Privacy PolicyPrivacy Policy

This Privacy Policy outlines how Adspectre Inc. ("Adspectre," "we," "us," and "our") collects, uses, processes, and protects your personal data when you use our platform and services. It also details your rights regarding your data and how we comply with applicable privacy laws, including GDPR, CCPA/CPRA, PIPEDA, Quebec Law 25, and other state privacy laws.

Policy Updates: We may update this Privacy Policy from time to time. Your continued use of our services after changes constitutes acceptance of the updated policy. We will notify you of material changes via email and through the platform.

1. Service Types and Data Handling

Adspectre offers two distinct service types, each with different data handling practices:

Direct Adspectre Service

When you sign up directly with Adspectre, you have full control over your data sharing preferences. This includes:

• Full access to all data subject rights under applicable privacy laws
• Complete control over data processing preferences
• Direct relationship with Adspectre for all data requests and concerns
• Granular privacy settings for AI features and analytics

Managed Account Service

When you access Adspectre through a managed account partner:

• Data sharing with your account manager is required for service delivery
• Your account manager acts as a service provider to deliver Adspectre's capabilities
• This data sharing is essential for the platform to function
• You maintain all other data rights except the ability to opt-out of sharing with your account manager
• Your account manager is contractually bound to protect your data and use it only for service delivery

Important: By choosing to use Adspectre through a managed account partner, you acknowledge and agree that data sharing is necessary for service delivery and cannot be opted out of while maintaining service access.

During signup, you will be asked to identify whether you are using Adspectre directly or through a managed account partner. This selection determines your available data sharing options.

2.1. Types of Personal Data Collected

Adspectre collects personal data from various sources to provide its services:

Critical Privacy Notice: How We Access Data

Personal & Platform Data: All social media account data (Facebook, Instagram, LinkedIn) is accessed exclusively through official, authorized APIs that require explicit user authentication and consent. We strictly comply with all platform privacy policies and terms of service. We never collect passwords, access private accounts, or harvest personal user data.

Public Web Research: Adspectre uses web search and publicly available sources (public websites, advertising libraries, news articles, industry publications) to build brand and competitive intelligence for your account. This research is used solely to improve creative output within the platform. No private accounts, direct messages, non-public profiles, or authenticated content is accessed during this process.

Data Provided Directly by Users:

This includes contact information such as name, email address, and phone number, as well as account credentials (excluding Facebook/Instagram passwords, which Meta's policies prohibit collecting directly). Billing and payment information, along with any correspondence or communications with Adspectre's support team, are also collected.

LinkedIn API Data Usage:

Adspectre uses LinkedIn's official application programming interfaces ("LinkedIn APIs") to enable organization-level publishing, analytics, and advertising functionality for authorized users. LinkedIn data is accessed only after a user explicitly authorizes the connection through LinkedIn's OAuth 2.0 authorization flow.

Adspectre accesses LinkedIn data solely to provide the functionality requested by the user and described in this Privacy Policy.

Categories of LinkedIn Data Accessed:

• Organization (Company Page) Data: Organization identifiers (URNs), Basic Company Page metadata, Organization-level post content created, scheduled, or published via Adspectre
• Organization Analytics: Post-level and organization-level analytics, including impressions, engagement metrics, and follower statistics
• Advertising Data: LinkedIn advertising account identifiers, Campaign, ad group, and creative metadata, Advertising performance and reporting data (such as impressions, clicks, and spend)

Adspectre does not access personal LinkedIn profile content, private messages, inbox data, comments outside of organization posts, Sales Navigator data, or recruiting data.

Purpose Limitation: LinkedIn data is accessed and processed exclusively for the following purposes:

• Publishing and scheduling organic posts to LinkedIn Company Pages
• Displaying organization-level analytics and performance metrics
• Creating, managing, and reporting on LinkedIn advertising campaigns for authorized advertising accounts

Adspectre does not perform automated engagement actions, including liking, commenting, following, connecting, or messaging.

Authorization and User Control: Only users who are authorized administrators or approved users of a LinkedIn Company Page or advertising account may connect those assets to Adspectre. Adspectre does not obtain access to any LinkedIn organization or advertising account without explicit user authorization.

Users retain full ownership and control of their LinkedIn accounts, Company Pages, and advertising accounts at all times. Users may revoke Adspectre's access to LinkedIn data at any time by:

• Disconnecting the LinkedIn integration within Adspectre, or
• Removing Adspectre from the list of authorized applications in their LinkedIn account settings

Data Storage and Retention: Adspectre stores LinkedIn data only to the extent necessary to provide the requested services. This may include:

• Secure storage of organization and advertising account identifiers
• Temporary caching of analytics or reporting data for display and operational purposes
• Storage of user-generated content created or scheduled through the platform

LinkedIn access tokens are stored securely and encrypted. LinkedIn data is retained only while the integration remains active or as required to comply with applicable legal or contractual obligations. When a user disconnects the LinkedIn integration, associated LinkedIn data is deleted or anonymized in accordance with Adspectre's data retention policies.

Data Sharing and Use Restrictions: Adspectre does not sell, license, rent, or otherwise disclose LinkedIn data to third parties for marketing, advertising, profiling, or data enrichment purposes.

LinkedIn data is shared only with service providers acting on Adspectre's behalf (such as hosting and infrastructure providers) strictly as necessary to operate the platform, and only under contractual confidentiality and data protection obligations.

Security Safeguards: Adspectre implements technical and organizational safeguards designed to protect LinkedIn data, including:

• OAuth 2.0-based authentication and authorization
• Encrypted storage of credentials and access tokens
• Role-based access controls
• Logical isolation of client data

Access to LinkedIn data is restricted to authorized systems and personnel required to operate the platform.

Compliance Statement:Adspectre's use of LinkedIn data complies with LinkedIn's API Terms of Use and applicable data protection laws. LinkedIn data is accessed and used solely to provide the functionality explicitly enabled by the user and described in this Privacy Policy.

TikTok API Data Usage:

Adspectre uses TikTok's official Login Kit and Content Posting API to enable users to authenticate with TikTok and publish video content directly to their TikTok profile. TikTok data is accessed only after a user explicitly authorizes the connection through TikTok's OAuth 2.0 authorization flow.

Adspectre accesses TikTok data solely to provide the functionality requested by the user and described in this Privacy Policy.

Categories of TikTok Data Accessed:

• Profile Information: Display name, avatar, and username obtained via the user.info.basic scope through Login Kit
• Publishing Capabilities: Privacy level options, interaction settings (comment, duet, and stitch toggles), and maximum video duration obtained via the creator info query
• Content Publishing: Ability to publish user-created video content directly to the user's TikTok profile via the video.publish scope through the Content Posting API
• OAuth Tokens: Access tokens (24-hour TTL) and refresh tokens (365-day TTL), stored server-side and encrypted

Purpose Limitation: TikTok data is accessed and processed exclusively for the following purposes:

• Authenticating users via TikTok's OAuth 2.0 Login Kit
• Querying creator info to render the publishing interface
• Publishing user-created video content to TikTok on the user's behalf
• Displaying publishing status and results

Adspectre does not access private TikTok messages, follower lists, or video analytics. Adspectre does not use TikTok data to train AI models, perform automated engagement (liking, commenting, following), or share TikTok user data with other users or third parties.

Data Sharing with TikTok: When users interact with TikTok-powered features on Adspectre via the Content Posting API, Developer Data is shared with TikTok. This includes technical information (IP address, device type, browser) and the video content being published. This sharing is strictly limited to what is required to fulfill the publishing request initiated by the user.

Authorization and User Control:Only users who have authorized the TikTok integration through TikTok's OAuth flow may publish content via Adspectre. Users retain full ownership and control of their TikTok accounts and content at all times. Users may revoke Adspectre's access to TikTok at any time by:

• Disconnecting the TikTok integration within Adspectre's settings, or
• Removing Adspectre from the list of authorized applications in their TikTok account settings

Upon disconnection, TikTok OAuth tokens are deleted from Adspectre's systems.

Data Storage and Retention:Adspectre stores TikTok data only to the extent necessary to provide the requested services. TikTok OAuth tokens are stored securely and encrypted, and are deleted when a user disconnects the integration. Published content metadata is retained per Adspectre's standard campaign data retention period.

Data Sharing and Use Restrictions: Adspectre does not sell, license, rent, or otherwise disclose TikTok Developer Services data to third partiesfor marketing, advertising, profiling, data enrichment, or cross-context behavioral advertising purposes. This commitment complies with TikTok's Data Sharing Agreement and applicable data protection laws including CCPA/CPRA.

Compliance Statement:Adspectre's use of TikTok data complies with TikTok's Developer Terms, Data Sharing Agreement, and applicable data protection laws. TikTok data is accessed and used solely to provide the functionality explicitly enabled by the user and described in this Privacy Policy.

Data Collected via Facebook Graph API (Meta Platforms):

When you connect your Facebook and Instagram accounts to Adspectre, we access the following data through Meta's authorized APIs using the permissions you explicitly grant:

Facebook Account Data:

• Profile Information: Name, email address, profile picture (via public_profile and email permissions)
• Pages Data: List of managed Pages, Page insights and engagement metrics (via pages_read_engagement and pages_show_list permissions)
• Content Management: Ability to publish posts and manage content on your Pages (via pages_manage_posts permission)
• Advertising Data: Ad account IDs, Business Manager access, campaign structures, ad set configurations, ad creatives, bidding strategies, budgets, and performance metrics including impressions, clicks, conversions, ROAS, and spend (via ads_read permission)
• Ad Management: Ability to create, modify, pause, and optimize advertising campaigns, ad sets, and ads; adjust budgets and bids; manage audiences and targeting; create custom and lookalike audiences (via ads_management permission)

Instagram Business Account Data:

• Account Information: Instagram Business Account ID, username, profile information (via instagram_basic permission)
• Content Publishing: Ability to publish photos, videos, and stories to Instagram (via instagram_content_publish permission)
• Insights: Post performance, audience demographics, reach, and engagement metrics
• Media: Access to your Instagram posts, stories, and IGTV content for analysis and reposting

Important: We only request permissions necessary for the features you use. You can revoke these permissions at any time through your Facebook Settings or by disconnecting your accounts in Adspectre.

Advertising Data:

When you connect advertising accounts, we access campaign performance, spend data, and audience insights solely to provide you with unified reporting and optimization recommendations. Ad spend and targeting data is encrypted and isolated per account. We never share your advertising strategies or performance data with other users, and each account's advertising data remains completely separate from all other accounts.

Important: Ad Spend Authorization. By granting ads_management permission, you authorize Adspectre to manage ad spend on your behalf within the budgets you set. You remain responsible for all advertising costs incurred. We implement spend limits, budget alerts, and require explicit confirmation for budget changes exceeding your preset thresholds.

Critical: AI Safety Controls - READ-ONLY Architecture. Our AI systems have ZERO write access to ANY Meta APIs - this includes both advertising AND organic content.This is an immutable architectural decision built into our platform's foundation.

Universal AI Restrictions (Applies to ALL Meta APIs):

• AI cannot publish posts to Facebook Pages or Instagram
• AI cannot reply to comments or messages
• AI cannot create, modify, or delete campaigns
• AI cannot change budgets, bids, or targeting
• AI cannot access or modify payment methods
• AI cannot make ANY changes that affect your accounts

What our AI CAN do (Read-Only Operations):

• Analyze performance metrics and identify trends
• Generate content suggestions and ad copy drafts
• Recommend optimal posting times and frequencies
• Suggest budget allocations and bid strategies
• Predict performance based on historical patterns
• Identify underperforming campaigns or content

Human-in-the-Loop Requirement:

• ALL AI suggestions require explicit human approval
• Users maintain full control over what gets published
• Every action that touches Meta's APIs requires user authentication
• AI-generated content is clearly marked as drafts

Why This Architecture Matters:AI systems can "hallucinate" - generate plausible-sounding but incorrect outputs. In advertising, this could mean suggesting a $10,000 daily budget instead of $100. In organic content, this could mean posting inappropriate content that violates community guidelines. By completely separating AI analysis from API write access, we eliminate these risks entirely. This isn't a configuration setting that could be changed - it's how our system is built at the most fundamental level.

Technical Implementation: Our AI services run in isolated containers without Meta API credentials. Only human-authenticated sessions can execute write operations through separate, audited services.

Our Commitment to Your Account Health.We understand that your Meta advertising accounts and business pages are critical assets that you've built over years. A single policy violation or spending error could damage your account standing or, worse, lead to suspension. That's why we've built Adspectre with account protection as our highest priority.

• Policy Compliance First: Our platform includes built-in checks for Meta's advertising policies, flagging potential violations before they reach your account.
• Gradual Scaling: We recommend conservative budget increases and audience expansions to maintain account stability and quality scores.
• Account Health Monitoring: Real-time alerts for unusual activity, spend spikes, or performance anomalies that could indicate issues.
• Relationship Preservation: We never use aggressive tactics that could harm your long-term relationship with Meta's platforms.

Your success on Meta's platforms is our success. We're not just a tool - we're your partner in sustainable, compliant growth that protects the advertising accounts and organic reach you've worked hard to build.

Automatically Collected Data:

As users interact with the Adspectre website and services, certain information is automatically gathered. This includes device information (e.g., device type, operating system, browser type), usage data (e.g., pages visited, features used, time spent on the platform), IP address, and advertising ID.

We are committed to transparency regarding what data is collected, particularly data accessed through the Facebook Graph API (e.g., "Facebook Ad Account IDs," "Instagram Ad Performance Data"). This granular mapping is essential for demonstrating adherence to the "Right to be Informed" and "Data Minimization" principles, and for enabling users to make truly informed consent decisions.

2.2. Our Commitment to Data Anonymization

Anonymization-First Architecture

Adspectre is built on the principle of data minimization and anonymization. We automatically anonymize your data at multiple stages throughout our platform to ensure maximum privacy protection:

Real-Time Anonymization:

• Personal identifiers are stripped before data enters our analytics pipeline
• Email addresses are converted to non-reversible hashes for analytics
• Names and usernames are replaced with anonymous IDs
• IP addresses are separated - full IPs retained only for security (fraud detection, rate limiting) while analytics receives only country/region data

AI Processing on Anonymized Data:

• All AI models work exclusively with anonymized datasets
• Pattern recognition occurs without knowing user identities
• Insights are generated from behavioral patterns, not personal data
• Even debugging logs contain only anonymized information

Aggregate Analytics:

• Performance metrics are aggregated before storage
• Individual actions are never stored with user identifiers
• Trend analysis uses statistical models on anonymized data
• Export reports contain only anonymized metrics

What This Means For You:

• Your personal identity is protected even from our own systems
• Data breaches cannot expose personal information that doesn't exist
• We can provide powerful insights without knowing who you are
• Anonymization is irreversible - we cannot re-identify data even if asked

The only non-anonymized data we maintain is the minimum required for: (1) account management and authentication, (2) billing and payment processing, and (3) security and fraud prevention. This data is stored separately from all analytics data with additional encryption layers and strict access controls.

Security vs Privacy Balance: While we maximize anonymization for analytics and AI processing, we maintain certain identifiers (like full IP addresses) exclusively for security purposes - detecting unauthorized access, preventing fraud, and protecting your account. These security logs are isolated from our analytics systems and automatically deleted after 30 days unless required for active security investigations.

2.3. Purposes of Data Collection and Processing

Personal data is collected and processed by Adspectre for specific, legitimate purposes:

To Provide and Improve Services:

The primary purpose is to enable users to connect and manage their Facebook ad and business pages, and Instagram ad and business pages. This includes facilitating the creation, management, and optimization of ad campaigns on Meta platforms, providing performance analytics and reporting to users, and generally personalizing and improving the Adspectre platform and user experience. Analyzing content provided by users to offer intelligent suggestions is also a key service-related purpose.

Communication:

Data is used to respond to user inquiries, provide customer support, send service-related notifications, and communicate updates regarding terms and policies. With appropriate consent, it may also be used for delivering newsletters or other marketing communications.

Security and Compliance:

Data processing is necessary for verifying accounts and activity, combating harmful conduct, maintaining the integrity of Adspectre's services, and investigating suspicious activities or breaches of the Terms of Use. It also ensures compliance with legal obligations and regulatory requirements.

Analytics and Research:

Adspectre conducts internal analytics to understand and improve its services. This often involves the use of aggregated, de-identified, or anonymized insights where possible. Such information may also be used for marketing or advertising purposes, provided it is truly aggregated and de-identified or anonymized to the point where it cannot be re-identified.

Automated Analysis and Insights:

We use AI-powered systems to analyze your anonymizedperformance data to provide recommendations, identify trends, and generate reports. Before any AI processing, we strip all personally identifiable information (PII) including names, emails, and specific account identifiers. This anonymization happens automatically and irreversibly - even our engineers cannot trace insights back to individual users. Your anonymized data is never used to train models that benefit other users, and each business account's data is processed in isolation.

Data Isolation:

Each business account's data is processed in isolation. We never combine data across different businesses, even for aggregated insights. Your data is used to provide insights for your account only. This isolation extends to our AI systems, which analyze each account independently without cross-pollination of insights or patterns.

