Privacy Policy.

1. Information We Collect

2. How We Store Your Meta Access Token

This section describes our handling of Meta (Facebook) access tokens in detail, because it is material to our data practices and your trust.

3. How We Use Your Information

We use the information we collect to:

1. Provide the Service — create, edit, and analyze your Meta ad campaigns; deliver dashboards, reports, and creative library features
2. Authenticate and authorize access — verify your identity, enforce your subscription tier, prevent unauthorized use
3. Process payments — bill your subscription via Razorpay or Stripe, send invoices and receipts
4. Communicate with you — send verification emails, billing notifications, important service updates, and responses to support requests
5. Improve the Service — analyze aggregated usage patterns, fix bugs, develop new features
6. Ensure security — detect and prevent fraud, abuse, and unauthorized access; maintain audit logs
7. Comply with legal obligations — respond to lawful requests from government authorities, preserve records as required by law

We do not:

• Sell your personal information to any third party.
• Use your data for advertising targeting outside the Service.
• Use your Meta ad performance data to build benchmarks visible to other users.

4. Legal Basis for Processing (GDPR — EU/EEA Users)

If you are located in the European Economic Area (EEA), European Union (EU), or United Kingdom, our legal bases for processing your personal data are:

• Contract performance (Art. 6(1)(b) GDPR): to provide the Service you’ve subscribed to or requested.
• Legitimate interests (Art. 6(1)(f) GDPR): to improve the Service, ensure security, prevent fraud, and communicate with you about the Service.
• Consent (Art. 6(1)(a) GDPR): where you have given explicit consent — for example, for non-essential marketing communications. You can withdraw consent at any time.
• Legal obligation (Art. 6(1)(c) GDPR): where processing is necessary to comply with applicable law.

5. Your Rights

Regardless of where you live, you can:

• Access the personal data we hold about you
• Correct inaccurate data
• Delete your account and associated data
• Export your campaign data and analytics from the Service
• Disconnect your Meta account at any time
• Opt out of non-essential communications

To exercise any right, email support@adbloop.com. We will respond within 30 days.

6. Data Sharing and Disclosure

We share your information only with the following categories of recipients, and only to the extent necessary:

We do not share your data with advertisers, data brokers, or analytics companies for their own purposes.

7. Data Retention

8. Data Security

We implement reasonable technical and organizational measures to protect your information:

• Encryption in transit: All communication with the Service uses HTTPS / TLS 1.2+.
• Encryption at rest: Meta access tokens and sensitive fields in the Dashboard database are encrypted with AES-256. Backups are encrypted.
• Access controls: Role-based access to production systems; principle of least privilege; multi-factor authentication for administrative accounts.
• Authentication: Secure password hashing (bcrypt); rate limiting on login; email verification required before account activation.
• Row-Level Security: Our Supabase database enforces row-level security policies so that each user can only access their own data.
• Dependency monitoring: We track security advisories for the libraries we use and patch promptly.

No system is 100% secure, and we cannot guarantee absolute security. In the event of a data breach affecting your personal information, we will notify you and the relevant supervisory authorities in accordance with applicable law (including within 72 hours under GDPR).

9. Account Deletion

You can request deletion of your Dashboard account and all associated personal data at any time:

1. Self-service: From the Dashboard, go to Settings → Account → Delete Account. This permanently removes your account within 30 days.
2. Email request: Email support@adbloop.com from the email address associated with your account with the subject “Account Deletion Request.” We will confirm identity and process the request within 30 days.

For the Add-on: uninstall via Google Workspace Marketplace. This revokes all permissions. Your spreadsheet data remains yours — it’s never held on our servers. If you also had paid licensing associated with the Add-on, email support@adbloop.com to have the licensing record deleted.

Exceptions to deletion: we may retain billing records for 7 years as required by Indian tax law, and anonymized aggregated usage data that cannot be linked back to you.

10. Google API Services User Data Policy

Adbloop’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

1. We only request the OAuth scopes strictly necessary for the features you use.
2. We do not use Google user data (including Google Sheets™ content and Drive files) for advertising purposes.
3. We do not transfer Google user data to third parties except as necessary to provide the Service (e.g., sending authenticated API requests back to Google on your behalf), or as required by law.
4. We do not use Google user data for serving ads, including retargeting, personalized advertising, or interest-based advertising.
5. We do not use Google user data to develop, improve, or train generalized AI/ML models.
6. Humans do not read Google user data unless (a) you give explicit consent for us to do so (e.g., to debug a specific issue you reported); (b) it is required for security, including to investigate abuse; (c) it is necessary to comply with applicable law; or (d) it is aggregated and anonymized for internal operations.

11. Third-Party Services

The Service integrates with third-party services. Your use of those services is governed by their respective privacy policies:

• Meta Platforms: https://www.facebook.com/privacy/policy
• Google LLC: https://policies.google.com/privacy
• Supabase, Inc.: https://supabase.com/privacy
• Amazon Web Services: https://aws.amazon.com/privacy/
• Razorpay: https://razorpay.com/privacy/
• Stripe: https://stripe.com/privacy
• Brevo: https://www.brevo.com/legal/privacypolicy/

We are not responsible for the privacy practices of these third parties.

12. Cookies and Local Storage

The Dashboard uses cookies and browser local storage for:

• Essential functionality: maintaining your login session, storing UI preferences (theme, dismissed banners)
• Security: CSRF protection, session management

We do not use third-party tracking cookies, cross-site advertising cookies, or analytics cookies that build profiles of your behavior across other websites.

The Add-on does not use cookies; it runs entirely within the Google Apps Script runtime.

The Website (adbloop.com) may use minimal first-party analytics in the future (e.g., privacy-respecting tools like Plausible or Fathom). If added, this policy will be updated accordingly.

13. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, please contact us immediately at support@adbloop.com and we will delete it.

14. International Data Transfers

Adbloop is operated from India. Our primary data hosting (Supabase / AWS) is in the ap-south-1 region (Mumbai, India). Some of our service providers (Google, Meta, Stripe, Brevo) operate globally and may process data outside India, including in the United States and European Economic Area.

For EEA/UK users, where data is transferred outside the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission.

15. Grievance Officer (DPDP Act, 2023)

In accordance with the Digital Personal Data Protection Act, 2023, our Grievance Officer is:

You may contact the Grievance Officer with any concerns about the processing of your personal data. We will acknowledge receipt within 7 days and resolve grievances within 30 days.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will:

• Update the “Last Updated” date at the top
• For material changes: notify registered users by email at least 30 days before the changes take effect
• Post the updated policy at adbloop.com/privacy-policy and app.adbloop.com/privacy-policy

Your continued use of the Service after the effective date of changes constitutes acceptance of the updated Privacy Policy.

17. Contact Us

For any questions, concerns, or requests related to this Privacy Policy or our data practices: