a
AdPilot
LAST UPDATED · 2026-05-21

Privacy Policy

What AdPilot is

AdPilot is a multi-tenant SaaS platform operated by Romany LLC for digital marketing agencies (each, an “agency”). After an agency signs up, its team members connect their own and their clients’ ad accounts via OAuth. AdPilot reads ad-platform data on behalf of agency users who have explicitly authorized access. The platform supports Google Ads, Meta Ads, and TikTok Ads.

What data we collect

  • Account data: name, email, role, and avatar of each user who signs up to use the platform.
  • Agency data: agency name, branding (logo, primary color), team membership, and audit log of significant actions taken in AdPilot.
  • Ad-platform data (read-only): when an agency user connects an ad account via OAuth, AdPilot reads campaign metadata, daily performance metrics, and ad creatives from Google Ads, Meta Marketing, and/or TikTok Ads APIs. We never modify campaigns or ads on the platform.
  • AI-generated artifacts:AdPilot uses Anthropic’s Claude API to generate written narratives, recommendations, and chat responses based on the data above. Inputs and outputs to Anthropic are processed under Anthropic’s API terms.
  • Billing data: when an agency adds a payment method, Stripe collects and stores the card details, billing address, and tax ID (if provided). AdPilot stores only a Stripe customer ID and subscription ID; we never see or store full card numbers. Invoices and payment receipts are generated + retained by Stripe and accessible from Settings → Billing → Invoice history.
  • Sample data (demo mode):agencies that sign up without a payment method land in demo mode, where AdPilot seeds fictional client + campaign rows so the dashboard is populated. This data is generated from a fixed template; it is not derived from any real agency’s data and contains no personal information about anyone.

How we store and protect data

  • Data is hosted on Supabase (PostgreSQL) with row-level security ensuring an agency user can only access their own agency’s rows.
  • OAuth access & refresh tokens are encrypted at rest (AES-256) with a server-only key.
  • The application is served over HTTPS only. Secrets are stored as Vercel environment variables and never exposed to the browser.

What we do with the data

We use ad-platform data to power the agency’s own dashboards, reports, and AI-generated insights. We do not sell or share data with third parties for advertising. Our third-party data processors are:
  • Supabase— PostgreSQL hosting (account, agency, ad-platform, and audit data)
  • Vercel— application hosting + edge functions
  • Anthropic— LLM inference for the AI morning brief, recommendations, and chat features
  • Stripe— payment processing, subscription management, and invoice generation. Stripe Tax is not currently in use; sales tax / VAT collection will be added (and disclosed here) when AdPilot exceeds the applicable revenue thresholds.

Your choices

  • Disconnect an ad account at any time from Settings → Integrations; AdPilot deletes the stored token immediately and stops fetching from that account.
  • Request deletion of your agency’s data by emailing the support contact below; we will remove all rows associated with your agency within 30 days.
  • Read-only OAuth scopes are used unless explicitly required for a specific feature; we will surface in-product prompts before any write-scope is requested.

Cookies

AdPilot uses Supabase auth session cookies (HTTP-only, secure) to keep users signed in. We do not use third-party analytics or advertising cookies on the application itself.

Contact

Questions, deletion requests, or data-handling concerns can be directed to hello@socialogicpr.com.
Terms of Service · Back to AdPilot