adloop← Back to home

Privacy Policy

Last updated: June 10, 2026

adloop ("we", "our") provides software that analyzes your social media content and advertising performance to help you create better ads. This policy explains what data we collect, why, and how we handle it. adloop is operated from Indonesia and serves users globally.

1. Data we collect

  • Account data — your email address, used for sign-in (magic link) and service notifications.
  • Content you upload — videos and metadata you submit for analysis.
  • Meta Platform data (with your permission) — when you connect Facebook or Instagram, we access your Pages, Instagram Business account media, engagement metrics (views, saves, comments, shares), and ad account performance metrics (spend, impressions, clicks, conversions) via the Meta Graph API, strictly within the permissions you grant.
  • Attribution data — if you connect a tracking provider (e.g. Skro), revenue figures per ad.
  • Payment data — handled by our payment processors (Duitku, Paddle). We never see or store your card numbers; we store only transaction references, amounts, and status.

2. How we use data

  • To transcribe and analyze your videos (speech-to-text and visual analysis by AI models).
  • To build a private, per-workspace scoring model from your own performance data.
  • To generate ad script recommendations and scores for you.
  • To operate billing, quotas, and support.

We do not sell your data, use your data to train models for other customers, or share Meta Platform data with third parties except the processors below.

3. Processors we rely on

  • Supabase — database, authentication, and file storage (data hosted in Singapore).
  • Vercel — web application hosting.
  • AI providers (APIMart, OpenRouter) — video frames and transcripts are sent for analysis; these requests are not used by us to train shared models.
  • Duitku / Paddle — payment processing.

4. Storage and security

  • OAuth access tokens are encrypted at rest (AES-256-GCM) and never exposed to your browser.
  • All data is scoped to your workspace and protected by row-level security.
  • Transport is encrypted with TLS everywhere.

5. Retention and deletion

We keep your data while your account is active. Disconnecting Facebook/Instagram revokes and deletes the stored token immediately. You can request full deletion of your account and all associated data at any time — see our data deletion page. Deletion is completed within 30 days.

6. Your rights

You may access, correct, export, or delete your personal data by contacting us. If you are in the EEA/UK, you have rights under the GDPR including complaint to a supervisory authority.

7. Contact

Questions or requests: support@inautomode.com