Legal

Data Handling & Security

How we handle the data you trust us with — scopes, routing, retention, and the controls around it.

Last updated: July 13, 2026

This page explains, in practical terms, how Ad Spend Technologies, Inc. handles data across the Service. It supplements our Privacy Policy and Terms & Conditions.

For Connected Platform Data and other content customers route through the Service, we act as a processor / service provider: we process it on the customer's behalf and documented instructions to deliver the Service. We do not use it for our own independent purposes, do not use it to train generalized AI models, and do not build cross-customer benchmarks or datasets from it. Customers remain controllers of that data and are responsible for the rights, notices, and consents their own use requires.

We access each platform only through its official API, with the customer's OAuth authorization, requesting the minimum scopes needed. Data is used solely to provide the Service to the customer that connected it.

PlatformAccessData elementsPurpose
Google AdsRead; write only for customer-approved actionsCampaign/ad group/ad settings, change history, performance metrics, conversionsChange tracking, analysis, reporting; approved optimizations
Meta (Facebook/Instagram) AdsRead; write only for customer-approved actionsCampaign/ad set/ad settings, change history, performance metrics, conversions, creative metadataChange tracking, analysis, reporting; approved optimizations
LinkedIn AdsRead; write only for customer-approved actionsCampaign settings, performance metrics, conversionsChange tracking, analysis, reporting; approved optimizations
TikTok AdsRead; write only for customer-approved actionsCampaign settings, performance metrics, conversions, creative metadataChange tracking, analysis, reporting; approved optimizations
Reddit AdsReadCampaign settings, performance metrics, conversionsChange tracking, analysis, reporting
OpenAI Ads (ChatGPT advertising)Read (as support launches)Campaign settings, aggregate performance metricsAnalysis and reporting. We never access or receive ChatGPT conversation data

The Service uses automated systems and contracted AI Service Providers to help generate analysis and recommendations. Our AI Service Providers are contractually prohibited from training their models on customer data. Connected Platform Data reaches an AI Service Provider only where the applicable platform's terms permit it and only as necessary for a customer-facing feature the customer uses:

PlatformProcessed by AI Service Providers?
Google AdsOnly as permitted by Google's API policies (including Limited Use) and necessary for the customer's enabled analysis features
Meta AdsOnly as permitted by Meta's Platform Terms and necessary for the customer's enabled analysis features
LinkedIn AdsOnly as permitted under our approved Marketing API use case
TikTok AdsOnly as permitted under our approved scopes and review description
Reddit AdsOnly as permitted by Reddit's Ads API terms and necessary for the customer's enabled analysis features
OpenAI AdsAggregate campaign metrics only, as permitted by OpenAI's advertiser terms

We use a limited set of vetted providers to run the Service, each bound by contract to protect data and process it only to provide its service to us:

PurposeRoleReceives Connected Platform Data?
Cloud hosting, application delivery, and data storageProcessorYes (to host the Service)
AI / model processingProcessor (no training on customer data)Only per the platform-by-platform table above
Payment processing (Stripe)Independent controller for payment processing and fraud preventionNo
CRM, support, and customer communicationsProcessorNo
Meeting notes and recordings (with participant consent)ProcessorNo
Team messaging delivery (Slack / Microsoft Teams)Processor for delivery; workspace providers operate under their own terms with the customerOnly the analysis the customer routes to their own workspace
  • Disconnect a platform: Settings → Integrations → Disconnect, or email privacy@theadspend.com. Disconnection stops ingestion and results in revocation and deletion of the stored OAuth tokens.
  • Deletion: raw Connected Platform Data is deleted from production systems promptly following disconnection or account closure — and in any event within the timeframes the applicable platform's terms require — with backup copies removed in the ordinary course of our standard backup cycles.
  • Account deletion: closing an account triggers the retention schedule published in our Privacy Policy — platform data on the timeline above; audit, billing, and acceptance records retained only as narrow legal evidence.
  • Platform-initiated revocation: revoking our app's access from the platform's side has the same effect as disconnecting in-product.

We use technical and organizational measures designed to protect data, including: encryption in transit and at rest; encrypted storage of OAuth tokens with access restricted to the systems that need them, and revocation on disconnect; role-based access controls and least-privilege access for personnel; tenant isolation between customer workspaces; logging and monitoring across the Service; and an incident-response process that includes notification of affected customers as required by applicable law.

We describe our practices accurately and do not claim certifications we do not hold; where we obtain formal attestations, we will make them available to eligible customers. Suspected vulnerabilities can be reported to security@theadspend.com and will be acknowledged promptly; we ask reporters to practice responsible disclosure.

Production data is processed and stored in the United States. Where personal data is transferred from the EU/UK, we use appropriate safeguards, such as the EU Standard Contractual Clauses, where required.

We do not use Connected Platform Data or customer content to create cross-customer benchmarks, train generalized models, or develop datasets or offerings for anyone other than the customer that connected the data, unless that customer separately opts in in writing and the applicable platform permits it. We may use operational data — usage counts, performance and security telemetry, feedback, and fully de-identified statistics that do not contain or derive from platform data — to operate and improve the Service. We do not sell personal information.

For Customer Data that is personal data, we act as the customer's service provider / processor under our Terms and Privacy Policy. Customers that require separate data-processing terms may contact privacy@theadspend.com.

Data-handling questions: privacy@theadspend.com · Security reports: security@theadspend.com · Mail: Ad Spend Technologies, Inc., 1460 Broadway, New York, NY 10036, USA.