Privacy policy - Ads Platform

This Policy explains what we collect, how we use and share it, choices you have, and your rights. It applies to our website, web app, APIs, and integrations.

• Account & Business Data: name, work email, company, role, phone, billing details, team membership.
• Auth & Connections: OAuth tokens/IDs for ad platforms (e.g., Meta, Google), ad account identifiers, pixel IDs, page IDs, permissions scopes.
• Customer Content (“Customer Data”): assets you upload (images, video, copy, product feeds), prompts, generated outputs, campaign settings and performance metadata you choose to ingest.
• Technical/Usage Data: device, browser, IP, locale, log files, diagnostics, feature usage, crash reports, cookie IDs.
• Support/Feedback: tickets, chat/email transcripts, surveys.
• Marketing (B2B): events/webinars, newsletter preferences, referral data.

• Provide the Service: authenticate users; connect to ad platforms; create, test, and deploy ad creative; report insights; support; bill; prevent abuse.
• Improve & secure: debugging, analytics, A/B tests, threat detection, capacity planning.
• Communications: service announcements, onboarding, product updates, and (with your choice) marketing.
• Compliance: enforce Terms, legal obligations, and platform policies (e.g., Meta Platform Terms).

• Your Customer Data is yours. We process Customer Data only to provide the Service to you, improve the platform and per your instructions.
• Model training: You may optionally enable “Improve Align Labs” to allow de-identified snippets for quality improvements; disable anytime in workspace settings. (Enterprise default: off.)
• Third-party models: When you choose a third-party model/provider, your prompts/outputs may transit that provider solely to fulfill your request.

We rely on: contract performance; legitimate interests (product safety, fraud prevention, analytics); consent (where required, e.g., certain cookies/marketing); and legal obligations.

If you connect a Meta property, we process Platform Data only for your chosen purposes (e.g., creating ads, reporting) and in compliance with Meta Platform Terms/Developer Policies. We do not sell Platform Data, do not transfer it to data brokers, and do not combine it with third-party data to build profiles except as permitted to provide the Service you requested. We honor user data deletion requests and remove Platform Data when you remove the app or revoke permissions.

• • Processors/Sub-processors: cloud hosting, storage, log/error monitoring, analytics, email, payments, and optional model providers—each bound by contract and security obligations. We maintain a current list at [your public link to sub-processors].
• • Legal/Safety: as required by law or to protect rights, security, or the Service.
• • Business transfers: merger, acquisition, or asset sale with notice and continued protections.

We use global infrastructure. Where required, we use approved transfer mechanisms (e.g., EU SCCs/UK IDTA)

We retain Customer Data for your subscription term and for a limited period after termination for backup/audit purposes, then delete or irreversibly anonymize. You can request earlier deletion (see §12).

We employ administrative, technical, and physical controls appropriate to the risk (encryption in transit, access controls, audit logging, vulnerability management). No system is 100% secure.

• Subject to law, you may request: access, correction, deletion, portability, restriction/objection, and complaint to a regulator.
• • EU/UK: contact your local DPA/ICO.
• • California: rights to know/access, delete, correct, opt-out of “sale/share,” limit sensitive data use, and non-discrimination. We do not sell or share personal information as defined by CPRA. If this changes, we will provide the “Do Not Sell or Share” link.
• • India (DPDPA): We align with the DPDP Act 2023 and forthcoming Rules; we will honor data principal rights as they come into force.

• • Workspace settings for integrations, data retention, model providers, and training opt-in/out.
• • Email preferences in profile or unsubscribe link.
• • Cookie controls via banner and browser settings.

We use strictly necessary cookies and, with consent where required, functional/analytics cookies.

The Service is for business use only and not directed to children under 16 (or as defined by local law).

We will post updates here and revise the “Effective” date. Material changes will be notified via email or in-product