Privacy Policy

Last updated: 18 February 2026

1. Who We Are

AdPace ("we", "us", "our") is a UK-based SaaS platform that monitors Meta (Facebook/Instagram) advertising accounts. Our website is adpace.io. For any privacy-related enquiries, contact us at team.adpace@gmail.com.

2. Data We Collect

Account information

  • Name and email address (provided at registration)
  • Authentication data from Meta OAuth (access tokens, user ID)

Meta advertising data

  • Ad account names, IDs, and timezone settings
  • Campaign, ad set, and ad metadata (names, statuses, budgets)
  • Performance metrics (spend, impressions, clicks, conversions)
  • Account-level spend and budget data

Payment information

Payment processing is handled entirely by Stripe. We do not store your credit card number, bank account details, or other financial credentials. We retain only your Stripe customer ID and subscription status.

Usage data

  • AI prompt history (questions asked to Ask AdPace)
  • Alert preferences and notification settings
  • Log data such as IP address, browser type, and pages visited

3. How We Use Your Data

  • To monitor your Meta ad accounts and deliver alerts
  • To power Ask AdPace AI analysis of your advertising data
  • To process payments and manage your subscription
  • To send transactional emails (alerts, weekly digests, account notifications)
  • To improve our service and fix bugs

4. Legal Basis for Processing (GDPR)

We process your data under the following legal bases:

  • Contract: Processing necessary to provide the AdPace service you signed up for (account monitoring, alerts, AI analysis).
  • Legitimate interest: Service improvement, security, and fraud prevention.
  • Consent: Marketing communications (you can opt out at any time).

5. Third-Party Services

We share data with the following third-party processors, all of which maintain their own privacy policies and data protection measures:

  • Supabase — Database hosting, authentication, and real-time data infrastructure.
  • Vercel — Application hosting and deployment.
  • Stripe — Payment processing. Stripe handles all financial data directly.
  • Meta (Facebook) — We access your ad account data via the Meta Marketing API using tokens you authorise through OAuth. We request two permissions: ads_read (to read campaign, ad set, and ad performance data including spend, budgets, and delivery status) and business_management (to retrieve your list of ad accounts within Meta Business Portfolio). All access is read-only — we never modify, create, or delete campaigns, budgets, or ads.
  • Anthropic (Claude API) — Powers the Ask AdPace AI feature. Ad account data may be sent to Anthropic to generate analysis. Anthropic does not use this data for training.
  • Resend — Transactional email delivery (alerts, digests, account notifications).

6. Data Retention

We retain your data for as long as your account is active. If you delete your account or request data deletion, we will remove your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

Aggregated, anonymised data that cannot identify you may be retained indefinitely for analytics purposes.

7. Your Rights (GDPR)

Under UK GDPR, you have the right to:

  • Access — Request a copy of the personal data we hold about you.
  • Rectification — Request correction of inaccurate data.
  • Erasure — Request deletion of your data (see our Data Deletion page).
  • Restriction — Request that we limit processing of your data.
  • Portability — Request your data in a machine-readable format.
  • Objection — Object to processing based on legitimate interest.

To exercise any of these rights, email team.adpace@gmail.com. We will respond within 30 days.

8. Cookies

We use essential cookies required for authentication and session management. We do not use third-party tracking or advertising cookies.

9. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encryption at rest, and row-level security policies on our database. Meta access tokens are stored securely and refreshed automatically.

10. International Transfers

Some of our third-party providers process data outside the UK. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions recognised by the UK Government.

11. Children

AdPace is not intended for use by anyone under 18 years of age. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. Your continued use of AdPace after changes are posted constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at team.adpace@gmail.com.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.