This policy applies to AdStack customers and visitors to adstackhq.com. If you have questions, email privacy@adstackhq.com — we respond within 2 business days.
1. Information we collect
Account information
When you create an account, we collect your email address. We use passwordless (magic-link) authentication — no password is collected or stored.
Organization and workspace data
We store the organization name, workspace names, and client names you create within AdStack.
Ad platform credentials
When you connect an ad platform (Google Ads, Meta, TikTok, LinkedIn, StackAdapt), we store the OAuth access token and refresh token issued by that platform. These tokens are encrypted at rest and used only to sync your campaign data.
Campaign and performance data
We sync campaign names, budget, spend, impressions, clicks, and other performance metrics from your connected ad platforms. This data belongs to you and is isolated to your organization.
Usage data
We collect basic product usage data (page views, feature interactions) to improve the product. This data is aggregated and never sold.
2. How we use your information
Providing the service
We use your data to operate AdStack — syncing campaigns, generating reports, and powering the Ad Builder.
Product improvement
Aggregated, anonymized usage data helps us understand which features are valuable and where the product needs improvement.
Communication
We use your email address to send transactional messages (login links, payment receipts) and, with your consent, product updates. You can unsubscribe at any time.
No advertising
We do not use your data for advertising purposes. We do not sell or rent your data to third parties.
3. Data sharing
Service providers
We share data with a limited set of subprocessors necessary to operate AdStack: Supabase (database and authentication), Stripe (billing), and Resend (transactional email). Each is bound by data processing agreements.
No third-party data sales
We do not sell, rent, or trade your personal data or campaign data to any third party, ever.
Legal requirements
We may disclose data if required by law or in response to a valid legal process. We will notify you of such requests to the extent permitted by law.
4. Data retention
Active accounts
We retain your data for as long as your account is active.
Account deletion
When you delete your account, we permanently delete all associated data — campaigns, clients, platform credentials, and reports — within 30 days.
Billing records
We are required to retain billing records for 7 years for tax and compliance purposes. These records contain only transaction amounts and dates, not campaign data.
5. Your rights
Access and portability
You may request a copy of all data we hold about you at any time by contacting privacy@adstackhq.com.
Correction
You may correct inaccurate data through the product settings or by contacting us.
Deletion
You may request deletion of your account and all associated data at any time.
GDPR and CCPA
If you are in the European Union or California, you have additional rights under GDPR and CCPA respectively. Contact us to exercise these rights.
6. Cookies
Session cookies
We use strictly necessary session cookies to keep you logged in. These are essential and cannot be disabled without breaking the product.
Analytics
We may use privacy-respecting analytics (no cross-site tracking). We do not use advertising cookies or retargeting pixels.
7. Changes to this policy
Notification
We will notify you of material changes to this policy via email and an in-product notice at least 30 days before the changes take effect.
Questions about your privacy?
Contact us