Privacy Policy — Ads For Anyone

Section 01

Overview

This Privacy Policy describes how Ads For Anyone ("we," "us," or "our"), operated by 17917015 Canada Corp. (Toronto, Ontario, Canada), collects, uses, stores, and shares information when you use our platform at adsforanyone.com and any associated services (collectively, the "Service").

Our Service connects to the Meta Marketing API, GoHighLevel CRM, and communication platforms including Discord, Slack, and Microsoft Teams to deliver automated daily ad performance briefings and ad management capabilities to marketing teams and advertising agencies.

By creating an account or using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with any part of this policy, you must discontinue use of the Service.

Section 02

Who We Are

Legal Entity: 17917015 Canada Corp.
Operating Name: Ads For Anyone
Platform URL: adsforanyone.com
Jurisdiction: Ontario, Canada
Contact Email: [email protected]

We are the data controller for information you provide to us directly. For data accessed via the Meta Marketing API, we act as a data processor on behalf of the user who authorized access.

Section 03

Data We Collect

We collect the following categories of information when you use the Service:

Category	What It Includes	Source
Account Data	Name, email address, business name, password (hashed)	Provided by you at registration
Meta API Data	Ad account IDs, campaign names, ad set performance metrics (spend, impressions, reach, CPL, ROAS, frequency, CTR, lead counts), ad creative identifiers	Meta Marketing API, authorized by you via OAuth
GoHighLevel Data	Contact records, pipeline stage, lead status, booking confirmations, attribution data	GoHighLevel API, authorized by you via OAuth
Communication Channel Data	Discord server IDs and channel IDs; Slack workspace IDs and channel IDs; Microsoft Teams webhook URLs	Provided by you during integration setup
Usage Data	IP address, browser type and version, pages visited, feature interactions, timestamps, error logs	Automatically collected via server logs and analytics
Billing Data	Subscription plan, billing history. Full payment card data is processed by our payment provider and never stored by us.	Payment processor (Stripe / Whop)

We do not collect sensitive personal data such as government identification numbers, biometric data, health records, or financial account credentials beyond what is described above.

Section 04

Meta Platform Data

This section governs our use of data obtained through the Meta Marketing API and is specifically required for compliance with Meta's Platform Terms and Developer Policies.

What permissions we request. We request only the minimum Meta permissions required to deliver the Service. These include: ads_read (to retrieve campaign performance data), ads_management (on Command plan only, to allow users to create, pause, and adjust campaigns), business_management (to access Business Manager account structure), and leads_retrieval (to pull lead data from Meta Instant Forms).

How we use Meta Platform Data:

To retrieve and display ad campaign performance metrics to the authorized account user.
To generate automated daily performance briefings delivered to the user's chosen notification channel (Discord, Slack, Teams, or email).
To detect anomalies in ad performance and surface alerts to the authorized user.
On Command plan: to enable the user to create, publish, pause, duplicate, and adjust Meta ad campaigns through our interface on their behalf.

How we do NOT use Meta Platform Data:

We do not sell, license, rent, or transfer Meta Platform Data to any third party.
We do not use Meta Platform Data to target advertising at users of our platform.
We do not use Meta Platform Data to train machine learning models, build profiles, or conduct research unrelated to delivering the Service to the authorizing user.
We do not aggregate Meta Platform Data across multiple accounts in a way that identifies individual users or businesses to third parties.
We do not share Meta Platform Data with data brokers, ad networks, or analytics providers for purposes beyond operating the Service.
We do not use Meta Platform Data obtained from one user to provide services to another user without explicit authorization.

Data minimization. We access only the Meta accounts and ad data that users explicitly authorize through the Meta OAuth flow. We do not request access to personal Facebook profiles, Messenger content, user timelines, or any data beyond what is directly related to advertising accounts the user manages.

Scoped access. Each user's Meta data is stored and processed in isolation. One user's Meta API data is never accessible to another user of our platform.

Revoking Meta access: Users can revoke Ads For Anyone's access to their Meta account at any time by navigating to Meta Business Manager → Settings → Business Integrations and removing Ads For Anyone from the list of authorized apps. Upon revocation, we will cease all API calls to that account and delete cached Meta Platform Data for that account within 30 days, unless retention is required by law.

Meta's terms: Our use of the Meta Marketing API is subject to the Meta Platform Terms, Meta Developer Policies, and the Meta Data Processing Terms. In the event of any conflict between this Privacy Policy and Meta's terms regarding Meta Platform Data, Meta's terms govern.

Section 05

How We Use Your Data

We use the information we collect for the following purposes:

Service delivery: To retrieve ad performance data, generate daily briefings, deliver notifications, and (on Command plan) execute ad management actions on your behalf.
Anomaly detection: To monitor campaign metrics against your historical benchmarks and surface alerts when significant changes are detected.
Authentication: To authenticate your connected accounts (Meta, GHL, Discord, Slack, Teams) via OAuth and maintain authorized sessions.
Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.
Billing and account management: To manage your subscription, process payments, and send billing communications.
Service improvement: To analyze aggregated, de-identified usage patterns and improve platform features. We never use individual account data or Meta API data for this purpose.
Legal compliance: To comply with applicable laws, regulations, and lawful requests from authorities.
Security: To detect and prevent fraud, abuse, and unauthorized access to the Service.

Processing Activity	Legal Basis
Delivering the Service you signed up for	Contract performance
Accessing Meta API data on your behalf	Your explicit consent (OAuth authorization)
Sending service communications and alerts	Contract performance / Legitimate interests
Service improvement via aggregated analytics	Legitimate interests
Compliance with legal obligations	Legal obligation

Section 06

Data Sharing and Disclosure

We do not sell your personal data. We do not sell Meta Platform Data. We do not rent, trade, or license your data to third parties for marketing purposes.

