Privacy Policy
Last updated: March 2026
1. Introduction
AdAtlas ("we", "our", "us") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect information about you when you use our platform at app.adatlas.io and www.adatlas.io (collectively, the "Service").
We are subject to the General Data Protection Regulation (GDPR) as an EU-based company. If you have questions, contact us at privacy@adatlas.io.
We are subject to the General Data Protection Regulation (GDPR) as an EU-based company. If you have questions, contact us at privacy@adatlas.io.
2. Data We Collect
2.1 Account Information
When you register, we collect your name, email address, and authentication credentials (via Google OAuth or Apple OAuth). We do not store your OAuth provider passwords.
2.2 Meta API Tokens
To connect your Meta ad accounts, we store encrypted Meta OAuth access tokens. These tokens are used solely to fetch ad account data and perform actions (such as uploading ads) on your behalf through the Meta Marketing API. You can revoke these tokens at any time from your Meta Business settings.
2.3 Ad Account Data
We retrieve and store campaign, ad set, ad, and creative data from your connected Meta ad accounts to provide our analytics and management features. This data is associated with your AdAtlas account and is not shared with other users.
2.4 Usage Data
We collect usage data including page views, feature interactions, session duration, and error logs. This is used to improve the Service and diagnose technical issues.
2.5 Billing Information
Payment processing is handled by Stripe. We do not store your full credit card number. We receive and store billing metadata (subscription status, last 4 digits, expiry) from Stripe.
When you register, we collect your name, email address, and authentication credentials (via Google OAuth or Apple OAuth). We do not store your OAuth provider passwords.
2.2 Meta API Tokens
To connect your Meta ad accounts, we store encrypted Meta OAuth access tokens. These tokens are used solely to fetch ad account data and perform actions (such as uploading ads) on your behalf through the Meta Marketing API. You can revoke these tokens at any time from your Meta Business settings.
2.3 Ad Account Data
We retrieve and store campaign, ad set, ad, and creative data from your connected Meta ad accounts to provide our analytics and management features. This data is associated with your AdAtlas account and is not shared with other users.
2.4 Usage Data
We collect usage data including page views, feature interactions, session duration, and error logs. This is used to improve the Service and diagnose technical issues.
2.5 Billing Information
Payment processing is handled by Stripe. We do not store your full credit card number. We receive and store billing metadata (subscription status, last 4 digits, expiry) from Stripe.
3. How We Use Your Data
We use your data to:
We do not sell your data to third parties. We do not use your ad account data for advertising purposes.
- Provide and operate the AdAtlas platform
- Connect to and manage your Meta ad accounts via the Meta Marketing API
- Generate analytics and performance reports
- Process payments and manage your subscription
- Send transactional emails (account confirmation, invoices, alerts)
- Improve product features and fix bugs
- Comply with legal obligations
We do not sell your data to third parties. We do not use your ad account data for advertising purposes.
4. Data Storage and Security
Your data is stored on Supabase infrastructure hosted in the EU (Ireland, AWS eu-west-1). We use:
- Encrypted connections (TLS 1.2+) for all data in transit
- Encryption at rest for sensitive fields (OAuth tokens)
- Row-level security (RLS) policies to ensure users only access their own data
- Supabase Auth for secure session management
5. Third-Party Services
We share data with the following third parties as necessary to operate the Service:
Meta Platforms, Inc. — to access and manage your Meta ad accounts via the official Meta Marketing API. Your use of the Meta API through AdAtlas is subject to Meta's Terms of Service and Privacy Policy.
Supabase — our database and authentication provider. Data is stored in EU-region servers. Supabase is GDPR-compliant and operates under a Data Processing Agreement with us.
Stripe — for payment processing. Stripe operates under its own Privacy Policy and is PCI-DSS Level 1 certified. Stripe may store billing information in the US.
Vercel / Cloudflare — for hosting and CDN. These providers may process request metadata (IP addresses) in the course of serving the application.
Meta Platforms, Inc. — to access and manage your Meta ad accounts via the official Meta Marketing API. Your use of the Meta API through AdAtlas is subject to Meta's Terms of Service and Privacy Policy.
Supabase — our database and authentication provider. Data is stored in EU-region servers. Supabase is GDPR-compliant and operates under a Data Processing Agreement with us.
Stripe — for payment processing. Stripe operates under its own Privacy Policy and is PCI-DSS Level 1 certified. Stripe may store billing information in the US.
Vercel / Cloudflare — for hosting and CDN. These providers may process request metadata (IP addresses) in the course of serving the application.
6. Your Rights (GDPR)
As an EU resident, you have the following rights under the GDPR:
To exercise any of these rights, email privacy@adatlas.io. We will respond within 30 days. If you believe we are mishandling your data, you have the right to lodge a complaint with a supervisory authority in your EU member state.
- Right of access — You can request a copy of the data we hold about you.
- Right to rectification — You can ask us to correct inaccurate data.
- Right to erasure — You can ask us to delete your account and associated data.
- Right to restriction — You can ask us to limit how we process your data.
- Right to data portability — You can request your data in a machine-readable format.
- Right to object — You can object to processing based on legitimate interests.
To exercise any of these rights, email privacy@adatlas.io. We will respond within 30 days. If you believe we are mishandling your data, you have the right to lodge a complaint with a supervisory authority in your EU member state.
7. Cookies
AdAtlas uses minimal cookies:
We do not use advertising or tracking cookies. We do not use Google Analytics or similar third-party analytics SDKs that set persistent tracking cookies.
- Session cookies — required for authentication (Supabase Auth tokens). These are essential and cannot be disabled.
- Preference cookies — to remember your UI preferences (e.g., selected date ranges). These are functional.
We do not use advertising or tracking cookies. We do not use Google Analytics or similar third-party analytics SDKs that set persistent tracking cookies.
8. Data Retention
We retain your data for as long as your account is active. If you delete your account:
- Your profile and ad account data are deleted within 30 days.
- Meta OAuth tokens are immediately revoked and deleted.
- Billing records are retained for 7 years as required by EU accounting law.
- Anonymized, aggregated usage statistics may be retained indefinitely.
9. Children's Privacy
AdAtlas is not intended for use by persons under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us with personal data, contact us at privacy@adatlas.io.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on the platform. Continued use of the Service after changes constitutes your acceptance of the updated policy.
11. Contact
For privacy-related questions or requests:
AdAtlas
Email: privacy@adatlas.io
EU-based company
AdAtlas
Email: privacy@adatlas.io
EU-based company