Privacy Policy

At Adstyr ("we", "us", "our"), we are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

1. Data Controller

Adstyr Ltd. is the data controller responsible for your personal data. If you have questions about this policy or our data practices, contact us at:

• Email: privacy@adstyr.com
• Address: Tel Aviv, Israel

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, company name, and password when you register
• Payment Information: Billing address and payment details (processed securely by our payment provider)
• Communications: Messages you send us via support or contact forms

2.2 Information from Facebook/Meta

When you connect your Facebook Ads account, we access:

• Ad account IDs and names
• Campaign, ad set, and ad performance data
• Audience insights and demographic data (aggregated)
• Creative assets (images, videos, ad copy)

Important: We do not access or store personal data of individuals who interact with your ads. We only process aggregated, anonymized performance metrics.

2.3 Automatically Collected Information

• Usage Data: Pages visited, features used, and actions taken
• Device Information: Browser type, operating system, device identifiers
• Log Data: IP address, access times
• Cookies: See our Cookie Policy for details
• Activity Tracking (with consent): When you consent to analytics cookies, we track page paths and page titles to understand how users navigate our platform. This data is collected via our internal analytics system and is not shared with third-party analytics providers. You can withdraw consent at any time via cookie settings.

3. Legal Basis for Processing (GDPR)

We process your personal data based on:

• Contract Performance: To provide our services as agreed in our Terms of Service
• Legitimate Interests: To improve our services, prevent fraud, and ensure security
• Consent: For marketing communications and non-essential cookies
• Legal Obligation: To comply with applicable laws and regulations

4. How We Use Your Information

• Provide, maintain, and improve our platform
• Generate AI-powered insights and analytics
• Process payments and manage subscriptions
• Send service-related communications
• Respond to support requests
• Detect and prevent fraud or abuse
• Comply with legal obligations

5. Data Sharing and Disclosure

We may share your data with:

• Service Providers: Cloud hosting (AWS/GCP), payment processors, analytics providers
• AI Providers: Google Gemini API for generating insights (data is processed per their privacy policy)
• Legal Requirements: When required by law, court order, or governmental authority
• Business Transfers: In connection with mergers, acquisitions, or asset sales

We never sell your personal data to third parties.

5.1 Sub-processors

We use the following sub-processors to provide our services (GDPR Article 28):

Last updated: February 2026. We will notify you of material changes to this list.

6. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. We ensure appropriate safeguards through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with all processors
• Compliance with EU-US Data Privacy Framework where applicable

6.1 Data Processing Agreement (DPA)

For enterprise customers and those requiring a formal Data Processing Agreement under GDPR Article 28, we provide a standard DPA upon request. Contact us at legal@adstyr.com to receive a copy.

7. Data Retention

We retain your data for:

• Account Data: Duration of your account plus 30 days after deletion request
• Analytics Data: Up to 3 years to enable historical comparisons
• Activity Logs: 90 days for usage analytics, then automatically deleted
• Payment Records: As required by tax and accounting laws (typically 7 years)
• Support Communications: 2 years from last interaction

8. Your Rights (GDPR & CCPA)

You have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in a machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time for consent-based processing
• Non-Discrimination: Exercise your rights without discriminatory treatment (CCPA)

To exercise these rights, email us at privacy@adstyr.com.

9. Security Measures

We implement industry-standard security measures including:

• TLS/SSL encryption for data in transit
• AES-256 encryption for data at rest
• Regular security audits and penetration testing
• Access controls and authentication
• Employee security training

10. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children. If we learn we have collected such data, we will delete it promptly.

11. Third-Party Links

Our platform may contain links to third-party websites. We are not responsible for their privacy practices. We encourage you to review their privacy policies.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or prominent notice on our platform. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related inquiries:

• Email: privacy@adstyr.com
• Data Protection Officer: dpo@adstyr.com

You also have the right to lodge a complaint with your local data protection authority.