Privacy Policy (Advize)

1) Introduction & Scope

This Privacy Policy explains how Advize (“Advize,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information when you use our website and the Advize analytics platform (the “Service”). By using the Service, you agree to this Policy. If you do not agree with any part of these policies, you may not use the App.

What we do: Advize connects to Meta (Facebook) with your authorization to analyze creative assets and performance data. We do not buy, place, or manage ads, and we do not collect your customers’/consumers’ personal data as part of our core Service.

2) Roles (Controller vs. Processor)

• Controller (about you and your account): For your account/profile, billing, support communications, site analytics, and operational telemetry, Advize is the Data Controller.
• Processor (data you connect): For data retrieved from Meta that you authorize (e.g., ad account IDs, campaigns, creatives, performance metrics), Advize processes it on your behalf to provide the Service.

3) Information We Collect

From Meta (only with your explicit authorization):

• Pages & Engagement: Pages you manage; content and counts related to posts, comments, reactions; engagement/performance metrics allowed by scopes such aspages_show_list and pages_read_engagement.
• Ad Accounts & Campaigns: Ad accounts, campaigns, ad sets, ads; creative metadata (e.g., thumbnails, captions); budgets and performance metrics; reporting and audience-level aggregates permitted under ads_read.

From You (directly):

• Account & Contact: Name, work email, company, role, and authentication identifiers (including SSO profile attributes, if used).
• Support & Feedback: Messages and attachments you send to us.

Automatically (Service operation and security):

• Technical/Telemetry: IP address, device/browser type and version, timestamps, event logs, referrers, error diagnostics, and similar operational data.
• Cookies/Local Storage: Strictly necessary cookies (session/auth), and—if enabled—preference/analytics cookies.

We do not intentionally collect special categories of personal data (e.g., health, biometric) and we do not ingest your end-customer PII through the Service.

4) How We Use Information

• Provide the Service: Authenticate you, connect to Meta per your authorization, retrieve and display data, analyze creatives and campaigns, generate insights and reports.
• Maintain & Improve: Operate, secure, debug, and improve the Service; monitor performance; develop features.
• Communicate: Send transactional notices (security, updates). With consent or legitimate interest, send product news/education (you can opt out).
• Compliance & Safety: Enforce terms and platform policies; detect, investigate, and prevent fraud, abuse, or security incidents; meet legal obligations.

We do not post on your behalf or access private messages. We do not sell personal data.

5) Legal Bases (where applicable, e.g., GDPR/UK GDPR)

• Contract Performance (to provide the Service you requested).
• Legitimate Interests (security, improvement, limited B2B product communications).
• Consent (non-essential cookies, certain marketing).
• Legal Obligations (tax, regulatory, lawful requests).

6) Subprocessors and Third Parties

To run the Service, we use vetted vendors under written terms that require data protection and confidentiality. Typical categories include:

• Cloud Storage: AWS and Railway for storing processed creative assets and related files.
• Databases: Managed PostgreSQL for application data storage.
• Email & Communication: SMTP services for transactional and support-related emails.
• Error / Log Monitoring & Observability: Railway is used to monitor application logs, detect errors, track system performance, and ensure operational stability.
• Product Analytics: Tools used to understand feature usage, improve the Service, and enhance user experience.
• Authentication / SSO: Services used to provide secure login, identity verification, and single sign-on.

We also disclose information:

• To Meta as necessary for the integrations you authorize;
• For legal reasons (court orders, lawful requests);
• With your consent or at your direction.

We do not sell personal data.

7) International Transfers & Data Residency

Your information may be processed in countries where we or our subprocessors operate. Where cross-border transfers are required, we implement appropriate safeguards (e.g., Standard Contractual Clauses where applicable) to protect personal data in line with applicable laws. You can email contact@getadvize.ai for details.

8) Security

We implement industry-standard measures, including:

• Encryption in transit and at rest (where supported);
• Principle of least privilege; role-based access; MFA for admin access;
• Network and data segregation; audit/event logging;
• Secure development practices and vulnerability management;
• Vendor risk reviews and contractual safeguards;
• Incident response procedures and notifications without undue delay where legally required.

No method is 100% secure; please protect your credentials and use SSO/MFA where available.

9) Data Retention

We retain information only as long as needed for the purposes in this Policy or as required by law. Default windows (unless your plan/contract specifies otherwise):

• Connected Meta data (campaigns/creatives/metrics): up to 1 year from collection or last sync.
• Account/profile & configuration: for your account term plus 30 days after termination.
• System logs & security events: 60 days (longer if under investigation).
• Billing/transactional records: up to 3 years (legal/accounting).

Aggregated or de-identified data may be retained indefinitely.

10) Your Choices & Rights

• Disconnect / Revoke Access: Remove Advize’s permissions in Meta Business Manager or disconnect within the Service at any time.
• Marketing Preferences: Opt out via unsubscribe links or by emailing us. Transactional/security notices will still be sent.
• Access/Correction/Deletion: Email contact@getadvize.ai. We will verify your request and respond within the timelines required by applicable laws.
• Cookies: Manage via our banner (where shown) and your browser settings.

Rights for EEA/UK/Switzerland (summary)

Subject to law, you may have rights to access, rectify, erase, restrict, object, and data portability, and to withdraw consent at any time (without affecting prior lawful processing). You can lodge a complaint with your local supervisory authority.

Rights for California Residents (CPRA/CCPA summary)

Subject to law, you may have rights to know, delete, correct, opt-out of “sharing” for cross-context behavioral advertising (we do not “sell”), limit use of sensitive personal information (we do not collect it beyond payment processing by our vendors), and be free from discrimination for exercising your rights.

11) Deletion Process

When you request deletion or when your account terminates:

1. Your workspace is queued for deletion;
2. Active data is deleted within 30 days;
3. Remaining copies age out of backups within 35 days;
4. We confirm completion upon request;
5. Certain records (e.g., invoices) may be retained as required by law.

12) Cookies and Similar Technologies

We use:

• Strictly Necessary Cookies for authentication, sessions, and security;
• Preference/Analytics Cookies to improve the Service (only with consent where required).

You can adjust cookie settings in the banner (where presented) or in your browser. Blocking strictly necessary cookies may impair core functionality.

13) Children’s Privacy

The Service is not intended for children under 13. We do not knowingly collect personal information from children. If you believe we have, contact us and we will remove it.

14) Changes to this Policy

We may update this Policy from time to time. Material updates may be notified by email.

15) Contact

Company: Advize Creative Analytics Private Limited

Email: contact@getadvize.ai