Privacy Policy for Effective Ads AI

1. Introduction

Effective Ads AI ("we", "our", "us", or "Company") operates an AI-powered platform for digital advertising campaign management. This Privacy Policy explains how we collect, use, disclose, process, and safeguard your information when you use our service.

Data Controller: Effective Ads AI is the data controller for personal information collected through our platform, except where we act as a data processor on behalf of our business clients for their customer data.

Contact Information:
- Email: gal@effective-ads.ai
- Address: Rothschild 45, Tel Aviv, Floor 2, Israel
- Data Protection Officer: gal@effective-ads.ai

By using Effective Ads AI, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.

2. Information We Collect

2.1 Information You Provide Directly

Account Registration Information:

• Full name and business name
• Email address
• Phone number (optional)
• Business information (industry, size, location)
• Billing and payment information (processed by third-party payment processors)
• Profile photo (optional)

Business and Campaign Information:

• Business description, products/services, target audience
• Brand voice, messaging guidelines, and marketing preferences
• Campaign objectives, budgets, and strategic goals
• Ad copy, creative assets (images, videos), and marketing materials
• Website URLs and social media profiles

Advertising Platform Credentials:

• OAuth tokens and API keys for connected platforms (Facebook/Instagram, TikTok, Google Ads)
• Ad account IDs and associated permissions
• Pixel IDs and conversion tracking configurations

Communications:

• Messages sent through our platform
• Support tickets and customer service interactions
• Feedback and survey responses
• Email correspondence

2.2 Information We Collect Automatically

Usage Data:

• Pages viewed, features used, and actions taken
• Time spent on platform and frequency of use
• Click patterns and navigation paths
• Session recordings (anonymized, for UX improvement only)

Device and Technical Information:

• IP address and approximate geographic location
• Browser type, version, and language settings
• Device type, operating system, and screen resolution
• Referral URLs and exit pages

Log Data:

• Access times and dates
• Error logs and crash reports
• API request logs and response times
• Security and authentication logs

Cookies and Tracking Technologies:

We use cookies, web beacons, and similar technologies to:

• Maintain your logged-in session
• Remember your preferences and settings
• Analyze platform usage and performance
• Provide security and fraud prevention

For detailed information about our use of cookies, see Section 10.

2.3 Information from Third-Party Platforms

When you connect your advertising accounts, we collect:

From Meta (Facebook/Instagram):

• Ad account information and permissions
• Campaign data (ads, ad sets, campaign structure)
• Performance metrics (impressions, clicks, conversions, spend)
• Audience insights and demographic data
• Page and Instagram account information
• Pixel and conversion tracking data

From Google Ads (when available):

• Ad account structure and settings
• Campaign performance data
• Keyword and search query data
• Audience and targeting information

From TikTok (when available):

• Ad account and business center information
• Campaign and ad creative performance
• Audience and targeting data

From Other Integrations:

• Website content and structure (for campaign optimization)
• E-commerce product catalogs and inventory
• Customer data you authorize us to access

2.4 Information from Other Sources

Publicly Available Information:

• Competitor advertising strategies (via Meta Ad Library and similar public tools)
• Industry benchmarks and market research data
• Public business information for context and strategy

Third-Party Data Providers:

• Marketing intelligence and analytics providers
• Fraud prevention and security services
• Business verification services

3. How We Use Your Information

3.1 Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Performance of Contract: To provide our services as outlined in our Terms of Service
• Consent: When you explicitly agree to specific data processing activities (e.g., marketing communications)
• Legitimate Interests: To improve our services, prevent fraud, and ensure platform security
• Legal Obligations: To comply with applicable laws, regulations, and legal processes

3.2 Specific Uses

Service Delivery:

• Create and manage your account
• Authenticate and authorize access
• Process payments and prevent fraud
• Provide customer support and respond to inquiries

Campaign Management:

• Create, launch, and manage advertising campaigns across platforms
• Generate AI-powered strategies, ad copy, and creative recommendations
• Monitor campaign performance and provide real-time analytics
• Execute automated optimizations and budget adjustments
• Generate performance reports and actionable insights

AI Processing and Model Training:

Process campaign data through AI models (Anthropic Claude, Google Gemini) to generate:

• Strategic recommendations
• Ad copywriting and variations
• Creative concepts and visual generation
• Performance analysis and optimization suggestions

• Improve AI model performance using aggregated, anonymized campaign data
• Train internal models on industry-specific marketing patterns

Platform Improvement and Development:

• Analyze usage patterns to improve user experience
• Conduct A/B testing of features
• Develop new features and services
• Fix bugs and technical issues
• Conduct security audits and vulnerability assessments

Communications:

• Send transactional emails (account updates, campaign alerts)
• Provide customer support and technical assistance
• Send marketing communications (with your consent, opt-out available)
• Conduct user research and surveys

Legal and Safety:

• Enforce our Terms of Service and policies
• Detect and prevent fraud, abuse, and security threats
• Comply with legal obligations and respond to legal requests
• Protect our rights, property, and safety, and that of our users

Analytics and Research:

• Analyze aggregated data to understand industry trends
• Generate anonymized benchmarks and insights
• Conduct market research and competitive analysis

3.3 Automated Decision-Making and Profiling

Our platform uses automated decision-making, including AI-powered profiling, for:

• Campaign Optimization: AI algorithms automatically adjust bids, budgets, and targeting based on performance data
• Content Generation: AI creates ad copy and creative recommendations based on your business profile and campaign goals
• Performance Predictions: AI forecasts campaign outcomes and suggests strategic adjustments
• Audience Targeting: AI analyzes data to recommend optimal audience segments

Your Rights: You have the right to request human review of automated decisions, express your point of view, and contest decisions made solely by automated means. Contact us at privacy@effectiveadsai.com to exercise these rights.

4. How We Share Your Information

We do not sell your personal information. We share data only as described below:

4.1 Advertising Platforms (Data Processors)

We share campaign data with integrated advertising platforms to execute and manage your campaigns:

• Meta (Facebook/Instagram): Campaign configurations, ad creative, targeting parameters, budget settings
• Google Ads: Campaign structure, keywords, ad copy, bidding strategies
• TikTok: Ad creative, targeting settings, campaign objectives

These platforms process data according to their respective privacy policies and terms:

• Meta Privacy Policy: https://www.facebook.com/privacy/policy/
• Google Privacy Policy: https://policies.google.com/privacy
• TikTok Privacy Policy: https://www.tiktok.com/legal/privacy-policy

4.2 AI Processing Services

We share data with AI service providers to generate recommendations and content:

• Anthropic (Claude): Campaign strategies, ad copy generation, performance analysis
• Google (Gemini/Imagen): Creative generation, visual content creation
• OpenAI: Supplementary text generation and analysis (if applicable)

These services process data according to their privacy policies:

• Anthropic: https://www.anthropic.com/privacy
• Google Cloud: https://cloud.google.com/privacy

4.3 Service Providers and Business Partners

We share data with trusted third-party service providers who assist in operating our platform:

Infrastructure and Hosting:

• Google Cloud Platform (data storage, computing, databases)
• Pinecone (vector database for AI memory)

Payment Processing:

• Stripe, PayPal, or similar payment processors (payment and billing information)

Analytics and Monitoring:

• Google Analytics (anonymized usage analytics)
• Sentry (error tracking and monitoring)
• Mixpanel or similar (product analytics)

Customer Communication:

• SendGrid or similar (transactional emails)
• WhatsApp Business API (campaign notifications, with your consent)
• Intercom or similar (customer support)

Security and Fraud Prevention:

• Security monitoring services
• DDoS protection providers
• Identity verification services

All service providers are bound by contractual obligations to protect your data and use it only for specified purposes.

4.4 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our platform before your information becomes subject to a different privacy policy.

