Privacy Policy — AdSet
Last updated: June 4, 2026
This Privacy Policy explains how AdSet, operated by Digital Land BV (“AdSet”, “we”, “us”, “our”), collects, uses, shares, and protects personal data when you visit adset.tech, subscribe to our service, or connect your advertising accounts to AdSet.
Controller
1) Scope
This policy applies to visitors of adset.tech, paying subscribers, and any user who connects an advertising account (Google Ads, Meta Ads, Snapchat Ads, TikTok Ads, Salla, or Zid) to AdSet.
2) Data we collect
We collect the minimum data needed to operate the site and service.
A. Account and authentication
- Email address and password (hashed) used to create your AdSet account
- Optional sign-in via Google (when used, we receive your basic Google profile: email and display name)
- User identifiers (user ID, workspace ID) used internally to scope your data
B. Subscription and payment data
- Billing email and country (collected through our payment processor, Stripe)
- Subscription status, plan, and invoice history
- We do not store full payment card details on our servers. All card data is processed and stored directly by Stripe in compliance with PCI-DSS standards.
C. Advertising platform data (you explicitly authorize)
When you connect an advertising account to AdSet through OAuth, you grant us read-only access to fetch performance data on your behalf. Specifically:
- Google Ads: via the Google Ads API — account IDs, campaign names, status, and performance metrics (impressions, clicks, spend, conversions, conversion value). We do not access keyword-level data or ad creative content.
- Meta Ads (Facebook/Instagram): via the Meta Marketing API — account IDs, campaign performance, and ad insights.
- Snapchat Ads: via the Snap Marketing API — campaign-level performance data.
- TikTok Ads: via the TikTok Business API — campaign-level performance data.
- E-commerce platforms (Salla, Zid): store-level sales and revenue data, when connected.
We perform read-only operations on these APIs. We do not create, modify, or delete campaigns, ads, budgets, or any account settings. We do not display or share your private advertising data publicly.
D. Product usage
- Configuration you create inside the product (workspace settings, enabled accounts, report preferences)
- Queries you make to our AI assistant (used to generate responses; not used to train external AI models)
E. Support and contact
- Messages you send us and related contact details
F. Technical and security data
- IP address, device/browser information, and basic logs used for security, reliability, and abuse prevention
- Website analytics data (aggregated where possible)
3) How we use your data (purposes)
- Provide, operate, and maintain the AdSet service
- Fetch and display your advertising performance data from connected platforms
- Process subscription payments through Stripe
- Respond to inquiries and provide customer support
- Send important service notices and product updates (you can opt out of marketing emails at any time)
- Improve performance, reliability, and user experience
- Maintain security, prevent fraud, and enforce our Terms
4) Where your data is stored
AdSet is hosted on Google Cloud Platform in the europe-west1 (Belgium) region. Your advertising performance data is stored in Google BigQuery and is isolated to your workspace — other AdSet customers cannot access your data.
OAuth refresh tokens (used to maintain access to your advertising accounts) are encrypted at rest in our database. Account credentials (email and password) are managed by Supabase, a GDPR-compliant authentication provider.
5) Legal bases (EEA/UK GDPR)
Depending on the context, we process personal data under one or more of:
- Consent (e.g., connecting an advertising account, marketing emails)
- Contract (to provide the subscription service you have paid for)
- Legitimate interests (security, service improvements, preventing abuse)
- Legal obligations (e.g., tax records, where applicable)
6) How we share data
We share data with vetted service providers that help us operate AdSet. These providers are authorized to process data only on our instructions and for the purposes described in this policy:
- Google Cloud Platform — hosting, BigQuery storage, and email delivery
- Supabase — user authentication and database
- Stripe — payment processing and subscription billing
- Google (Gemini API) — AI assistant responses (queries are not used to train models)
We do not sell personal data. We do not share your advertising data with third parties for advertising or marketing purposes.
7) Revoking access and deleting data
You can revoke AdSet's access to any connected advertising account at any time:
- From within AdSet: disconnect the platform from the Integrations page in your workspace settings.
- From the platform itself: revoke AdSet's access from your Google Account permissions page (myaccount.google.com/permissions), Meta Business Settings, Snapchat Ads Manager, or TikTok Ads Manager.
To request deletion of your AdSet account and all associated data, email info@adset.tech. We will process deletion requests within 30 days.
8) International transfers
Your data is primarily stored in the EU (Belgium). If we transfer personal data outside the EEA/UK (for example, when calling Stripe APIs hosted in the United States), we rely on appropriate safeguards such as the EU Standard Contractual Clauses.
9) Retention
We retain personal data only as long as needed for the purposes described above:
- Account data: while your account is active, plus up to 90 days after deletion (for backups)
- Advertising performance data: retained while the connection is active; deleted within 30 days of disconnection
- Billing records: retained for 7 years as required by Belgian tax law
10) Your rights
Depending on your location (including the EU/EEA), you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. You also have the right to lodge a complaint with your local data protection authority. To exercise your rights, contact us at info@adset.tech.
11) Security
We use reasonable technical and organizational measures to protect personal data, including:
- Encryption in transit (TLS 1.2+) for all communications
- Encryption at rest for OAuth tokens and sensitive credentials
- Workspace-level isolation of customer data in BigQuery
- Role-based access controls within AdSet
No method of transmission or storage is completely secure, but we work to protect your data at every step.
12) Compliance with Google API policies
AdSet's use of information received from Google APIs (including the Google Ads API) adheres to the Google API Services User Data Policy, including the Limited Use requirements. We use Google Ads data exclusively to provide and improve the reporting features of AdSet for the authenticated user. We do not transfer, sell, or use this data for advertising, ad targeting, or any purpose outside of the user-facing features of AdSet.
13) Children
AdSet is intended for business users and is not directed to children. We do not knowingly collect personal data from children.
14) Changes
We may update this Privacy Policy from time to time by posting a new version on this page. We will update the “Last updated” date at the top, and for material changes we will notify subscribers by email.