Privacy Policy

Effective Date: September 1, 2025
Last Updated: September 1, 2025

Adova.ai (we, our, or us) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-channel advertising optimization platform and related services (the Service).

Adova.ai provides advertising optimization services to businesses and agencies managing their own advertising campaigns across multiple platforms including Google Ads, Meta, and LinkedIn.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

We collect personal information that you voluntarily provide to us when you:

Create an account or register for our services
Contact us for support or inquiries
Subscribe to our newsletters or marketing communications
Participate in surveys, contests, or promotional activities
Upload content or data to our platform

This information may include:

Name, email address, phone number
Company name and business information
Billing and payment information
Profile information and preferences
Communications and correspondence with us

1.2 Information We Collect Automatically

When you access our platform, we automatically collect certain information:

Device information (IP address, browser type, operating system)
Usage data (pages visited, time spent, features used)
Log data (access times, error logs, performance metrics)
Cookies and similar tracking technologies
Location data (general geographic location based on IP address)

1.3 Third-Party Platform Data

We receive data from advertising platforms through authorized API connections that you establish, including:

Google Ads Data:

Campaign performance metrics (impressions, clicks, conversions)
Account structure data (campaigns, ad groups, keywords)
Audience insights and demographics (aggregated and anonymized)
Bid and budget information for optimization purposes only
Quality scores and performance recommendations
Historical performance data for trend analysis

Data Minimization: We collect only the minimum Google Ads data necessary to provide our optimization services and do not access or store data beyond what is required for authorized advertising optimization purposes.

Meta (Facebook/Instagram) Data:

Ad account information and campaign data
Audience insights and targeting data (aggregated and anonymized)
Creative performance metrics for optimization purposes only
Pixel data and conversion tracking information
Business Manager account details for authorized campaign management

Data Minimization: We collect only the minimum Meta advertising data necessary to provide our optimization services and do not access or store data beyond what is required for authorized advertising optimization purposes.

LinkedIn Campaign Manager Data:

Campaign performance data for optimization analysis
Audience demographics and insights (aggregated and anonymized)
Lead generation data for authorized campaign management
Company page analytics for business optimization
Sponsored content performance metrics

Data Minimization: We collect only the minimum LinkedIn advertising data necessary to provide our optimization services and do not access or store data beyond what is required for authorized advertising optimization purposes.

1.4 Client and Business Data

If you use our platform to manage advertising campaigns for clients:

We process campaign management data on your behalf as a data processor
Client account structure and campaign configuration data
Campaign performance metrics and analytics (aggregated statistical data only)
Client-uploaded audience lists for targeting (processed according to platform requirements)
We do not collect or access personal data of individual end-users who view advertisements

2. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

Contract Performance: To provide our services and fulfill our contractual obligations
Legitimate Interests: To improve our platform, prevent fraud, and conduct business operations
Consent: For marketing communications and optional features (where required)
Legal Compliance: To comply with applicable laws and regulations

3. How We Use Your Information

3.1 Service Provision

Provide, maintain, and improve our advertising optimization platform
Process your transactions and manage your account
Facilitate campaign management across multiple advertising platforms
Generate reports and analytics dashboards
Provide customer support and technical assistance

3.2 Platform Optimization

Optimize advertising campaigns using machine learning algorithms
Provide performance insights and recommendations
Conduct A/B testing and campaign experiments
Develop new features and platform capabilities

3.3 Communications

Send service-related notifications and updates
Respond to your inquiries and support requests
Send marketing communications (with your consent)
Notify you about policy changes or important updates

3.4 Security and Compliance

Monitor for fraudulent or suspicious activity
Ensure platform security and prevent unauthorized access
Comply with legal obligations and regulatory requirements
Enforce our Terms of Service

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information in the following circumstances:

4.1 Third-Party Service Providers

We may share information with trusted service providers who assist us in operating our platform:

Cloud Infrastructure Providers: For hosting and data storage
Analytics Services: For platform performance monitoring
Payment Processors: For billing and payment processing
Customer Support Tools: For providing technical assistance
Security Services: For fraud prevention and platform security

All service providers are contractually obligated to protect your information and use it only for the specified purposes.