4.5 Legal Requirements and Protection

We may disclose information when required by law or when we believe disclosure is necessary to:

• Comply with legal obligations, court orders, or legal processes
• Enforce our Terms of Service and other agreements
• Protect our rights, property, and safety
• Protect the rights, property, and safety of our users and the public
• Detect, prevent, or address fraud, security, or technical issues
• Respond to government requests or investigations

4.6 With Your Consent

We may share information with third parties when you explicitly consent to such sharing, such as:

• Sharing campaign results publicly or with partners (anonymized or with your permission)
• Integrating with additional third-party tools you authorize
• Participating in case studies or testimonials

5. Data Retention

5.1 General Retention Policy

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

5.2 Specific Retention Periods

Account Information: Retained for the duration of your active account plus 90 days after account deletion (to allow for account recovery and prevent fraud)

Campaign Data: Retained for:

• Active campaigns: Duration of campaign plus 2 years (for historical analysis and reporting)
• Inactive campaigns: Up to 5 years (for long-term performance comparison and insights)
• After account deletion: Anonymized and aggregated for up to 7 years (for benchmarking purposes)

Financial Records: Retained for 7 years (to comply with tax and accounting regulations)

Communications: Retained for 3 years (for customer support and dispute resolution)

Technical Logs: Retained for 90 days (for security monitoring and debugging)

Marketing Consent Records: Retained for 3 years after consent withdrawal (to prove compliance)

5.3 Deletion Exceptions

We may retain certain information longer when required to:

• Comply with legal obligations
• Resolve disputes and enforce agreements
• Prevent fraud and abuse
• Maintain security and system integrity

6. Data Security

6.1 Security Measures

We implement industry-standard security measures to protect your information:

Technical Safeguards:

• Encryption in transit (TLS 1.3) for all data transmissions
• Encryption at rest (AES-256) for stored data
• Secure authentication using OAuth 2.0 and JWT tokens
• Multi-factor authentication (MFA) available and encouraged
• Regular security patches and updates
• Automated vulnerability scanning
• Web application firewall (WAF)
• DDoS protection

Organizational Safeguards:

• Access controls and role-based permissions
• Regular security training for employees
• Background checks for personnel with data access
• Incident response and breach notification procedures
• Regular security audits and penetration testing
• Data processing agreements with all service providers

Data Isolation:

• Logical data separation between customer accounts
• Segregated production and development environments
• Regular data backups with secure storage

6.2 Security Limitations

No security system is impenetrable. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using strong, unique passwords
• Enabling multi-factor authentication
• Reporting any security concerns or unauthorized access immediately

6.3 Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of discovery (as required by GDPR)
• Provide details about the breach and affected data
• Explain the steps we're taking to address the breach
• Offer guidance on protecting yourself from potential harm
• Notify relevant supervisory authorities as required by law

7. International Data Transfers

7.1 Data Processing Locations

Your data may be transferred to and processed in countries outside your jurisdiction, including:

• United States (Google Cloud Platform infrastructure)
• European Union (for EU-based users, when possible)
• Other countries where our service providers operate

7.2 Transfer Safeguards

When transferring data internationally, we ensure appropriate safeguards are in place:

For Transfers from EU/EEA/UK:

• Standard Contractual Clauses (SCCs): We use European Commission-approved Standard Contractual Clauses for transfers to countries without adequacy decisions
• Adequacy Decisions: We rely on European Commission adequacy decisions where applicable
• Binding Corporate Rules: For internal transfers (if applicable)

For Other Jurisdictions:

• Contractual protections equivalent to local data protection laws
• Technical and organizational security measures
• Regular compliance assessments

7.3 EU-U.S. Data Privacy Framework

We comply with applicable data transfer frameworks and will update our practices as new mechanisms become available.

