Privacy Policy

01Data we collect

• Account data. Name, work email, and organization name when you sign up.
• Integration data. When you authorize the Service to connect to a third-party platform (TikTok Ads, Meta Ads, Google Ads, Shopify, Stripe, and others), we receive OAuth tokens and the metrics, campaigns, orders, transactions, and customer-level records that platform's API exposes on your behalf.
• Usage & telemetry data. Log files, IP address, browser type, pages visited. Used only for platform reliability, abuse prevention, and security investigations.
• Communications. Messages you send us via email or in-product channels.

02How we use data

• To render analytics dashboards inside your authenticated workspace.
• To compute aggregated business metrics (profitability, CAC, LTV, conversion rates, forecasts) for your brand.
• To operate, secure, monitor, and support the Service.
• To communicate operational and product updates relevant to your account.

We do not sell your data. We do not share it with third parties for advertising. We do not use it to train external or general-purpose AI models.

03Third-party platform data

Data obtained via third-party APIs — including the TikTok Marketing API, Meta Marketing API, Google Ads API, Shopify Admin API, Stripe API, and others — is processed and stored solely to display analytics for the third-party account that explicitly authorized our platform. We retain such data for as long as your account remains active and the integration is connected.

You can revoke our access at any time from the provider's own settings (e.g., your TikTok for Business account, your Meta Business Settings, your Shopify Admin). After revocation we stop syncing new data and delete previously synced integration data within 90 days, except where retention is required by law.

04Retention & deletion

We retain account data and integration data for as long as your account is active. On account deletion or a written deletion request to the email below, we delete personal data and integration data within 90 days, except where retention is required by law (e.g., financial records).

Aggregated, anonymized, and de-identified data — which cannot reasonably be associated with any individual or organization — may be retained indefinitely for platform improvement and benchmarking.

05Security

Data is encrypted in transit (TLS 1.2+) and at rest. OAuth tokens and sensitive credentials are encrypted at the storage layer. Access is restricted to authenticated platform operators on a least-privilege basis, audited, and reviewed periodically. We follow industry-standard practices for vulnerability management, dependency scanning, and incident response.

06International transfers

The Service may process data outside your country of residence (including the European Economic Area, the United Kingdom, and the United States). Where required by law, we rely on lawful transfer mechanisms such as Standard Contractual Clauses or equivalent safeguards.

07Your rights

Subject to applicable law (including the GDPR, UK GDPR, and CCPA), you may request:

• Access to personal data we hold about you.
• Correction of inaccurate or incomplete personal data.
• Deletion of personal data.
• Portability of personal data in a machine-readable format.
• Objection to or restriction of certain processing activities.
• Withdrawal of consent where processing is based on consent.

To exercise any of these rights, contact us at the email below.

08Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the “Last updated” date at the top of this page, and where appropriate, by direct notice to active account holders.

09Contact

For privacy questions, data subject requests, or anything else related to this policy, please write to:

Data Protection Contact
[email protected]