Privacy Policy

Last Updated: November 20, 2024

1. Introduction

Blackhawk Digital Marketing ("we," "us," or "our") operates Adpacer AI, an enterprise SaaS platform for Google Ads budget pacing and optimization. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using Adpacer AI, you agree to the collection and use of information in accordance with this Privacy Policy.

2. Information We Collect

2.1 Account and Authentication Data

When you create an account, we collect:

  • Email address - Required for account creation and communication
  • Google account information - Name, email, and profile picture via Google OAuth
  • Profile information - Full name, company, job title, timezone, and avatar URL (optional)
  • Authentication tokens - Access tokens, refresh tokens, and session identifiers for secure access

2.2 Billing and Subscription Data

  • Stripe customer ID - For payment processing
  • Subscription details - Plan type, pricing tier, billing period, active/canceled status
  • Payment method information - Securely stored and processed by Stripe (we do not store full payment card details)

2.3 Organization and Team Data

  • Organization information - Name, slug, website URL, industry, logo
  • Team member data - Names, email addresses, roles (Owner, Admin, Member, Viewer)
  • Invitation tokens - Temporary tokens for team invitations (expire after 7 days)
  • Activity logs - Member join dates, who connected accounts, role changes

2.4 Google Ads Data

When you connect your Google Ads account, we access and store:

  • Account information - Customer IDs, account names, descriptive names, timezones, currencies
  • Campaign data - Campaign names, status, budget amounts, bidding strategies, start/end dates
  • Ad group data - Names, status, bid amounts, target settings
  • Keyword data - Keyword text, match types, quality scores, bid amounts
  • Performance metrics - Daily aggregated data including impressions, clicks, costs, conversions, conversion values
  • Budget settings - Custom budget configurations, active days (days of week campaigns run), pacing rules
  • Targeting information - Geographic and language targeting settings
  • OAuth credentials - Refresh tokens for continuous API access (encrypted and stored in Supabase Vault)

2.5 Google Analytics 4 Data (Optional)

If you connect GA4:

  • Property IDs - GA4 property identifiers
  • Analytics data - Website traffic metrics, user behavior data, conversion tracking

2.6 Meta/Facebook Ads Data (Optional)

If you connect Meta Ads:

  • Account IDs - Meta ad account identifiers
  • Ad performance data - Impressions, clicks, spend, and other campaign metrics

2.7 AI Conversation Data

  • Conversation history - Your interactions with AI-powered insights and recommendations
  • Context data - Selected advertising accounts and campaigns for AI analysis
  • Generated insights - AI-generated recommendations and analysis results

2.8 Usage and Technical Data

  • Log data - IP addresses, browser type, device information, pages visited, time stamps
  • Cookies - Session cookies for authentication and cross-subdomain access
  • Error tracking - Application errors, stack traces, browser data via Sentry
  • Audit logs - Changes to client settings, who made them, when, and from which IP address

3. How We Use Your Information

We use collected information for:

  • Service Provision - To provide, maintain, and improve Adpacer AI functionality
  • Budget Pacing Analysis - To analyze your advertising budgets and provide real-time pacing insights
  • AI-Powered Insights - To generate personalized recommendations using AI models
  • Analytics and Reporting - To create dashboards, reports, and performance visualizations
  • Team Collaboration - To enable organization members to collaborate on advertising accounts
  • Account Management - To manage your subscription, billing, and account settings
  • Communication - To send service updates, security alerts, and subscription notifications
  • Security - To detect and prevent fraud, abuse, and security incidents
  • Product Improvement - To understand usage patterns and improve our Service
  • Legal Compliance - To comply with legal obligations and enforce our Terms of Service

4. Information Sharing and Disclosure

4.1 Within Your Organization

When you connect an advertising account to an organization, all organization members with appropriate permissions can view and manage that account's data. This shared access is a core feature of our team collaboration functionality.

4.2 Third-Party Service Providers

We share information with trusted third-party providers who assist in operating our Service:

  • Supabase - Database hosting and authentication (stores all application data)
  • Stripe - Payment processing and billing management
  • Google - OAuth authentication, Google Ads API access, Google Analytics 4 API access, Google Generative AI
  • Anthropic (Claude) - AI-powered insights and recommendations
  • OpenAI (GPT-4) - AI-powered analytics and natural language processing
  • Sentry - Error tracking and performance monitoring
  • Vercel - Application hosting and infrastructure

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or government regulation, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect our rights, property, or safety
  • Prevent fraud or abuse
  • Protect users' safety or security

4.4 Business Transfers

If Blackhawk Digital Marketing is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.