8. Your Privacy Rights

8.1 Rights Under GDPR (EU/EEA/UK Users)

If you are located in the European Union, European Economic Area, or United Kingdom, you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal obligations
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller
• Right to Object: Object to processing based on legitimate interests or direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (without affecting prior lawful processing)
• Right to Lodge a Complaint: File a complaint with your local supervisory authority
• Right to Human Review: Request human intervention in automated decision-making processes

8.2 Rights Under CCPA/CPRA (California Users)

If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of personal information collected, used, disclosed, or sold
• Right to Delete: Request deletion of personal information we have collected
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt-out of the sale or sharing of personal information (we do not sell personal information)
• Right to Limit Use of Sensitive Personal Information: Limit use of sensitive personal information (if applicable)
• Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment

8.3 Rights Under Other Laws

Depending on your location, you may have additional rights under:

• PIPEDA (Canada)
• LGPD (Brazil)
• Privacy Act 1988 (Australia)
• POPIA (South Africa)
• Other applicable data protection laws

8.4 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: privacy@effectiveadsai.com
• Subject Line: "Privacy Rights Request"
• Include: Your full name, email address, and specific request

Verification Process: To protect your information, we may need to verify your identity before processing your request. This may require:

• Confirmation of account ownership
• Government-issued ID (for sensitive requests)
• Additional security questions

Response Timeframe: We will respond to your request within:

• 30 days (GDPR)
• 45 days (CCPA), with possible 45-day extension
• As required by other applicable laws

No Fee: We do not charge a fee to process requests unless they are manifestly unfounded, excessive, or repetitive.

9. Marketing Communications and Opt-Out

9.1 Types of Communications

Transactional Communications (cannot opt-out):

• Account verification and security alerts
• Campaign status updates and critical alerts
• Billing and payment notifications
• Service updates and changes to terms
• Responses to your inquiries

Marketing Communications (can opt-out):

• Product updates and new features
• Educational content and best practices
• Promotional offers and discounts
• Webinars and events
• Newsletters and blog updates

9.2 How to Opt-Out

Email Marketing: Click the "Unsubscribe" link at the bottom of any marketing email or adjust preferences in your account settings

Push Notifications: Disable in your account settings or device settings

WhatsApp Communications: Reply "STOP" to any WhatsApp message or opt-out in account settings

SMS: Reply "STOP" to any text message (if applicable)

Note: Opting out of marketing communications does not affect transactional communications necessary for service delivery.

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

Strictly Necessary Cookies (cannot be disabled):

• Session management and authentication
• Security and fraud prevention
• Load balancing and performance

Functional Cookies:

• Remember your preferences and settings
• Provide enhanced features and personalization

Analytics Cookies:

• Understand how users interact with our platform
• Measure effectiveness of features
• Identify usage patterns and trends

Marketing Cookies (with consent):

• Personalize advertising experiences
• Measure campaign effectiveness
• Provide relevant content recommendations

10.2 Third-Party Cookies

We use the following third-party cookies and tracking technologies:

Analytics:

• Google Analytics (usage analytics, anonymized)
• Mixpanel (product analytics)

Customer Support:

• Intercom (chat support and messaging)

Advertising (if applicable):

• Meta Pixel (conversion tracking)
• Google Ads (remarketing and conversion tracking)

10.3 Managing Cookies

Browser Settings: You can control cookies through your browser settings:

• Block all cookies (may impact functionality)
• Block third-party cookies
• Delete cookies after each session

Opt-Out Tools:

• Google Analytics Opt-Out: https://tools.google.com/dlpage/gaoptout
• Do Not Track signals (honored where feasible)

Cookie Consent Management: We provide a cookie consent banner for users in jurisdictions requiring explicit consent. You can modify your preferences at any time through our Cookie Settings link.

10.4 Do Not Track

Some browsers support "Do Not Track" (DNT) signals. We honor DNT signals where technically feasible and legally required.

11. Children's Privacy

Effective Ads AI is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If you believe we have collected information from a child under 18, please contact us immediately at privacy@effectiveadsai.com. We will promptly investigate and delete such information.