2.4. Legal Bases for Processing Personal Data (GDPR Article 6)

For each processing activity involving personal data, Adspectre identifies and relies upon a valid legal basis under GDPR. These bases include:

• Performance of a Contract: Processing is necessary for the performance of a contract with the data subject or to take steps at the request of the data subject prior to entering into a contract. This applies to data processing directly required to deliver Adspectre's core services, such as enabling users to manage their ad campaigns and business pages.
• Consent: Where processing is not strictly necessary for contract performance or other legal bases, explicit consent is obtained. This is particularly relevant for marketing communications, the use of non-essential cookies, or certain types of analytics. Consent must be freely given, specific, informed, and unambiguous, and it must be as easy for the data subject to withdraw as it was to give.
• Legitimate Interests: Processing may be based on Adspectre's legitimate interests (e.g., fraud prevention, service improvement, network security), provided these interests do not override the fundamental rights and freedoms of the data subject.
• Legal Obligation: Processing may be necessary for compliance with a legal obligation to which Adspectre is subject (e.g., data retention for tax purposes, responding to lawful government requests).

2.5. Data Sharing and Disclosure

Adspectre engages in data sharing and disclosure under specific circumstances:

• With Meta Platforms: Data is shared with Meta (Facebook, Instagram) to facilitate the functionality of the Facebook Graph API, which is integral to enabling ad and business page management services. Adspectre is obligated to obtain consent or clear direction from end users before providing any Developer User Data to Meta.
• With Managed Account Partners: For users accessing Adspectre through a managed account partner, data sharing with that partner is required for service delivery. The partner acts as a service provider performing services on Adspectre's behalf. This sharing is limited to what is necessary to provide you with Adspectre's services. Partners are contractually bound through comprehensive Data Processing Agreements to protect your data, use it solely for service delivery, and comply with all applicable privacy laws.
• With Third-Party Service Providers: Personal data may be shared with trusted third-party service providers who perform functions on Adspectre's behalf. These include, but are not limited to, cloud hosting providers, payment processors, analytics providers, and customer support tools. These providers are contractually bound to protect data and use it solely for the specified purposes, often under Data Processing Agreements.
• For Legal Reasons: Data may be disclosed if required by law, court order, governmental request, or when necessary to enforce Adspectre's policies, or to protect the rights, property, or safety of Adspectre, its users, or the public.
• In Business Transfers: In the event of a merger, acquisition, or asset sale, user data may be transferred as part of the transaction.
• Aggregated/De-identified Data: Adspectre reserves the right to share aggregated or de-identified information that cannot reasonably be used to identify an individual, for purposes such as industry analysis or marketing.

2.6. User Rights and Choices Regarding Their Data

Adspectre is committed to upholding the data rights of its users as mandated by applicable laws. The Privacy Policy serves to inform users clearly and transparently about these rights and how to exercise them.

GDPR Data Subject Rights:

• Right to be Informed: Individuals have the right to receive clear and transparent information about the collection and processing of their personal data.
• Right of Access: Users can request confirmation of whether their personal data is being processed and obtain a copy of that data.
• Right to Rectification: Users have the right to request the correction or updating of inaccurate personal data.
• Right to Erasure ("Right to be Forgotten"): Under certain circumstances, users can request the deletion of their data.
• Right to Restrict Processing: Users can limit how their data is processed under specific conditions.
• Right to Data Portability: Users can request to receive their data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Right to Object: Users have the right to object to the processing of their personal data, particularly for direct marketing purposes. This right must be easy to exercise.
• Rights related to Automated Decision-Making and Profiling: Users have the right to be informed if automated decisions are made about them and to challenge such decisions. Adspectre will disclose if its AI-driven features involve profiling that significantly impacts users.

CCPA/CPRA Specifics (for California Residents):

Important Notice: Adspectre does NOT sell personal information. We have never sold personal information and have no plans to ever sell personal information. This is a core principle of our business.

Your California Rights: You have the right to know what personal information we collect, delete your personal information, correct inaccurate information, and limit the use of sensitive personal information. You also have the right to non-discrimination for exercising your privacy rights.

For Managed Account Users:The sharing of data with your account partner is necessary for service delivery and is done under a service provider agreement. This is not a "sale" under CCPA/CPRA. The partner is contractually prohibited from using your personal information for any purpose other than providing Adspectre's services to you.

PIPEDA Rights (for Canadian Residents):

Individuals have rights to access their personal information, challenge its accuracy, and challenge the organization's compliance with PIPEDA. They also have the right to withdraw consent.

Quebec Law 25 Rights (for Quebec Residents):

Individuals have rights to access, review, and correct their personal information, and to withdraw consent. The law also introduces rights to de-indexation and re-indexation.

2.7. Managing Your Privacy Settings

Control Your Data & AI Features

Adspectre provides granular control over how your data is processed and analyzed. You can manage these settings directly from your account dashboard:

AI-Powered Features: You can disable AI-powered insights and analysis at any time through your account settings. This will limit functionality to basic reporting only. When disabled:

• No AI analysis will be performed on your data
• You'll receive standard metrics without predictive insights
• Content recommendations will be disabled
• Optimization suggestions will not be generated

Data Processing Preferences:

• Performance Analytics: Choose between detailed or summary-only reporting
• Automated Optimization: Enable/disable automatic campaign adjustments
• Cross-Platform Insights: Control whether data from different platforms can be combined for insights
• Historical Analysis: Set how far back AI should analyze your data (30, 60, or 90 days)

Data Sharing Controls: For managed account users, you can control:

• Which team members can access your account data
• What level of detail is visible to your account manager
• Whether your account manager can export your data
• Notification preferences for data access events

To modify any of these settings, log into your Adspectre account and navigate to Settings → Privacy & Data. Changes take effect immediately, though some cached insights may remain visible for up to 24 hours.

2.8. Data Retention Periods

Adspectre adheres to the principle of storage limitation, retaining personal data only for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, or reporting requirements. Specific retention periods are determined based on the type of data and its purpose. Once data is no longer needed, it is securely destroyed, erased, or anonymized to prevent unauthorized access or use.

Specific Retention Periods:

* Retention periods may be extended if required by law, legal proceedings, or with your consent.

Analytical Data Note: Data derived from AI processing is retained for 90 days unless you request earlier deletion. Aggregated insights that cannot be traced to individual accounts may be retained longer for product improvement.

2.9. Enterprise-Grade Security Measures

Database-Level Data Isolation

Adspectre uses Row-Level Security (RLS) at the database layer as one of multiple security measures to help protect your data:

• Account separation: Each account's data is isolated at the database level using access controls
• Defense in depth: Multiple security layers work together to reduce risk
• Access restrictions: Database rules help prevent unauthorized cross-account data access
• Activity logging: Data access attempts are logged for security monitoring

Beyond RLS, Adspectre maintains multiple layers of security protection:

• Data encryption: Industry-standard encryption for data in transit and at rest
• Access controls: Multi-factor authentication and principle of least privilege
• Security monitoring: Continuous monitoring for threats and vulnerabilities
• Employee policies: Strict data access policies with comprehensive audit logging
• Infrastructure protection: Enterprise-grade hosting with redundancy and protection measures

Multi-Tenant Security:For teams managing multiple brands or clients, each account's data exists in its own security context. RLS ensures that users can only access the specific accounts they've been authorized to manage, preventing accidental data mixing or unauthorized access.

Our Security Commitment & Transparency: We believe in being honest: no system is 100% secure. Even the largest tech companies with unlimited resources experience breaches. What matters is how seriously we take security and how we respond when issues arise.

What we do:

• Implement security best practices and stay current with emerging threats
• Regularly review and update our security measures
• Minimize data collection and maximize anonymization
• Maintain incident response procedures

Our promise if a breach occurs:

• Notify affected users within 72 hours of discovery
• Provide clear information about what data was affected
• Take immediate steps to contain and remediate the issue
• Cooperate fully with regulatory authorities
• Learn from the incident and strengthen our defenses

By using Adspectre, you acknowledge that while we implement robust security measures, you should never store extremely sensitive information (like social security numbers or health records) in any marketing platform, including ours.

2.10. International Data Transfers and Safeguards

Adspectre may transfer and store personal data in countries outside of the user's country of residence, including to servers in jurisdictions such as the United States. The inherently global nature of Adspectre's service, coupled with its integration with Meta's worldwide operations, necessitates a proactive and continuously evolving approach to international data transfer compliance.

