Privacy Policy
1. Who we are
Adsteer ("Adsteer", "we", "us") operates this service. This policy explains what data we collect when you use the Adsteer service, why we collect it, and how we protect it.
Legal entity full name, registered address, and any applicable data-controller registration to be confirmed by counsel.
2. What data we collect
- Advertising account data — Meta (Facebook) ad account performance data, and where you connect it, GA4 analytics data. We read reporting metrics only.
- Connection credentials — the Meta access token (and any GA4 / attribution credentials) you provide so we can pull your reporting data. Credentials are stored encrypted at rest (Fernet symmetric encryption) and are never returned to the browser or exposed in our admin views.
- Account & intake information — the onboarding details you submit (product URL, budget, target markets, channels, target ROAS, timezone, contact email).
- Session cookie — after you log in with your API key, we set a signed, HttpOnly session cookie that stores only your tenant identifier so your dashboard stays logged in.
- Managed-access enquiries — if you submit the managed onboarding form, we record your name, email, company, and message so we can follow up.
3. What we do NOT do
Adsteer has read-only access to your advertising data. We cannot create ads, change budgets, or modify anything in your ad account. We do not use your data to train models for other customers, and we do not sell your data.
4. How we use your data
- To build your advertising dashboards, trends, and AI diagnosis.
- To reconcile attribution across channels and analytics sources.
- To operate, secure, and support the service (e.g. token-expiry reminders).
- To respond to your enquiries and manage your subscription.
5. Sharing with third parties
We do not sell or rent your data. We share data only with infrastructure providers strictly needed to run the service — for example Meta and Google APIs (to fetch your own reporting data), our hosting provider, our email-delivery provider, and our payment processor (Stripe) for billing. Each processes data only to provide their service to us.
Confirm the full sub-processor list and whether a public sub-processor page / DPA template is required.
6. Data retention & deletion
We retain your account data and credentials for as long as your account is active. You can request deletion of your account and stored credentials at any time by emailing zhengchenkai0307@gmail.com; we will delete your stored credentials and account data within a reasonable period after your request.
Confirm specific retention windows and any legal/accounting minimums (e.g. billing records).
7. Your rights
Depending on where you are, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. To exercise any of these, contact zhengchenkai0307@gmail.com.
Confirm which regimes apply (e.g. GDPR / CCPA) and the exact rights language and response SLAs.
8. Cookies
We use a single essential cookie: a signed, HttpOnly session cookie set after login that stores only your tenant identifier and expires automatically. It is required for the dashboard to work and is not used for advertising or cross-site tracking.
9. Security
Credentials are encrypted at rest and never exposed in the browser or in admin views. Access to customer data is limited and logged. No system is perfectly secure, but we take reasonable technical and organisational measures to protect your data.
10. Changes to this policy
We may update this policy from time to time. We will update the "Last updated" date above and, for material changes, take reasonable steps to notify you.
11. Contact
Questions about this policy or your data? Email zhengchenkai0307@gmail.com.
Add postal contact address and any required governing-law / jurisdiction clause for privacy matters.