Parental Controls: If you are a parent or guardian and discover your child has provided personal information without consent, contact us for assistance.

12. Third-Party Integrations and Links

12.1 Third-Party Services

Our platform integrates with third-party services (Facebook/Instagram, Google Ads, TikTok, etc.). These services have their own privacy policies and terms governing their data practices.

Your Responsibilities:

• Review privacy policies of connected services
• Understand what data you authorize us to access
• Manage permissions and access in your connected accounts

Our Responsibilities:

• Access only the data necessary for service delivery
• Process data according to your instructions and this Privacy Policy
• Maintain security of data received from third parties

12.2 Links to External Websites

Our platform may contain links to external websites not operated by us. We are not responsible for the privacy practices of these websites. We encourage you to review the privacy policies of any website you visit.

13. Data Subject Rights for Specific Regions

13.1 European Region (EU/EEA/UK)

Data Controller: Meta Platforms Ireland Limited (for EU/EEA users) or our designated EU representative

Supervisory Authority: You can lodge complaints with your local data protection authority. Find your authority: https://edpb.europa.eu/about-edpb/board/members_en

Data Protection Officer: Contact our DPO at dpo@effectiveadsai.com

13.2 California (United States)

California Privacy Rights: See Section 8.2 for details

Do Not Sell or Share My Personal Information: We do not sell or share personal information. However, you can manage data sharing preferences in your account settings.

Shine the Light Law: California residents can request information about disclosure of personal information to third parties for direct marketing purposes (once per year, free of charge).

13.3 Brazil

LGPD Rights: Brazilian residents have rights under the Lei Geral de Proteção de Dados (LGPD) including:

• Confirmation of data processing
• Access to data
• Correction of incomplete or inaccurate data
• Anonymization, blocking, or deletion of data
• Portability of data
• Information about data sharing
• Information about consent consequences
• Revocation of consent

National Data Protection Authority: https://www.gov.br/anpd/

13.4 Canada

PIPEDA Compliance: We comply with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

Canadian Privacy Commissioner: https://www.priv.gc.ca/

13.5 Australia

Privacy Act 1988: Australian residents have rights under the Privacy Act 1988, including access and correction rights.

Office of the Australian Information Commissioner: https://www.oaic.gov.au/

14. Changes to This Privacy Policy

14.1 Updates and Modifications

We may update this Privacy Policy periodically to reflect:

• Changes in our data practices
• New features or services
• Legal or regulatory requirements
• Industry best practices

14.2 Notification of Changes

Material Changes: We will notify you of material changes via:

• Email notification (at least 30 days before changes take effect)
• Prominent notice on our platform
• In-app notification

Minor Changes: We will update the "Last Updated" date at the top of this policy

Continued Use: Your continued use of Effective Ads AI after changes take effect constitutes acceptance of the updated Privacy Policy.

14.3 Version History

You can request previous versions of this Privacy Policy by contacting privacy@effectiveadsai.com.

15. Contact Us

For questions, concerns, or requests related to this Privacy Policy or our data practices, contact us:

Email: privacy@effectiveadsai.com
Data Protection Officer: dpo@effectiveadsai.com
Address: Rothschild 45, Tel Aviv, Floor 2, Israel
Support: support@effectiveadsai.com

For Privacy Rights Requests: privacy@effectiveadsai.com with subject line "Privacy Rights Request"

Response Time: We aim to respond to all inquiries within 5 business days.

16. Compliance and Certifications

Effective Ads AI is committed to compliance with:

• General Data Protection Regulation (GDPR) - EU/EEA/UK
• California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) - California, USA
• Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
• Lei Geral de Proteção de Dados (LGPD) - Brazil
• Meta Platform Terms and Policies - For Facebook/Instagram integration
• Google API Services User Data Policy - For Google services integration
• TikTok Developer Policy - For TikTok integration

We regularly review and update our practices to maintain compliance with evolving data protection regulations.