🇪🇺 GDPR Compliant | Full Transparency | Your Data, Your Control

Privacy Policy

Last updated: January 17, 2026

1. Introduction and Data Controller Information

Unify Technology, s.r.o. ("we", "our", "us", or "Data Controller") is committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR - Regulation EU 2016/679).

This Privacy Policy explains how we collect, use, disclose, safeguard, and process your personal data when you use our PPC monitoring platform ("Service").

1.1 Data Controller Details

  • Company Name: Unify Technology, s.r.o.
  • Registration Number: 17266637
  • Registered Office: Korunní 2569/108, Vinohrady, Praha 10
  • Email: privacy@advine.ai
  • Data Protection Officer (DPO): dpo@advine.ai

1.2 Scope of This Policy

This Privacy Policy applies to:

  • Users of the Advine.ai platform (agencies, freelancers, in-house marketing teams)
  • Visitors to our website (advine.ai)
  • Individuals whose personal data we process in connection with the Service

This Policy does NOT apply to third-party services you connect (Google Ads, Meta, etc.). Those platforms have their own privacy policies.

2. Information We Collect (Categories of Personal Data)

Under GDPR Article 13, we inform you of the following categories of personal data we collect:

2.1 Account and Identity Data

Data collected:

  • Email address (required)
  • Full name (required)
  • Organization name and details
  • Profile photo (optional)
  • Phone number (optional, for billing/support)
  • Job title and role within organization (optional)

Legal basis: Contract performance (Art. 6(1)(b) GDPR), Legitimate interest (Art. 6(1)(f) GDPR)

Retention: Duration of account + 30 days after deletion (unless legal obligation requires longer retention)

2.2 Advertising Platform Data (Special Category)

When you connect advertising accounts via OAuth, we access:

  • Campaign performance metrics: Impressions, clicks, conversions, spend, CTR, CPC, ROAS
  • Campaign metadata: Names, settings, statuses, budgets, targeting parameters
  • Ad group and keyword data: Performance metrics, bid strategies
  • Account structure: Account IDs, hierarchy, organizational setup
  • OAuth tokens: Access tokens and refresh tokens (encrypted with AES-256-GCM)

Legal basis: Consent (Art. 6(1)(a) GDPR - granted via OAuth flow), Contract performance (Art. 6(1)(b) GDPR)

Retention: Metrics: 90 days (configurable); OAuth tokens: Until revoked by you

✓ Data Minimization Principle: We only access data strictly necessary for monitoring services.

✗ We do NOT access or store:

  • Payment information or credit card details
  • Personal data of your end customers (PII of ad viewers/clickers)
  • Billing addresses or financial account details
  • Email addresses or contact details of your customers

2.3 Technical and Usage Data

We automatically collect technical data via cookies and similar technologies:

  • Log data: IP address (anonymized after 30 days), timestamp, HTTP method, status code
  • Device information: Browser type and version, operating system, device type, screen resolution
  • Usage analytics: Pages viewed, features used, session duration, click patterns
  • Performance data: Page load times, API response times, error rates
  • Error reports: Stack traces, error messages (via Sentry - with anonymization)

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR - service security and improvement), Consent (for analytics cookies)

Retention: Logs: 30 days; Analytics: 24 months

See our Cookie Policy for detailed information about cookies.

2.4 Billing and Payment Data

  • Billing details: Company name, VAT ID, billing address, invoice email
  • Payment information: Processed by Stripe (PCI-DSS compliant). We do NOT store credit card numbers.
  • Transaction history: Invoice IDs, amounts, dates, payment status

Legal basis: Contract performance (Art. 6(1)(b) GDPR), Legal obligation (Art. 6(1)(c) GDPR - tax records)

Retention: 10 years (tax law requirement)

2.5 Communication Data

  • Support tickets and correspondence
  • Email communications (alerts, notifications, marketing with consent)
  • Chat transcripts (if using live chat)
  • Feedback and survey responses

Legal basis: Contract performance, Legitimate interest, Consent (for marketing)

Retention: Support tickets: 2 years; Marketing consent: Until withdrawn

2.6 Data We Do NOT Collect

In compliance with GDPR data minimization principles, we do NOT collect:

  • Special categories of data (racial origin, political opinions, religious beliefs, health data, biometric data, genetic data)
  • Data about criminal convictions or offenses
  • Personal data of individuals under 16 years of age
  • Unnecessary personal data beyond what is required for our services

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our monitoring services
  • Send alerts and notifications about your campaigns
  • Analyze performance and generate reports
  • Improve our platform and develop new features
  • Communicate with you about service updates
  • Ensure security and prevent fraud

3.1 Automated Decision-Making

In accordance with GDPR Article 22, we inform you that our service does not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

Our alert system uses configurable thresholds and statistical methods to detect anomalies in your campaign data, but all final decisions regarding your advertising campaigns remain entirely with you. The alerts we provide are informational recommendations, not automated actions.

4. Data Access and Permissions

4.1 Google API Services

Advine.ai's use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

We request the following Google API scopes:

  • https://www.googleapis.com/auth/adwords - Read and manage Google Ads campaigns
  • https://www.googleapis.com/auth/userinfo.email - View your email address
  • https://www.googleapis.com/auth/userinfo.profile - View your basic profile info

4.2 Other Advertising Platforms

Similar read-only access is requested for:

  • Meta Ads (Facebook/Instagram)
  • LinkedIn Ads
  • Seznam Sklik
  • Amazon Advertising

5. Data Sharing and Disclosure

We do NOT sell your personal information. We may share data with:

  • Service Providers: Cloud hosting (Supabase), analytics, and monitoring tools that help us operate our service
  • Team Members: Users within your organization based on assigned permissions
  • Legal Requirements: When required by law, court order, or government request

6. Data Security

We implement industry-standard security measures:

  • End-to-end encryption for data in transit (TLS/SSL)
  • Encrypted storage for sensitive data (AES-256)
  • OAuth tokens stored with encryption
  • Regular security audits and updates
  • Role-based access controls
  • SOC 2 compliant infrastructure

7. Data Retention

We retain your data:

  • Account data: Until you delete your account
  • Campaign metrics: 90 days by default (configurable)
  • Logs: 30 days for debugging and security
  • Deleted data: Permanently removed within 30 days

8. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and data
  • Export your data
  • Revoke access to advertising platforms
  • Opt-out of marketing communications

9. Cookies and Tracking

We use cookies for:

  • Authentication and session management
  • Preferences and settings
  • Analytics (with your consent)

You can control cookies through our consent banner and browser settings.

10. International Data Transfers

Your data may be transferred and stored on servers located outside your country. We ensure appropriate safeguards are in place for such transfers.

11. Children's Privacy

Our service is not intended for users under 18 years of age. We do not knowingly collect data from children.

12. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes via email or platform notification.

13. Contact Us

For privacy-related questions or requests, contact us at:

14. GDPR Compliance (EU Users)

If you are in the European Union, you have additional rights under GDPR:

  • Right to data portability
  • Right to object to processing
  • Right to restrict processing
  • Right to lodge a complaint with supervisory authority

Legal basis for processing: Legitimate interest (service provision), consent (marketing), and contract performance.

14.1 Supervisory Authority

As we are based in the Czech Republic, our lead supervisory authority is:

  • Office for Personal Data Protection (ÚOOÚ)
  • Address: Pplk. Sochora 27, 170 00 Praha 7, Czech Republic
  • Website: www.uoou.cz

You have the right to lodge a complaint with this authority or with your local supervisory authority if you believe your personal data has been processed unlawfully.