Legal Document

Privacy Policy

Last updated: June 1, 2025  ·  Effective: June 1, 2025

Overview

AdUtc, Inc. ("AdUtc," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our advertising management platform, website at www.adutc.com, and related services (collectively, the "Services").

By accessing or using AdUtc's Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of our Services.

Quick Summary: We collect information to provide and improve our advertising platform. We do not sell your personal data to third parties. You have full rights to access, correct, or delete your data at any time.

Information We Collect

We collect information in the following categories:

1. Information You Provide Directly

  • Account Information: Name, email address, password, company name, job title, and billing information when you register or purchase a plan.
  • Profile Information: Profile picture, preferences, and communication settings you configure in your account.
  • Payment Information: Credit card details, billing address, and transaction history. Payment data is processed by our PCI-compliant payment processors (e.g., Stripe) and is not stored directly on our servers.
  • Communications: Messages you send to our support team, survey responses, and feedback you submit.

2. Information Collected Automatically

  • Usage Data: Pages visited, features used, clicks, time spent, and navigation paths within the platform.
  • Device Information: IP address, browser type and version, operating system, device identifiers, and language settings.
  • Log Data: Server logs including your IP address, request timestamps, and error reports.
  • Cookies & Similar Technologies: Session cookies, persistent cookies, pixel tags, and local storage (see our Cookies section below).

3. Advertising & Campaign Data

  • Campaign performance data, audience segments, creative assets, and ad spend records from channels you connect to AdUtc.
  • Conversion data and attribution information from tracking pixels or API integrations you configure.
  • Audience data including behavioral signals, interest categories, and demographic information used for ad targeting.

4. Information from Third Parties

  • Data from ad platforms you connect (e.g., Google Ads, Meta Business Manager) via official APIs.
  • CRM data you import or sync for audience building purposes.
  • Publicly available business information used for account enrichment.

How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Operate Our Services: To create and manage your account, process payments, and deliver the platform's core functionality including campaign management, analytics, and reporting.
  • Improve and Develop Features: To understand how users interact with AdUtc, identify bugs, and build better features based on usage patterns.
  • AI & Machine Learning: To train and improve our targeting algorithms, budget optimization models, and creative performance prediction systems. This is done using aggregated and anonymized data where possible.
  • Communication: To send transactional emails (receipts, alerts, password resets), platform notifications, and — with your consent — product updates and marketing communications.
  • Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
  • Security & Fraud Prevention: To detect, investigate, and prevent fraudulent activity, abuse, and violations of our Terms of Service.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.
  • Business Analytics: To analyze trends, measure effectiveness of our marketing, and produce internal reports.

We rely on the following legal bases for processing under GDPR: performance of a contract (providing our Services), legitimate interests (improving services, security), consent (marketing communications), and legal obligation.

Sharing & Disclosure

We do not sell, rent, or trade your personal information. We may share information in these limited circumstances:

  • Service Providers: Trusted third-party vendors who assist in operating our platform, including cloud hosting (AWS, Google Cloud), payment processing (Stripe), analytics (Mixpanel), customer support (Intercom), and email delivery (SendGrid). These providers are bound by data processing agreements and may only use data to provide services on our behalf.
  • Ad Platform Integrations: When you connect channels (e.g., Google, Meta, TikTok), your campaign data is shared with those platforms as necessary to execute your advertising campaigns.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is subject to a different privacy policy.
  • Legal Requirements: We may disclose information if required by law, subpoena, or government authority, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • With Your Consent: We may share information for other purposes with your explicit consent.
  • Aggregated or De-Identified Data: We may share aggregated, anonymized data (e.g., industry benchmarks) that cannot reasonably be used to identify you.

Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate our Services effectively and understand user behavior. The types of cookies we use:

  • Strictly Necessary Cookies: Required for the platform to function. These include authentication tokens and security cookies. You cannot opt out of these.
  • Functional Cookies: Remember your preferences (language, dashboard layout) to personalize your experience.
  • Analytics Cookies: Collect anonymous data about how you interact with AdUtc to help us improve (e.g., Google Analytics, Mixpanel).
  • Marketing Cookies: Used on our marketing website to track the effectiveness of our own advertising campaigns and deliver relevant content.

