Back
    adPlusadPlus

    Privacy Policy

    Last updated: 2026-05-27

    1. Controller and Data Protection Officer (DPO)

    adPlus ("we") is the controller of personal data described in this policy. Our Data Protection Officer (Encarregado, LGPD art. 41) can be reached at [email protected]. Use this address for any request related to your data, including access, correction, deletion, portability, or to revoke consent.

    2. What personal data we collect

    Account data: email and a password hash (we never store the plaintext password). Meta connection: your Meta access token, Facebook user ID, name, granted scopes and token expiry — required to publish ads on your behalf. Ad data: creatives, copy variations, campaign and ad set configurations you upload. Technical metadata: IP and user-agent are recorded in our audit log and in Supabase's auth logs, used for security and abuse prevention.

    3. Legal basis (LGPD art. 7)

    Execution of contract (art. 7 V): authentication, account management, and publishing the ads you submit. Legitimate interest (art. 7 IX): operating the service safely — audit trail, fraud and abuse prevention, debugging support requests. We do not process special-category data.

    4. How we use your data

    We use your data exclusively to: (a) authenticate you and operate the service; (b) publish ads on Meta on your behalf via the official Marketing API v22.0; (c) maintain an audit trail of changes for accountability and incident response; (d) respond to support requests. We do not sell or share your data with advertisers or marketing partners.

    5. Sub-processors

    We rely on the following processors: Supabase (database, authentication, file storage and edge functions — region: sa-east-1, São Paulo, Brazil); Cloudflare (CDN, DNS, DDoS protection — globally distributed); Meta Platforms, Inc. (recipient of the ad data you publish, via the Marketing API). Each provider is bound by its own data protection commitments.

    6. Retention

    Active account data is retained while the account is active. Audit logs are purged automatically after 24 months. Upon account deletion (requested by you), your data is removed immediately; Supabase database backups retain encrypted snapshots for up to 7 days and then expire automatically.

    7. Your rights (LGPD art. 18)

    You have the right to: confirm processing and access your data — use Settings → Export my data; correct your data — Settings; request deletion — contact [email protected]; portability — the export is a structured JSON; revoke your consent to the Meta integration — Settings → Disconnect Meta; object to processing; request information about with whom we share your data — see section 5; and file a complaint with the ANPD (Autoridade Nacional de Proteção de Dados).

    8. Security

    We apply technical and organisational measures appropriate to the risk: TLS in transit and AES-256 at rest, row-level security on every table so users can only read their own data, segregated storage paths per user, your Meta access token stored encrypted via Supabase Vault (pgsodium) and accessible only to server-side functions with restricted grants, sensitive credentials never written to logs or included in data exports, and a full audit trail of every change. We disclose security incidents to affected users and to the ANPD when applicable.

    9. Cookies and local storage

    We use only essential storage: localStorage to remember your language preference, and a Cloudflare bot-protection cookie. We do not run analytics, advertising, or cross-site tracking.

    10. Children

    The service is intended for professional use and is not directed to minors under 18. We do not knowingly collect data from children.

    11. International transfers

    Personal data is processed primarily in Brazil (sa-east-1). Some processors (Cloudflare) operate globally and may process technical metadata abroad. International transfers, where they occur, rely on the bases of LGPD art. 33 — typically contractual safeguards with the processor.

    12. Changes to this policy

    We may update this policy. We will notify registered users by email at least 7 days before material changes take effect. Continued use of the service after that period constitutes acknowledgement of the revised policy.

    13. Contact

    For any privacy-related request or complaint: [email protected].

    © 2026 adPlus