Rights

If you are a resident of certain countries, including those in the European Economic Area, you have certain rights in relation to your personal information, including the right to request access to, correct, update, or delete your personal information. If you would like to exercise any of these rights, please contact us at [email protected]

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or to comply with legal or regulatory requirements.