Privacy Policy

Last updated: June 23, 2026

1. Who we are

AutoAdPilot ("we", "us", "our") provides an AI-powered platform that helps businesses generate, launch, and manage advertising campaigns across third-party ad networks such as Meta (Facebook & Instagram). This policy explains what data we collect, how we use it, and the rights you have over it.

Contact: privacy@autoadpilot.com

2. Data we collect

  • Account data: name, email, password hash, profile photo, language.
  • Business data: website URL, extracted brand information (logos, colors, products, services, copy), business profile, target audience.
  • Ad data: ad creatives you generate, campaign settings, budget, schedule, and the performance metrics returned by ad networks.
  • Payment data: wallet balance and transaction history. Card details are processed by our payment provider (Revolut) and never stored on our servers.
  • Connected accounts: when you connect Meta (Facebook/Instagram), we receive access tokens, your Ad Account ID, Page ID, and the metrics returned by Meta's APIs.
  • Usage data: log files, device type, browser, IP address, and product analytics needed to operate the service.

3. How we use your data

  • Generate ad creatives, copy, and campaign strategies on your behalf.
  • Publish, pause, and optimise campaigns on connected ad networks.
  • Process payments and maintain your wallet balance and subscription.
  • Improve product quality, prevent abuse, and meet legal obligations.
  • Send service emails (receipts, account alerts). Marketing emails only with consent.

We do not sell your personal data. We do not use the content of your ads or business profile to train third-party foundation models.

4. Meta Platform data

When you connect a Meta account, we request only the permissions needed to manage the ad accounts and pages you explicitly select: ads_management, ads_read, pages_manage_ads, pages_read_engagement, and business_management. We use this access exclusively to create, publish, and report on the ads you configure inside AutoAdPilot. We never post organic content, read private messages, or access data outside the assets you grant.

You can revoke access at any time from your Meta Business Settings or by deleting your AutoAdPilot account. See our Data Deletion Instructions.

5. Subprocessors

We share data with a limited set of trusted providers:

  • Supabase — database, authentication, file storage (EU region).
  • Revolut Merchant — payment processing and subscription billing.
  • Meta Platforms — ad publishing and reporting (only when connected).
  • AI model providers — to generate ad copy and imagery from prompts you submit.
  • Cloudflare — content delivery and DDoS protection.

6. Retention

We keep account, campaign, and billing records for as long as your account is active and for up to 24 months after deletion to satisfy legal, tax, and fraud-prevention requirements. You can request earlier deletion at any time.

7. Your rights (GDPR)

If you are in the EU/EEA or UK, you have the right to access, correct, delete, restrict, or port your personal data, and to object to processing. Email privacy@autoadpilot.com and we will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

8. Security

All data is encrypted in transit (TLS 1.2+) and at rest. Access tokens are encrypted with envelope encryption. Access to production systems is restricted, logged, and MFA-protected.

9. Children

AutoAdPilot is not directed to children under 16 and we do not knowingly collect data from them.

10. Changes

We may update this policy from time to time. Material changes will be announced by email or in-app notice at least 14 days before they take effect.