Privacy Policy

1. Introduction

Welcome to ConvoAds ("we," "our," or "us"). We are committed to protecting your privacy and ensuring transparency about how we collect, use, and safeguard your personal information. This Privacy Policy explains our practices in compliance with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable privacy laws.

By using ConvoAds, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Information You Provide

• Email Address: We collect your email address when you create an account, request access, or subscribe to our newsletter.
• Name: Optional name information you provide during registration or profile setup.
• Campaign Data: Information you provide when creating advertising campaigns, including ad content, targeting preferences, and budget information.
• Communications: Content of messages you send us through contact forms, support requests, or email correspondence.

2.2 Automatically Collected Information

• Analytics Data: We use Cloudflare Analytics to collect aggregated, anonymized data about website usage, including page views, session duration, and geographic location (country-level only). Cloudflare Analytics is privacy-first and does not use cookies or track individual users.
• Pixel Tracking: When you create tracking pixels through our platform, we record the number of requests to those pixels and timestamps. This data is used solely for campaign analytics and is not shared with third parties.
• Technical Information: IP addresses (hashed and anonymized), browser type, device type, and operating system for security and fraud prevention purposes.
• Authentication Data: Temporary PIN codes sent to your email for login verification (automatically deleted after use or expiration).

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Delivery

• Providing access to your ConvoAds account
• Processing and managing advertising campaigns
• Sending authentication codes for secure login
• Providing customer support and responding to inquiries

3.2 Communications

• Transactional Emails: Account notifications, security alerts, campaign updates, and service-related announcements (cannot be opted out as they are essential for service delivery)
• Marketing Emails: Product updates, feature announcements, newsletters, and promotional content (you can opt out at any time)

3.3 Analytics and Improvement

• Understanding how users interact with our platform
• Improving our services, features, and user experience
• Detecting and preventing fraud, abuse, and security incidents

3.4 Legal Compliance

• Complying with legal obligations and responding to lawful requests
• Enforcing our Terms of Service and protecting our rights
• Preventing illegal activities and protecting user safety

4. Cookies and Tracking Technologies

4.1 Essential Cookies

We use essential cookies that are strictly necessary for the operation of our service. These cookies enable core functionality such as authentication, security, and session management. Essential cookies cannot be disabled as they are required for the platform to function properly.

4.2 Analytics Cookies

With your consent, we use Cloudflare Analytics to understand website usage patterns. Cloudflare Analytics is privacy-first and does not use traditional tracking cookies or collect personally identifiable information. You can opt out of analytics tracking at any time through your cookie preferences.

4.3 Marketing Cookies

With your consent, we may use cookies to personalize your experience and show relevant content. You can manage your marketing cookie preferences at any time.

4.4 Managing Cookies

You can manage your cookie preferences through our Cookie Settings page, accessible from the footer of our website. You can also configure your browser to refuse all cookies or alert you when cookies are being sent, though this may affect website functionality.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to third parties. We only share your data in the following limited circumstances:

5.1 Service Providers

• Cloudflare: Provides website analytics, security, and content delivery network (CDN) services. Cloudflare processes data in accordance with GDPR and has appropriate data processing agreements in place.
• Email Service Provider: Sends transactional and marketing emails on our behalf. Email data is processed securely and used solely for email delivery.

5.2 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Protect the safety of our users or the public

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your personal information for the following periods:

• Active Accounts: We retain your account data for as long as your account remains active and you continue to use our services.
• Account Deletion: When you request account deletion, your personal data is retained for 30 days to allow for account recovery if you change your mind. After 30 days, all personal data is permanently deleted from our systems.
• Analytics Data: Aggregated, anonymized analytics data is retained for 1 year for business intelligence and service improvement purposes.
• Pixel Tracking Data: Campaign tracking data is retained for 1 year or until you delete the associated tracking pixel.
• Authentication PINs: Temporary login PINs are automatically deleted within 15 minutes of creation or immediately after use.
• Legal Compliance: We may retain certain information for longer periods if required by law, such as tax records or legal dispute documentation.

7. Your Privacy Rights

7.1 GDPR Rights (EU Users)

If you are located in the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of the personal data we hold about you
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Right to Restriction: Request limitation of how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing of your data for direct marketing or legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

7.2 CCPA Rights (California Users)

If you are a California resident, you have the following rights:

• Right to Know: Request disclosure of personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the sale of personal information (note: we do not sell personal information)
• Right to Non-Discrimination: Exercise your privacy rights without discriminatory treatment

7.3 Exercising Your Rights

To exercise any of these rights, you can:

• Access your account settings to update or delete your information
• Use the "Delete Account" feature in your user settings
• Manage cookie preferences through our Cookie Settings page
• Contact us at [email protected] with your request

We will respond to your request within 30 days. We may need to verify your identity before processing certain requests to protect your privacy and security.

8. Children's Privacy

ConvoAds is not intended for use by children. We comply with the Children's Online Privacy Protection Act (COPPA) and GDPR requirements regarding children's data:

• Minimum Age: You must be at least 16 years old (or 13 years old in the United States) to use our services.
• We do not knowingly collect personal information from children under these age thresholds.
• If we become aware that we have collected personal information from a child without appropriate consent, we will take steps to delete that information immediately.
• If you believe we have collected information from a child, please contact us at [email protected].

9. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction:

• Encryption: All data transmission is encrypted using TLS/SSL protocols
• Authentication: Secure email-based PIN authentication system
• Access Controls: Strict access controls limit who can access personal data
• Regular Audits: Periodic security assessments and vulnerability testing
• Data Minimization: We only collect and retain data necessary for service delivery

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security practices.

10. International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

When we transfer personal data from the EEA to other countries, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions confirming adequate data protection levels
• Binding Corporate Rules for intra-group transfers

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email if you have an account with us
• Display a prominent notice on our website
• For material changes affecting your rights, obtain your consent where required by law

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

13. Legal Basis for Processing (GDPR)

For users in the EEA, we process your personal data based on the following legal bases:

• Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations to you
• Consent: You have given explicit consent for specific processing activities (e.g., marketing emails, analytics cookies)
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., fraud prevention, service improvement), provided your rights do not override these interests
• Legal Obligation: Processing required to comply with legal or regulatory requirements