For transfers of personal data from the EU/EEA, UK, or Quebec to countries not deemed to provide an adequate level of data protection, Adspectre implements appropriate safeguards, such as:

• Standard Contractual Clauses (SCCs): These are standardized legal provisions approved by the European Commission, providing a framework for transferring personal data and imposing data protection obligations on both the transferring and receiving parties.
• Transfer Impact Assessments (TIAs) / Privacy Impact Assessments (PIAs): Adspectre conducts assessments to identify and evaluate the risks involved in transferring personal data outside a specific jurisdiction. These assessments consider the specific circumstances of the transfer, including the categories and format of the data, the type of recipient, and the relevant local laws and practices in the destination country. This is a mandatory requirement for transfers under Quebec Law 25.
• Binding Corporate Rules (BCRs): If applicable for internal group transfers, BCRs provide a framework for data transfers within a corporate group, subject to approval by relevant data protection authorities.
• Explicit Consent: In specific situations where other transfer mechanisms are not feasible or applicable, explicit consent may be obtained from individuals for data transfers.

Adspectre also ensures that data is encrypted during transmission for all cross-border transfers. The dynamic nature of international data transfer regulations, exemplified by developments like the EU-US Data Privacy Framework, requires Adspectre to commit to ongoing monitoring and regular updates of its transfer mechanisms and assessments to ensure continuous compliance.

2.11. Age Restrictions - 18+ Only Platform

Adspectre is strictly an 18+ platform. Users must be at least 18 years old to create an account or use our services. This is a non-negotiable requirement due to:

• The platform's ability to manage advertising budgets and incur financial obligations
• Access to business-critical Facebook and Instagram accounts
• Legal requirements for entering into binding contracts
• Meta's policies regarding business account management

We implement age verification measures during account creation and do not knowingly collect, use, or disclose information from anyone under 18. For users in Quebec, we specifically comply with Quebec Law 25 regarding minors. If we discover that someone under 18 has created an account or provided us with personal information:

• The account will be immediately terminated
• All associated data will be permanently deleted
• Any connected Meta accounts will be disconnected
• No refunds will be provided for any fees paid

If you become aware that someone under 18 has created an account on Adspectre, please contact us immediately at hello@adspectre.ai.

2.12. Cookie Policy

We use cookies and similar tracking technologies to track activity on our platform and hold certain information. Cookies are files with small amounts of data which may include an anonymous unique identifier. For detailed information about our use of cookies, how to manage cookie preferences, and our response to Do Not Track signals, please refer to our separate Cookie Policy.

Do Not Track:Some browsers incorporate a "Do Not Track" (DNT) feature that signals to websites that you do not want to be tracked. Currently, our platform does not respond to DNT signals.

2.13. Meta Platform Integration & Compliance

Meta Platform Integration

Adspectre integrates with Meta's business APIs to provide marketing services. We maintain strict compliance with Meta's Platform Terms, Developer Policies, and data protection requirements. Our platform utilizes the following Meta API permissions to deliver comprehensive marketing services:

Facebook Business Permissions:

• pages_read_engagement - Analytics & insights
• pages_manage_posts - Content publishing
• pages_show_list - Account management
• ads_read - Campaign analytics
• ads_management - Campaign optimization
• email - Account verification
• public_profile - User identification

Instagram Business Permissions:

• instagram_basic - Account access
• instagram_content_publish - Content management

All permissions are granted through OAuth 2.0 secure authentication.

How We Use Meta Platform Data

Our integration with Meta platforms enables powerful marketing automation while maintaining the highest standards of data protection:

• Multi-Client Management: Marketing teams can securely manage multiple client Facebook Pages and Instagram accounts from our centralized dashboard, with proper authorization and access controls
• AI-Powered Content Publishing: Schedule and publish optimized marketing content to Facebook Pages and Instagram Business accounts, with AI analyzing best posting times and content formats
• Advanced Campaign Management: Create, optimize, and scale Facebook and Instagram advertising campaigns using proprietary AI algorithms that respect user privacy
• Real-Time Performance Analytics: Access comprehensive insights and reporting on content engagement, ad performance, and ROI metrics
• Privacy-First AI Analysis: Our AI models analyze your account's aggregated, anonymized performance patterns to provide insights specific to your business - never using data from other accounts

Our Data Protection Commitments:

• We NEVER sell user data - not to advertisers, data brokers, or any third parties
• Facebook and Instagram data is used solely for providing our services to you
• All data access strictly follows Meta's Platform Policies and Terms of Service
• We maintain enterprise-grade encryption for all stored Meta platform data
• Regular security audits ensure ongoing compliance with Meta's requirements
• Data retention follows the principle of minimum necessary duration
• Users maintain full control and can revoke access at any time

2.14. Data Deletion and Account Control

Complete Data Control & Deletion Rights

We believe in complete transparency and user control over personal data. You can request immediate deletion of your data through multiple convenient methods:

1. Instant Self-Service Deletion: Delete your account and all associated data instantly from your account settings. This action is immediate and includes all Facebook and Instagram data. Access Data Deletion Portal

2. Privacy Team Support: Our dedicated privacy team responds to all deletion requests within 24 hours. Email: hello@adspectre.ai

3. Direct Platform Revocation:Revoke Adspectre's access directly through Meta's platforms:

• Facebook: Settings & Privacy → Settings → Apps and Websites → Adspectre → Remove
• Instagram: Settings → Apps and Websites → Active → Adspectre → Remove

Data Deletion Timeline & Process

Legal Retention Exceptions: Certain records may be retained longer if required by law (e.g., financial records for tax compliance) or if necessary for legal proceedings. These records are securely isolated and used only for required legal purposes.

2.15. Third-Party Service Providers

Adspectre works with trusted third-party service providers (such as cloud hosting, payment processors, and analytics services) to deliver our services. These providers are contractually bound to protect your data and use it only for the specific purposes we authorize.

We do not retain personal information from any third-party services to develop, improve, or train generalized AI or machine learning models. All third-party integrations are subject to strict data protection agreements and regular security audits.

2.16. User Data Rights and Exercise Mechanisms

3. State-Specific Privacy Rights

3.1. California Privacy Rights (CCPA/CPRA)

In addition to the rights mentioned above, California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You can request information about the personal information we collect, use, and disclose
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions
• Right to Correct: You can request correction of inaccurate personal information
• Right to Limit Use: You can limit use and disclosure of sensitive personal information
• Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights
• No Sale of Data: We do not sell personal information, so there is no need to opt-out

Authorized Agents:You may designate an authorized agent to make requests on your behalf. We may require verification of the agent's authority and your identity.

Shine the Light: California residents may request information about disclosure of personal information to third parties for direct marketing purposes.

3.2. Colorado Privacy Rights (CPA)

Colorado residents have the right to opt-out of targeted advertising, sale of personal data, and profiling in furtherance of decisions that produce legal or similarly significant effects. You also have rights to access, correct, and delete your personal information, and the right to appeal if we decline to take action on your request.

3.3. Connecticut Privacy Rights (CTDPA)

Connecticut residents have similar rights to access, correct, delete, and obtain a copy of personal data, as well as to opt-out of targeted advertising, sale, and certain profiling activities. You have the right to appeal our decision if we decline your request.

3.4. Utah Privacy Rights (UCPA)

Utah residents have the right to access, delete, and obtain a copy of personal data, and to opt-out of targeted advertising and the sale of personal data.

3.5. Virginia Privacy Rights (VCDPA)

Virginia residents have rights to access, correct, delete, and obtain a copy of personal data, to opt-out of targeted advertising, sale, and profiling, and to appeal decisions regarding their requests.

To exercise any of these state-specific rights, please contact us using the information in the Contact Us section below. We will respond to your request within the timeframe required by applicable law.

4. International Data Transfers and Compliance

Adspectre is headquartered in Montreal, Quebec, Canada. When you use our services, your personal information may be transferred to and processed in countries other than your country of residence, including to our service providers and cloud infrastructure.

Canadian Privacy Compliance

As a Canadian company, Adspectre is primarily regulated by the Privacy Commissioner of Canada under PIPEDA (Personal Information Protection and Electronic Documents Act) and by the Commission d'accès à l'information du Québec under Quebec Law 25.

For international data transfers, we implement appropriate safeguards including:

• Contractual clauses with service providers ensuring equivalent protection
• Encryption of all data in transit and at rest
• Regular privacy impact assessments for cross-border transfers
• Compliance with sector-specific requirements for each jurisdiction

Global Privacy Standards

While headquartered in Canada, Adspectre voluntarily adheres to international privacy standards including:

• GDPR Standards: For European users, we follow GDPR requirements even though not directly subject to EU jurisdiction
• US State Laws: We comply with CCPA, CPRA, and other US state privacy laws for American users
• APEC Privacy Framework: Following cross-border privacy rules for Asia-Pacific region users

For privacy complaints or inquiries, Canadian users may also contact the Privacy Commissioner of Canada at www.priv.gc.ca.

Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data rights, please contact us at hello@adspectre.ai. For general contact information, mailing addresses, and other departments, please visit our Contact Page. We aim to respond to all privacy-related requests within 30 days, or sooner if required by applicable law.

Impact-Site-Verification: f22b389a-665a-4f41-b42a-320558fb4238