Service Providers: We share data with trusted vendors who help us operate the Service — including cloud hosting providers, database services, and payment processors. These vendors are contractually obligated to process data only as directed by us and to maintain appropriate security standards.
Communication Platforms: When you authorize a notification channel (Discord, Slack, Teams), we transmit performance briefing content to that platform via their respective APIs. This content contains your ad performance data. Your use of those platforms is governed by their own privacy policies.
Legal Requirements: We may disclose data if required to do so by law, subpoena, court order, or other binding legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of our company, users, or the public.
Business Transfers: If Ads For Anyone or 17917015 Canada Corp. is acquired, merged, or sells substantially all of its assets, user data may be transferred as part of that transaction. We will provide notice to affected users via email or in-app notification at least 30 days before any such transfer takes effect, and users will have the right to delete their accounts before the transfer.
With Your Consent: We may share data in other circumstances if you give us explicit, informed consent to do so.

Section 07

Third-Party Services and Integrations

Meta (Facebook): Meta Privacy Policy — We access Meta's Marketing API on your behalf. Meta independently governs how it collects and uses data.
GoHighLevel: GoHighLevel Privacy Policy — We access GHL's API on your behalf to read pipeline and contact data.
Discord: Discord Privacy Policy — We post briefing messages to channels you designate. We do not read messages or collect user data from Discord.
Slack: Slack Privacy Policy — We post briefing messages via webhook. We do not read channel history or collect Slack user data.
Microsoft Teams: Microsoft Privacy Statement — We post briefing messages via webhook. We do not read Teams content or collect user data.
Stripe / Whop: Payment processing. We do not store full card numbers. See Stripe Privacy Policy.
Anthropic (Claude AI): Performance data is submitted to Anthropic's Claude API for analysis and report generation. Data submitted is governed by Anthropic's Privacy Policy. We do not submit personally identifiable end-user data to the Claude API — only aggregated campaign metrics.

Section 08

Data Retention

Data Type	Retention Period
Account data (name, email, business info)	For the duration of your account + 30 days after deletion
Meta API performance data — Starter plan	7 days rolling
Meta API performance data — Pro plan	90 days rolling
Meta API performance data — Agency / Command plan	Unlimited while account is active; deleted within 30 days of account deletion
GHL pipeline data	Same as Meta API data, based on plan
Billing records	7 years (required for tax and legal compliance)
Server logs and usage data	90 days
Support correspondence	3 years

Upon account deletion, we will delete or anonymize all personal data and Meta Platform Data within 30 days, except where retention is required by applicable law.

Section 09

Security

All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
All data stored at rest is encrypted using AES-256 or equivalent.
All third-party integrations (Meta, GHL, Discord, Slack, Teams) use OAuth 2.0. We never store your passwords for those platforms.
Access tokens are stored encrypted and are scoped to the minimum permissions required.
Access to production data is restricted to authorized personnel on a need-to-know basis.
We conduct periodic security reviews and dependency audits.

No security system is impenetrable. In the event of a data breach that affects your personal data, we will notify affected users within 72 hours of becoming aware of the breach, as required by applicable law, and will take immediate steps to contain and remediate the incident.

You are responsible for maintaining the security of your Ads For Anyone account credentials. If you believe your account has been compromised, contact us immediately at [email protected].

Section 10

Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

Right	What It Means	Applies Under
Access	Request a copy of the personal data we hold about you	PIPEDA, GDPR, CCPA
Correction	Request correction of inaccurate or incomplete data	PIPEDA, GDPR, CCPA
Deletion	Request deletion of your personal data ("right to be forgotten")	PIPEDA, GDPR, CCPA
Portability	Request a machine-readable export of your data	GDPR
Restriction	Request that we restrict processing of your data	GDPR
Objection	Object to processing based on legitimate interests	GDPR
Opt-Out of Sale	Opt out of the sale of personal data — we do not sell data, so this right is automatically satisfied	CCPA
Withdraw Consent	Withdraw consent for data processing at any time (including revoking Meta API access)	PIPEDA, GDPR

To revoke Meta API access specifically, you may do so directly in your Meta Business Manager at any time without contacting us.

If you are a resident of Quebec, Canada, you have additional rights under Law 25 (Bill 64), including the right to be informed of automated decision-making and the right to data portability. Contact us to exercise these rights.

Section 11

Children's Privacy

The Service is intended for use by businesses and marketing professionals. It is not directed to individuals under the age of 18. We do not knowingly collect personal data from anyone under 18 years of age.

If you believe we have inadvertently collected personal data from a minor, please contact us immediately at [email protected] and we will take prompt steps to delete that information.

Section 12

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. The version number and "Last Updated" date at the top of this page will always reflect the current version.

For material changes — including changes to how we use Meta Platform Data, changes to data sharing practices, or changes that reduce your rights — we will:

Provide at least 14 days' advance notice via email to your registered address and/or an in-app notification before the change takes effect.
Re-obtain your consent where required by applicable law or Meta's Platform Terms.

Your continued use of the Service after the effective date of any change constitutes acceptance of the updated policy. If you do not agree with a change, you may delete your account before it takes effect.

Section 13

Contact Us

For privacy-related inquiries, data requests, complaints, or questions about our use of Meta Platform Data, contact:

Company: 17917015 Canada Corp. (operating as Ads For Anyone)

Email: [email protected]

Address: Toronto, Ontario, Canada

Platform: adsforanyone.com

We are committed to resolving privacy complaints promptly. If you are not satisfied with our response, you may have the right to lodge a complaint with your local data protection authority. Canadian residents may contact the Office of the Privacy Commissioner of Canada. EU/UK residents may contact their local supervisory authority.