Back to Sign In

Privacy Policy

Last updated: February 25, 2026

1. Introduction

Adrex AI ("we", "our", or "us") is committed to protecting your privacy and the security of your data. This Privacy Policy explains how we collect, use, share, and safeguard information when you use our AI-powered advertising campaign management platform (the "Service").

This policy applies to all users of the Service, including advertising professionals, agencies, and businesses managing campaigns through Adrex AI. By using the Service, you consent to the data practices described in this policy.

2. Information We Collect

2.1 Account Information

When you create an account, we collect:

  • Full name and username
  • Email address
  • Password (stored in hashed form using bcrypt; we never store plaintext passwords)
  • Account preferences and settings

2.2 Advertising Platform Data

When you connect your Google Ads or Meta Ads accounts via OAuth or API credentials, we access and process:

  • Campaign configurations, ad groups, ad sets, and individual ads
  • Performance metrics (impressions, clicks, conversions, spend, ROAS, CTR, CPC)
  • Audience and targeting settings
  • Creative assets (ad copy, headlines, descriptions, images)
  • Budget and bidding information
  • Account-level settings and billing information visible through the APIs

This data is accessed through official platform APIs and is used solely to provide the Service's campaign management and optimization features.

2.3 AI Interaction Data

When you use AI-powered features, we process:

  • Chat messages and prompts sent to the AI assistant
  • AI-generated responses, ad copy, headlines, and creative content
  • Campaign agent actions and optimization decisions
  • Rule configurations and automated action logs

2.4 Usage and Technical Data

We automatically collect:

  • Pages visited and features used within the Service
  • Browser type, device type, and operating system
  • IP address and approximate geographic location
  • Session duration and access timestamps
  • Error logs and performance diagnostics

2.5 Client and Business Data

If you manage campaigns for clients, we store client information you provide, including client names, company names, contact details, and associated advertising account IDs. You are responsible for ensuring you have the necessary permissions to share this data with us.

3. How We Use Your Information

We use the collected information to:

  • Provide the Service: Manage, monitor, and optimize your advertising campaigns across connected platforms
  • Power AI Features: Generate ad copy, provide campaign recommendations, execute automated optimizations, and enable AI chat interactions
  • Analytics and Reporting: Display real-time dashboards, performance metrics, and historical trend analysis
  • Competitor Analysis: Provide market intelligence and competitive insights for your advertising categories
  • Improve the Service: Analyze usage patterns to enhance features, fix bugs, and improve performance
  • Security: Detect and prevent unauthorized access, fraud, and abuse
  • Communications: Send critical account notifications, security alerts, and (with your consent) product updates
  • Legal Compliance: Fulfill our legal obligations and respond to lawful requests

4. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only in the following circumstances:

4.1 Service Providers and Sub-Processors

We share data with trusted third parties that help us deliver the Service:

ProviderPurposeData Shared
Google Cloud PlatformCloud hosting and infrastructureAll Service data (encrypted at rest and in transit)
FirebaseFrontend hosting and analyticsUsage data, session information
Google Ads APICampaign managementCampaign data, credentials (OAuth tokens)
Meta Marketing APICampaign managementCampaign data, credentials (access tokens)
OpenAIAI content generation and chatPrompts, campaign context for AI processing

4.2 Legal Requirements

We may disclose your information if required to do so by law, or if we believe in good faith that such action is necessary to comply with legal obligations, protect our rights or safety, investigate fraud, or respond to a government request.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction. We will notify you of any such change and any choices you may have regarding your data.

5. Data Security

We implement industry-standard technical and organizational measures to protect your data:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/SSL
  • Encryption at Rest: Sensitive data is encrypted at rest on Google Cloud Platform
  • Password Security: Passwords are hashed using bcrypt with salt; we never store plaintext passwords
  • Authentication: JWT-based access tokens (30-minute expiry) with refresh tokens (7-day expiry)
  • API Credential Storage: Third-party OAuth tokens and API credentials are stored encrypted in our database
  • Access Controls: Role-based access controls and the principle of least privilege
  • Infrastructure Security: Hosted on Google Cloud Run with automatic scaling, DDoS protection, and managed SSL certificates

While we strive to protect your data using commercially reasonable safeguards, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account remains active and as needed to provide the Service. Specific retention periods:

  • Account data: Retained until account deletion is requested
  • Campaign and performance data: Retained while the account is active; available for export upon request
  • AI interaction logs: Retained for up to 12 months for service improvement purposes
  • Agent action logs: Retained for up to 6 months for audit and troubleshooting
  • Usage and technical logs: Retained for up to 90 days

Upon account deletion, we will delete or anonymize your personal data within 30 days, except where longer retention is required by law or for legitimate business purposes (e.g., fraud prevention, legal disputes).

7. Your Rights and Choices

Depending on your jurisdiction (including rights under GDPR, CCPA, and other data protection laws), you may have the following rights:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your data for certain purposes
  • Right to Withdraw Consent: Withdraw previously given consent at any time
  • Right to Non-Discrimination: Exercise your privacy rights without discriminatory treatment (CCPA)

To exercise any of these rights, contact us at info@adrex.ai. We will respond to your request within 30 days (or within the timeframe required by applicable law).

8. International Data Transfers

The Service is hosted on Google Cloud Platform in the United States. If you access the Service from outside the United States, your data may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers, including standard contractual clauses where applicable.

9. Cookies and Local Storage

The Service uses browser local storage to store authentication tokens (JWT) for session management. We do not use third-party tracking cookies, advertising pixels, or behavioral tracking technologies on the Adrex AI platform itself.

Note: The advertising platforms you connect (Google Ads, Meta Ads) use their own cookies and tracking technologies for ad delivery and measurement. Those tracking practices are governed by their respective privacy policies, not ours.

10. Data Breach Notification

In the event of a data breach that affects your personal data, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by applicable law. Notification will include the nature of the breach, the data affected, the measures taken to address the breach, and recommendations for protecting yourself.

11. Children's Privacy

The Service is intended for business use by individuals aged 18 and older. We do not knowingly collect personal information from children under 18. If we learn that we have inadvertently collected data from a child under 18, we will delete that information promptly. If you believe a child has provided us with their data, please contact us at info@adrex.ai.

12. Third-Party Links

The Service may contain links to third-party websites or services (e.g., Google Ads console, Meta Business Manager). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before sharing any personal information.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. If we make material changes, we will notify you by email or through a prominent notice within the Service at least 15 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: