Privacy Policy
Last updated: March 2026
1. What we collect
We collect what we need to run AdPatterns. Nothing more.
Account info
- Your name and email address
- Google account ID (if you sign in with Google)
- Meta user ID and access token (read-only, to pull your ad data)
Ad account data
- Ad account IDs and names
- Change logs: what changed, when, who did it, old value, new value
- Daily performance metrics: spend, impressions, clicks, conversions, revenue
- Campaign and ad creative metadata
Shopify data (if connected)
- Order counts and revenue totals (no customer personal data)
Usage data
- Pages you visit inside the app (via PostHog, EU-hosted)
- Browser type, screen size, and referring URL
- We do not track you outside of AdPatterns
2. How we use your data
Short version: we use your data to show you your data.
- Your Meta token reads your ad activity. We never write to your ad accounts.
- Your change logs and metrics power the Ads Journal, Dashboard, and Reports.
- Your email sends you reports, alerts, and account notifications.
- Usage analytics help us fix bugs and improve the product.
- We do not sell your data. To anyone. Ever.
- We do not use your data to train AI models.
3. Anonymized benchmarks
We may use anonymized, aggregated performance data to build industry benchmarks. This means:
- Your account name, business name, and identity are never included.
- Benchmarks use averages across many accounts. No single account can be identified.
- You can opt out of benchmark data collection by emailing privacy@adpatterns.io.
4. Meta permissions
We request one permission from Meta:
- ads_read: Read your ad account activity. This is read-only. We cannot create, edit, pause, or delete anything in your ad account.
5. Security
We take security seriously.
- All traffic is encrypted with HTTPS (TLS 1.2+).
- Meta access tokens are stored encrypted in the database.
- We do not store your Meta or Google password.
- The server runs in Hetzner's EU data center (Germany).
- Database backups run daily with 7-day retention.
- SSH access is key-only. No password authentication.
6. Data retention and deletion
You can disconnect your Meta account anytime. This revokes your access token and stops all data syncing.
To delete your account and all stored data, email privacy@adpatterns.io. We process deletion requests within 30 days.
Billing records are kept for 7 years as required by EU tax law.
7. Legal basis (GDPR)
If you are in the European Economic Area:
| Activity | Legal basis | Retention |
|---|---|---|
| Account and login | Contract (Art. 6(1)(b)) | Until deletion |
| Ad change logging | Contract (Art. 6(1)(b)) | Until deletion |
| Anonymized benchmarks | Legitimate interest (Art. 6(1)(f)) | Indefinite (anonymized) |
| Billing records | Legal obligation (Art. 6(1)(c)) | 7 years |
| Service emails | Contract (Art. 6(1)(b)) | Duration of account |
| Marketing emails | Consent (Art. 6(1)(a)) | Until unsubscribed |
| Usage analytics | Legitimate interest (Art. 6(1)(f)) | 90 days |
8. Sub-processors
These companies help us run AdPatterns:
| Service | Purpose | Location |
|---|---|---|
| Hetzner | Server hosting | Germany (EU) |
| PostHog | Product analytics | EU region |
| Stripe | Payments | US (SCCs) |
| Resend | Email delivery | US (SCCs) |
| Meta | Ad data via Marketing API | US (SCCs) |
| OAuth sign-in | US (SCCs) | |
| Cloudflare | DDoS protection, bot filtering | US (SCCs) |
We do not sell your data. We do not use third-party ad trackers.
9. Your rights
If you are in the EEA, you can:
- See what data we have about you.
- Fix anything that is wrong.
- Delete your data at any time.
- Export your data in a readable format.
- Unsubscribe from marketing emails.
- Object to processing you disagree with.
Email privacy@adpatterns.io for any of these. We respond within 30 days.
10. Cookies
We use a session cookie to keep you logged in. That is it. No tracking cookies. No third-party cookies.
PostHog uses a first-party cookie for analytics. It does not track you across other websites.
11. Contact
Questions? Email privacy@adpatterns.io.