Adverge Media ("we", "our", or "us") operates a software platform that helps agencies manage ad campaigns and ad account data. This Privacy Policy explains how we collect, use, and protect information when you use our service.

1. Information we collect

• Account information — name, email, hashed password, and (if enabled) two-factor authentication backup codes.
• Agency information — agency name, custom domain, subscription tier, and branding preferences.
• Meta (Facebook) ad account data — ad account IDs, campaign names, performance metrics (spend, leads, conversions), and ad creative metadata obtained via the Meta Graph API with your explicit authorization.
• Usage data — login timestamps, IP addresses, user agent strings, and audit events for security purposes.

2. How we use information

• To provide and operate the dashboard service you signed up for.
• To authenticate you and protect your account from unauthorized access.
• To send transactional emails (password resets, invites, trial notices, security alerts).
• To diagnose technical issues and improve platform reliability.
• To comply with legal obligations and enforce our Terms of Service.

3. Data sharing

We do not sell personal information. We share data only with:

• Service providers — Vercel (hosting), Neon (database), Upstash (rate limiting), Resend (email), Meta Platforms (to fetch your ad data).
• Legal authorities — only when required by law.
• Platform operator — if you are using a white-labeled instance of this software, the agency that operates that instance may have access to usage data for support purposes.

4. Your rights (GDPR / CCPA)

You have the right to:

• Access — request a copy of your data (use Settings → Privacy → Download my data).
• Delete — request deletion of your account and associated data (use Settings → Privacy → Delete account).
• Correct — update inaccurate information in your profile.
• Object — email us if you object to any processing of your data.

5. Security

We protect your data with: password hashing (bcrypt cost 12), optional two-factor authentication, encrypted database connections (TLS), encrypted session tokens, IP-based rate limiting, and audit logging of all security events. We do not store Meta access tokens in plaintext where avoidable.

6. Data retention

• Account data — retained while the account is active. Deleted within 30 days of account deletion.
• Audit logs — retained for 180 days for security purposes.
• Ad performance data — retained while the Meta connection is active. Removed on account deletion or Meta disconnect.

7. Cookies

We use essential cookies only (session cookies for authentication, preference cookies for theme and UI state). We do not use third-party advertising cookies or analytics cookies that track you across websites.

8. Changes to this policy

We will post updated versions on this page with a new effective date. Material changes will be announced to active users via email.

9. Contact

Questions? Contact the agency that provided you access to this dashboard. If you are the operator of this platform, replace this paragraph with your own contact email and mailing address.