4.2 Advertising Platform Integrations

We share necessary data with advertising platforms through their APIs to manage your campaigns:

Google Ads API:

Campaign management and optimization data (with explicit user authorization)
Performance metrics and conversion data for authorized accounts only
Audience lists (hashed and anonymized where possible, never stored permanently)
Bid adjustments and budget allocations within user-defined parameters
We strictly comply with Google Ads API Developer Policies and Terms of Service
We implement all required data use restrictions and retention limits
We obtain explicit user consent before accessing any Google Ads account data
Users maintain full control and can revoke API access at any time

Meta Business API:

Ad account and campaign management data (with explicit user authorization)
Custom audience data (hashed email addresses, phone numbers, processed according to Meta's requirements
Conversion tracking and optimization data for authorized accounts only
Creative performance metrics within user-defined parameters
We strictly comply with Meta's Business Terms and Platform Policies
We implement all required data use restrictions and retention limits
We obtain explicit user consent before accessing any Meta advertising account data
Users maintain full control and can revoke API access at any time

LinkedIn Marketing API:

Campaign and audience management data (with explicit user authorization)
Lead generation and conversion data for authorized accounts only
Company and demographic targeting information (processed according to LinkedIn's policies
Performance optimization data within user-defined parameters
We strictly comply with LinkedIn's Marketing Developer Platform Agreement and policies
We implement all required data use restrictions and professional network standards
We obtain explicit user consent before accessing any LinkedIn advertising account data
Users maintain full control and can revoke API access at any time

4.3 Legal Requirements

We may disclose your information when required by law or to:

Comply with legal process, court orders, or government requests
Protect our rights, property, or safety, or that of our users
Investigate potential violations of our Terms of Service
Respond to claims of illegal activity or infringement

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction, subject to the same privacy protections.

5. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

Account Information: Retained while your account is active and for 1 year after account closure
Campaign Data: Retained for 5 years for business and tax purposes
Usage Logs: Retained for 1 year for security and performance analysis
Marketing Data: Retained until you withdraw consent or for 2 years, whichever is shorter
Legal Compliance Data: Retained as required by applicable laws and regulations

You may request deletion of your personal information, subject to legal and contractual obligations.

6. International Data Transfers

We may transfer your personal information to countries outside your jurisdiction. For transfers from the EU/UK, we ensure adequate protection through:

Standard Contractual Clauses: EU-approved data transfer agreements
Adequacy Decisions: Transfers to countries with adequate protection levels
Certification Programs: Privacy Shield successors and similar frameworks
Specific Safeguards: Additional technical and organizational measures

7. Data Security

We implement comprehensive security measures to protect your information:

7.1 Technical Safeguards

Industry-standard encryption for data in transit and at rest
Multi-factor authentication for account access
Regular security audits and penetration testing
Secure API integrations with advertising platforms
Access controls and role-based permissions

7.2 Organizational Safeguards

Employee training on data protection practices
Confidentiality agreements with all personnel
Regular security awareness programs
Incident response and data breach procedures

7.3 Platform-Specific Security

Google Ads Integration:

OAuth 2.0 secure authentication with user consent
Full compliance with Google Ads API Terms of Service and Developer Policies
Limited scope access tokens with minimum necessary permissions
Regular token refresh and validation
Strict data use restrictions per Google's requirements
User-controlled API access with easy revocation capabilities

Meta Integration:

OAuth 2.0 secure Business API authentication with user consent
Full compliance with Meta's Business Terms and Platform Policies
Limited scope access tokens with minimum necessary permissions
Data use restrictions per Meta's Business Data Policy requirements
Regular access review and token validation
User-controlled API access with easy revocation capabilities

LinkedIn Integration:

OAuth 2.0 secure authentication with user consent
Full compliance with LinkedIn Marketing Developer Platform Agreement and API Terms
Limited scope access tokens with minimum necessary permissions
Strict data use restrictions per LinkedIn's professional network standards
Regular security compliance reviews and token validation
User-controlled API access with easy revocation capabilities

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience:

8.1 Types of Cookies Used

Essential Cookies: Required for platform functionality
Performance Cookies: Analytics and platform optimization
Functional Cookies: User preferences and settings
Marketing Cookies: Advertising and promotional content (with consent)

8.2 Third-Party Cookies

Our platform may include third-party cookies from:

Google Analytics for usage analysis
Advertising platform tracking pixels
Customer support and chat tools
Social media integrations

You can manage cookie preferences through your browser settings or our cookie preference center.

