Privacy Policy

Last updated: March 4, 2026

This Privacy Policy describes how Ads Anomaly Guard (“we,” “us,” or “our”) collects, uses, discloses, and protects information when you use our website and services (collectively, the “Service”). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

When you use Ads Anomaly Guard, we collect:

• Account information: Name, email address, and profile picture from your Google account when you sign up via OAuth.
• Ad platform data: Campaign metrics, spend data, and performance data from your connected Google Ads and Meta Ads accounts. We access this data in read-only mode unless you enable auto-pause rules.
• Usage data: Pages visited, features used, interactions within our dashboard, and browser/device metadata.
• Payment information: Processed securely by Stripe. We never store your credit card details on our servers.
• Communication data: Emails, support requests, and feedback you voluntarily provide.

2. How We Use Your Data

• To monitor your ad campaigns and detect anomalies in real time
• To execute auto-pause or budget-reduction actions on your behalf when enabled
• To send you alerts via email and Slack when issues are detected
• To generate weekly performance and savings reports
• To improve our anomaly detection algorithms and service quality
• To communicate with you about your account, updates, and relevant product information
• To comply with legal obligations and enforce our Terms of Service

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal bases for processing your personal data include:

• Contract: Processing necessary to perform the services you have requested
• Legitimate interests: Improving our service, preventing fraud, and ensuring security
• Consent: Where you have given explicit consent (e.g., marketing emails)
• Legal obligation: Where processing is required by applicable law

4. Data Security

We take security seriously:

• All OAuth tokens are encrypted using AES-256-GCM before storage
• Data is transmitted over HTTPS/TLS in transit
• We use Supabase (PostgreSQL) with row-level security for data isolation
• Multi-tenant data isolation ensures each organization can only access its own data
• We never share your ad data with third parties for advertising or marketing purposes
• Access tokens are refreshed automatically and old tokens are invalidated
• We conduct regular security reviews and vulnerability assessments
• API endpoints are protected with rate limiting and authentication middleware

5. Data Retention

We retain your data for as long as your account is active. Campaign metrics are stored for up to 12 months. When you delete your account, all data — including campaign data, alerts, reports, and personal information — is permanently removed within 30 days. Anonymized, aggregated data may be retained for analytical purposes.

6. International Data Transfers

Your data may be processed and stored in the United States or other countries where our service providers operate. When we transfer data outside the EEA, we rely on:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions where available
• Consent, where applicable

We ensure that all transfers are subject to appropriate safeguards to protect your personal data.

7. Third-Party Services

We use the following third-party services:

• Stripe — Payment processing (Stripe Privacy Policy)
• Resend — Transactional email delivery
• Supabase — Database hosting and authentication infrastructure
• Vercel — Application hosting and edge delivery
• Sentry — Error monitoring and crash reporting
• PostHog — Product analytics (anonymized usage data)
• Upstash — Rate limiting infrastructure

Each of these services has its own privacy policy governing their handling of data.

8. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data (“right to be forgotten”)
• Portability: Request your data in a structured, machine-readable format
• Restriction: Request restriction of processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdrawal of consent: Withdraw consent at any time where processing is based on consent
• Opt out of marketing: Unsubscribe from marketing communications at any time

To exercise any of these rights, contact us at privacy@adsanomalyguard.com. We will respond within 30 days.

9. California Consumer Privacy Act (CCPA)

If you are a California resident, you have additional rights under the CCPA:

• Right to know: What personal information we collect, use, and disclose
• Right to delete: Request deletion of your personal information
• Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights
• Right to opt-out of sale: We do not sell personal information to third parties

10. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child, we will take steps to delete it promptly. If you believe a child has provided us with personal data, please contact us at privacy@adsanomalyguard.com.

11. Cookies and Tracking Technologies

We use essential cookies for authentication and session management. We use PostHog for analytics, which uses cookies to track anonymized usage patterns. You can control cookies through your browser settings. Disabling essential cookies may prevent you from using parts of the Service.

12. Data Breach Notification

In the event of a data breach that affects your personal data, we will:

• Notify affected users by email within 72 hours of becoming aware of the breach
• Notify relevant supervisory authorities as required by applicable law
• Provide details about the nature of the breach, the data affected, and the measures taken

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email and by posting the updated policy on our website with a new “Last updated” date. Continued use of the Service after changes constitutes acceptance of the revised policy.

14. Contact

For privacy-related questions, contact us at:

• Email: privacy@adsanomalyguard.com
• Website: adsanomalyguard.com