Overview
This Privacy Policy explains how Adgentic Ltd ("Adgentic", "we", "us", or "our") collects, uses, stores, and shares information about you when you use AdgenticHub.ai (the "Platform").
We are committed to handling your data with transparency and care. This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and other applicable privacy laws.
If you have questions or concerns, contact us at [email protected].
Who We Are
Adgentic Ltd is the data controller responsible for your personal data processed through the Platform. We are incorporated in England and Wales.
For questions relating to this policy or to exercise your rights, contact: [email protected]
Data We Collect
We collect the minimum data necessary to provide the Service effectively.
| Category | What we collect | Why |
|---|---|---|
| Account data | Name, work email address, company name, job title | To create and manage your account |
| Usage data | Pages visited, features used, session duration, error logs | To improve the Platform and diagnose issues |
| Platform connection data | OAuth tokens (temporary), connected account identifiers | To retrieve advertising data on your behalf |
| Campaign data | Advertising performance metrics, spend data, placement data from connected platforms | To provide diagnosis, recommendations, and forecasts |
| Communications | Emails, support messages, feedback | To respond to enquiries and provide support |
| Payment data | Billing name, address, last 4 digits of card (processed by Stripe) | To process subscription payments |
| Device & technical data | IP address, browser type, operating system | Security monitoring and analytics |
How We Use Your Data
We use your data only for the purposes described below:
- Providing the Service — processing your campaign data to generate diagnoses, recommendations, optimisations, and forecasts.
- Account management — maintaining your account, authenticating your identity, and managing your subscription.
- Platform improvement — analysing aggregated, anonymised usage patterns to improve the Platform's accuracy and features.
- Security — detecting, preventing, and responding to fraud, abuse, or security incidents.
- Communication — sending transactional emails (account confirmations, billing, security alerts) and, where you have opted in, product updates.
- Legal compliance — meeting our legal obligations, responding to lawful requests from authorities, and enforcing our Terms of Service.
We do not use your data for automated profiling that produces legal or similarly significant effects about you.
Legal Basis for Processing
Under UK/EU GDPR, we rely on the following legal bases:
- Contract — processing necessary to perform our contract with you (providing the Service, managing your account, billing).
- Legitimate interests — improving the Platform, maintaining security, and communicating about product updates, where these interests are not overridden by your rights.
- Legal obligation — processing required to comply with applicable laws.
- Consent — where we rely on consent (e.g. optional marketing communications), you may withdraw it at any time without affecting the lawfulness of prior processing.
Third-Party Platform Data
When you connect an advertising platform (such as Google, Meta, Amazon, or TikTok), we access your account data on your behalf using OAuth 2.0 authentication. This means:
- Access tokens are used in-session and are not stored in a retrievable form beyond what is necessary to maintain your active connection.
- The Diagnose, Recommend, and Predict agents operate in read-only mode and make no changes to your advertising accounts.
- The Optimise agent, where enabled, only executes changes that you have explicitly reviewed and approved.
- You can revoke any connected platform's access at any time from your account settings or directly through the third-party platform. Revocation takes effect immediately.
Campaign data retrieved from connected platforms is stored securely to enable the Service and is deleted in accordance with our data retention policy below.
Data Sharing
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
- Service providers — trusted sub-processors who help us operate the Platform (e.g. cloud hosting, payment processing, email delivery). These providers are bound by data processing agreements and may not use your data for their own purposes.
- Legal requirements — where required by law, court order, or governmental authority, we may disclose data. We will notify you where legally permissible before doing so.
- Business transfers — if Adgentic is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you in advance and your rights under this policy will continue to apply.
- With your consent — in any other circumstances, only with your explicit prior consent.
Our key sub-processors include: Amazon Web Services (cloud infrastructure), Stripe (payment processing), and SendGrid (transactional email). An up-to-date list of sub-processors is available on request.
Data Retention
We retain your data for as long as necessary to provide the Service and fulfil the purposes described in this policy, subject to the following:
- Account data — retained for the duration of your account and deleted within 30 days of account closure.
- Campaign data — retained for up to 24 months to enable trend analysis and forecasting, unless you request earlier deletion.
- Usage and technical logs — retained for up to 12 months for security and debugging purposes.
- Billing records — retained for 7 years as required by UK financial regulations.
You may request deletion of your data at any time by contacting [email protected]. Deletion requests will be processed within 30 days, subject to legal retention obligations.
Security
We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, alteration, or disclosure. These include:
- Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
- Access controls restricting employee access to personal data on a need-to-know basis.
- Regular security reviews and vulnerability assessments.
- Incident response procedures for detecting and responding to data breaches.
In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware, as required by applicable law.
No method of transmission over the internet is 100% secure. If you believe your account security has been compromised, contact us immediately at [email protected].
Your Rights
Under UK and EU GDPR, you have the following rights regarding your personal data:
Request a copy of the personal data we hold about you.
Ask us to correct inaccurate or incomplete personal data.
Request deletion of your personal data ("right to be forgotten").
Ask us to restrict processing of your data in certain circumstances.
Receive your personal data in a structured, machine-readable format.
Object to processing based on legitimate interests or for direct marketing.
To exercise any of these rights, contact [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk if you are in the UK, or your local supervisory authority in the EU.
Cookies
We use cookies and similar tracking technologies on the Platform. These fall into the following categories:
- Essential cookies — required for the Platform to function (session management, authentication). These cannot be disabled.
- Analytics cookies — used to understand how users interact with the Platform (e.g. pages visited, feature usage). We use privacy-friendly analytics that do not share data with third-party ad networks.
- Preference cookies — remember your settings and preferences.
We do not use third-party advertising or behavioural tracking cookies. You can manage your cookie preferences through our cookie banner or your browser settings. Disabling essential cookies may affect Platform functionality.
Children
The Platform is intended for professional and business use only. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected such data, please contact us immediately and we will delete it promptly.
International Data Transfers
Our infrastructure is primarily hosted within the UK and European Economic Area (EEA). In some cases, we may transfer data to service providers located outside the UK/EEA. Where we do so, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- UK International Data Transfer Agreements (IDTAs) where applicable.
- Adequacy decisions recognising equivalent data protection standards.
Details of international transfers and the safeguards applied are available on request at [email protected].
Policy Changes
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or by posting a prominent notice on the Platform at least 14 days before changes take effect.
The "last updated" date at the top of this page indicates when this policy was last revised. We encourage you to review this policy periodically.
Contact & Data Protection Officer
For privacy-related questions, to exercise your rights, or to raise a concern, please contact us:
Email: [email protected]
Security issues: [email protected]
ICO (UK supervisory authority): ico.org.uk