9. Your Privacy Rights

You have the following rights regarding your personal information:

9.1 Access and Portability

Request access to your personal information
Receive a copy of your data in a portable format
Export your campaign data and settings at any time through our platform
Review how your information is being processed

9.2 Correction and Updates

Update or correct your personal information
Modify your account settings and preferences
Request correction of inaccurate data

9.3 Deletion and Erasure

Request deletion of your personal information
Close your account and remove associated data
Exercise right to be forgotten (subject to legal obligations)

9.4 Restriction and Objection

Restrict processing of your personal information
Object to processing based on legitimate interests
Opt-out of marketing communications

9.5 Consent Withdrawal

Withdraw consent for specific processing activities
Modify privacy preferences and settings
Unsubscribe from marketing communications

9.6 Advertising Platform API Controls

Google Ads API Access:

Revoke Google Ads API access at any time through your account settings
Control which Google Ads accounts are connected to our platform
View and manage the scope of data access permissions granted
Request deletion of all Google Ads data from our systems
Receive notifications before any changes to API access permissions

API Access Transparency:

Clear dashboard showing all connected advertising accounts
Real-time visibility into data synchronization status
Detailed logs of API usage and data processing activities
Easy-to-use controls for managing platform integrations

To exercise these rights, contact our Data Protection Officer using the information below.

10. Children's Privacy

Our Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to remove that information from our servers.

11. California Privacy Rights (CCPA)

California residents have additional rights under the California Consumer Privacy Act:

Right to Know: Categories and specific pieces of personal information collected
Right to Delete: Request deletion of personal information
Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise CCPA rights, contact us using the information below.

12. Data Breach Notification

In the event of a data breach that affects your personal information:

We will notify affected users within 72 hours of discovery
We will provide details about the nature and scope of the breach
We will outline steps taken to address the breach and prevent future occurrences
We will comply with all applicable breach notification requirements

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes:

We will notify you via email or platform notification
We will update the "Last Updated" date at the top of this policy
We will maintain previous versions for your reference
Continued use of our Service constitutes acceptance of the updated policy

14. Third-Party Platform Policies

Third-Party Platform Policies:

Your use of our Service in connection with third-party advertising platforms is also subject to their respective privacy policies and terms:

Google: Google Privacy Policy, Google Ads Data Processing Terms, and Google Ads API Terms of Service
Meta: Meta Privacy Policy, Meta Business Data Processing Terms, and Meta Platform Terms and Developer Policies
LinkedIn: LinkedIn Privacy Policy, LinkedIn DPA, and LinkedIn Marketing Developer Platform Agreement

15. Advertising Platform API Compliance and Data Governance

15.1 Google Ads API Compliance Framework

We maintain strict compliance with Google Ads API Terms of Service and Developer Policies through:

Policy Adherence: Full compliance with all current and updated Google Ads API policies
Data Use Restrictions: Strict adherence to Google's data use limitations and prohibited practices
User Consent Requirements: Explicit user authorization before accessing any Google Ads account data
Scope Limitation: Access only to the minimum data scopes necessary for our optimization services
Regular Reviews: Quarterly compliance audits and policy update assessments

Google Ads Data Handling Standards:

Collect only the minimum Google Ads data required for authorized advertising optimization
Obtain explicit user consent through OAuth 2.0 authentication flow
Maintain clear documentation of all data collection purposes and methods
Implement automated data retention limits in accordance with Google's requirements
Use Google Ads data solely for providing authorized advertising optimization services

15.2 Meta Business API Compliance Framework

We maintain full compliance with Meta's Business Terms and Platform Policies:

Platform Policy Adherence: Strict compliance with Meta's Platform Terms andBusiness Data Policy
Data Use Limitations: Adherence to Meta's data use restrictions and prohibited practices
User Authorization: Explicit consent before accessing Meta advertising accounts
Business Use Case Compliance: Data used solely for authorized advertising management and optimization
Regular Policy Updates: Continuous monitoring and implementation of Meta policy changes

Meta Data Handling Standards:

Process Meta advertising data only for campaign management and optimization purposes
Implement Meta's required data security and encryption standards
Respect Meta's data retention requirements and user deletion requests
Maintain audit trails of all Meta API usage and data processing
Comply with Meta's Custom Audience and Conversion API requirements

15.3 LinkedIn Marketing API Compliance Framework

We maintain strict adherence to LinkedIn's Developer Program Policies and API Terms:

Developer Agreement Compliance: Full compliance with LinkedIn Marketing Developer Platform Agreement
Professional Use Standards: Data processing aligned with LinkedIn'sprofessional network standards
Member Privacy Protection: Respect for LinkedIn member privacy and data protection principles
Business Purpose Limitation: API access limited to legitimate advertising optimization purposes
Policy Monitoring: Regular review of LinkedIn's evolving API policies and requirements

LinkedIn Data Handling Standards:

Access LinkedIn Campaign Manager data only for authorized advertising optimization
Implement LinkedIn's required security standards for API integrations
Respect LinkedIn's data use policies and member privacy expectations
Maintain comprehensive logs of LinkedIn API usage and data processing
Comply with LinkedIn's lead generation and conversion tracking requirements

15.4 Multi-Platform User Authorization and Control

Unified Consent Management:

Clear, conspicuous disclosure of API data access before user authorization for all platforms
Granular consent options allowing users to control specific data types accessed from each platform
Easy revocation process accessible through user account settings for all connected platforms
Regular consent renewal prompts for long-term API access across all platforms

Cross-Platform Transparency Measures:

Real-time dashboard showing active API connections for Google Ads, Meta, and LinkedIn
Detailed activity logs of all data synchronization across all connected platforms
Clear notifications for any changes in data access scope or permissions
User-friendly explanations of how each platform's data enhances our optimization services

15.5 Universal Technical Safeguards

Multi-Platform Security Implementation:

OAuth 2.0 authentication with secure token management for all platform integrations
Encrypted data transmission and storage for all advertising platform data
Role-based access controls limiting internal access to authorized personnel
Regular security assessments and penetration testing of all API integrations

Unified Data Retention and Deletion:

Automated deletion of all platform data upon user request or account closure
Maximum retention periods aligned with each platform's requirements and our legitimate business needs
Secure data purging processes with verification and documentation
Regular cleanup of temporary data and cached information from all platforms

15.6 Comprehensive Compliance Monitoring and Auditing

Multi-Platform Internal Oversight:

Designated API Compliance Officer responsible for policy adherence across all platforms
Monthly internal audits of data handling practices for Google Ads, Meta, and LinkedIn integrations
Regular training for development and operations teams on all platform requirements
Documented incident response procedures for compliance violations across any platform

Universal Documentation and Reporting:

Comprehensive records of all API usage and data processing across all platforms
Regular compliance reports to senior management covering all integrations
Prompt notification to users and platforms of any data incidents
Continuous monitoring of policy updates and implementation of required changes across all platforms

16. Audit Trail and Compliance Documentation

16.1 Data Processing Records

We maintain comprehensive documentation of all personal data processing activities as required by privacy regulations:

Google Ads API Processing Records:

Detailed logs of all API calls and data synchronization activities
User consent records with timestamps and scope documentation
Data retention schedules and automated deletion confirmations
Security incident logs and resolution documentation

Compliance Documentation:

Regular compliance assessment reports and remediation plans
Policy update notifications and implementation timelines
Training records for staff handling Google Ads API data
Third-party audit reports and compliance certifications

16.2 Transparency Reporting

We provide users with transparent access to information about their data:

User Data Reports:

Detailed reports of Google Ads data collected and processed
API access logs showing all data synchronization activities
Data sharing records with timestamps and purposes
Retention status and scheduled deletion dates

Platform Transparency:

Regular transparency reports on data processing activities
Statistics on user consent rates and revocation requests
Compliance metrics and incident reporting summaries
Updates on policy changes and their implementation

17. Contact Information

For any questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Phone: +1 (669) 269-6961
Address: Cupertino, CA, USA

Response Time: We will respond to privacy inquiries within 30 days (or as required by applicable law).

This Privacy Policy is designed to be compliant with GDPR, CCPA, and other major privacy regulations. However, you should have this reviewed by your legal counsel to ensure full compliance with your specific business operations and applicable laws.