4.5 With Your Consent

We may share your information for any other purpose with your explicit consent.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit - All data transmitted between your browser and our servers uses HTTPS/TLS encryption
  • Encryption at Rest - Sensitive credentials (OAuth tokens) are encrypted in Supabase Vault
  • Row Level Security (RLS) - Database-level access controls ensure users can only access authorized data
  • Authentication - Secure OAuth 2.0 authentication via Google
  • Access Controls - Role-based permissions for organization members
  • Regular Security Audits - Ongoing monitoring for vulnerabilities and threats
  • Error Monitoring - Sentry tracks errors while protecting sensitive data

While we strive to protect your data, no security system is impenetrable. We cannot guarantee absolute security of information transmitted over the internet.

6. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy:

  • Active Accounts - Data is retained while your account is active
  • Performance Data - Historical advertising data is retained to provide analytics and insights
  • Billing Records - Financial records retained for 7 years for tax and legal compliance
  • Audit Logs - Security and audit logs retained for 90 days
  • Account Deletion - After account termination, data may be retained for up to 30 days for recovery, then deleted (except where legal retention is required)

7. Your Rights and Choices

You have the following rights regarding your data:

7.1 Access and Portability

You can access your data through the Service dashboard. You may request a copy of your data in a portable format.

7.2 Correction

You can update your profile information, organization details, and account settings at any time through the Service.

7.3 Deletion

You may request deletion of your account and associated data. Note that some data may be retained for legal or operational purposes.

7.4 Revoke Connected Accounts

You can disconnect Google Ads, Google Analytics, or Meta accounts at any time through your settings. This will stop data synchronization.

7.5 Marketing Communications

You can opt out of marketing emails by clicking "unsubscribe" in any marketing email. Note that you will still receive essential service-related emails.

7.6 Do Not Track

We do not currently respond to "Do Not Track" browser signals, as there is no industry standard for compliance.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Session Management - Maintain your logged-in state
  • Authentication - Verify your identity across subdomains
  • Preferences - Remember your settings (dark mode, timezone)
  • Security - Prevent fraud and protect against malicious activity

Most browsers allow you to control cookies through settings. Disabling cookies may limit Service functionality.

9. Third-Party Links

Our Service may contain links to third-party websites or services (e.g., Google Ads, Stripe billing portal). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to such transfers. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know - Request details about the personal information we collect and how we use it
  • Right to Delete - Request deletion of your personal information
  • Right to Opt-Out - We do not sell personal information
  • Non-Discrimination - We will not discriminate against you for exercising your CCPA rights

To exercise these rights, please contact us using the information in Section 15.

13. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR):

  • Right of Access - Request a copy of your personal data
  • Right to Rectification - Correct inaccurate personal data
  • Right to Erasure - Request deletion of your personal data
  • Right to Restriction - Restrict processing of your personal data
  • Right to Data Portability - Receive your data in a portable format
  • Right to Object - Object to processing based on legitimate interests
  • Right to Withdraw Consent - Withdraw consent for data processing
  • Right to Lodge a Complaint - File a complaint with your local data protection authority

Our legal basis for processing your data includes: (1) consent, (2) contract performance, (3) legal obligations, and (4) legitimate business interests.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting the updated policy on this page with a new "Last Updated" date
  • Sending an email notification to your registered email address
  • Displaying a notice in the Service

Your continued use of the Service after such notification constitutes acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Blackhawk Digital Marketing
Email: help@adpacer.ai
Website: blackhawkdm.com

For privacy-specific inquiries or to exercise your data rights, please include "Privacy Request" in your subject line. We will respond to your request within 30 days.

16. Google API Services User Data Policy Compliance

Adpacer AI's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only access Google Ads and Google Analytics data necessary to provide Adpacer AI's advertised features
  • We do not transfer Google user data to third parties except as necessary to provide the Service, comply with applicable law, or as part of a merger or acquisition (with user notification)
  • We do not use or transfer Google user data for serving advertisements
  • We do not use or transfer Google user data to determine creditworthiness or for lending purposes