You can manage cookie preferences through your browser settings or our Cookie Preference Center. Note that disabling certain cookies may affect platform functionality. We also honor Do Not Track (DNT) browser signals.

Advertising Data Processing

AdUtc is an advertising platform, and the nature of our Services involves processing advertising-related data. Specifically:

  • Audience Data: Audience segments and targeting parameters you build within AdUtc are used solely to execute campaigns on your behalf. We do not use your audience data to build segments for other AdUtc customers.
  • Conversion Tracking: If you install AdUtc tracking pixels or use our conversion API, we process conversion events (purchases, signups, etc.) to attribute them to your campaigns. This data is encrypted in transit and stored securely.
  • Third-Party Platform Data: Data retrieved from connected ad platforms (Google, Meta, TikTok, etc.) via their APIs is governed by those platforms' privacy policies in addition to ours. AdUtc processes this data under your direction as a data processor.
  • Benchmarking: We may use anonymized, aggregated campaign performance data (never individual or identifiable data) to generate industry benchmarks shown within the platform.

Data Retention

We retain your personal data for as long as necessary to provide our Services and fulfill the purposes outlined in this policy, unless a longer retention period is required by law.

  • Account Data: Retained for the duration of your account plus 90 days after account deletion to allow for recovery, then permanently deleted.
  • Campaign & Analytics Data: Retained for 24 months from the date of collection, then aggregated or deleted.
  • Billing Records: Retained for 7 years to comply with financial regulations.
  • Support Communications: Retained for 2 years after your last interaction.
  • Log Data: Server access logs retained for 90 days for security purposes.

When data is deleted, it is permanently removed from our active systems within 30 days and from all backups within 90 days.

Data Security

We take security seriously and implement multiple layers of protection for your data:

  • All data in transit is encrypted using TLS 1.2 or higher (HTTPS).
  • Data at rest is encrypted using AES-256 encryption.
  • Access to personal data is restricted to authorized personnel on a need-to-know basis.
  • We undergo regular third-party security audits and penetration testing.
  • Two-factor authentication (2FA) is available and encouraged for all accounts.
  • We maintain a vulnerability disclosure program and respond to reports within 48 hours.

While we implement industry-standard safeguards, no system is 100% secure. In the event of a data breach that affects your rights, we will notify you and relevant authorities within 72 hours as required by applicable law.

Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Rectification: Request correction of inaccurate or incomplete data.
  • Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal retention requirements.
  • Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
  • Right to Data Portability: Receive your data in a machine-readable format to transfer to another service.
  • Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
  • Right to Lodge a Complaint: File a complaint with your local data protection authority (e.g., ICO in the UK, CNIL in France).

To exercise any of these rights, contact us at [email protected] or through your account settings. We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before fulfilling requests.

California Residents (CCPA/CPRA): You have the right to know what personal information is collected, the right to delete, the right to opt-out of sale (we do not sell personal data), and the right to non-discrimination for exercising your privacy rights.

International Data Transfers

AdUtc is headquartered in the United States. If you use our Services from the European Economic Area (EEA), United Kingdom, or other regions with data transfer regulations, your data may be transferred to and processed in the United States.

We safeguard international transfers using:

  • Standard Contractual Clauses (SCCs) approved by the European Commission for EEA-to-US transfers.
  • UK International Data Transfer Agreements (IDTAs) for transfers from the United Kingdom.
  • Adequacy Decisions where applicable.

By using our Services, you consent to your data being transferred to and processed in countries that may have different data protection standards than your home country.

Children's Privacy

AdUtc's Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child under 16, we will delete it promptly. If you believe we have collected data from a minor, please contact us at [email protected].

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will:

  • Post the updated policy on this page with a new "Last Updated" date.
  • Send an email notification to registered users at least 30 days before material changes take effect.
  • Display an in-app notification when you next log in.

Your continued use of the Services after the effective date of the updated policy constitutes your acceptance of the changes. If you disagree with any changes, you may close your account before the changes take effect.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

AdUtc, Inc. — Privacy Team
Email: [email protected]
Address: 548 Market Street, Suite 12000, San Francisco, CA 94104, USA
Data Protection Officer: [email protected]

For EEA users, our EU Representative can be contacted at [email protected].