ADSFLOW
Legal

Privacy Policy

Last updated: [REVIEW: effective date]

Template — must be reviewed by legal counsel before publication

This document is a standard template drafted for a B2B provider of Meta advertising infrastructure. Placeholder sections marked [REVIEW: ...] require completion by a qualified attorney, including jurisdiction-specific disclosures under GDPR, LGPD, or other applicable privacy frameworks, before this policy is published or relied upon.

ADS FLOW (“ADS FLOW”, “we”, “our”, or “us”) is committed to protecting the privacy of visitors to ads-flow.pro and clients who use our services. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights in relation to it.

1. Who We Are

The data controller for personal data collected through this website and our services is:

ADS FLOW [REVIEW: legal entity full name]

[REVIEW: registered address]

Email: ops@ads-flow.pro

[REVIEW: If a Data Protection Officer (DPO) has been designated, include their contact details here.]

2. Data We Collect

We collect data through the following channels:

2.1 Information you provide directly

  • Contact and lead forms: Name, email address, Telegram handle, business description, and any other information you choose to include when submitting an inquiry through our website or Telegram.
  • Email correspondence: Messages sent to ops@ads-flow.pro and the content of those communications.
  • Service onboarding: Business Manager IDs, account identifiers, and related information required to provision services.

2.2 Data collected automatically

  • Usage data: IP address, browser type, operating system, referring URL, pages visited, and timestamps — collected through our analytics stack.
  • CTA interaction events: When you click a call-to-action element (e.g., “Free diagnosis”, Telegram links, or contact buttons), an event is recorded via our internal tracking endpoint at /api/track/cta. This captures the source, campaign tag, content label, and timestamp associated with the interaction. No sensitive personal data is captured in this event.
  • Cookies and local storage: As described in Section 5.

3. How We Use Your Data

We use collected data for the following purposes and on the following legal bases:

PurposeLegal basis
Responding to enquiries and providing requested servicesPerformance of contract / Legitimate interests
Provisioning and managing Ad Accounts and Host BMsPerformance of contract
Measuring website performance and understanding visitor behaviour (analytics)Legitimate interests [REVIEW: or consent where required]
Tracking CTA interactions to attribute enquiries to marketing campaignsLegitimate interests
Complying with legal obligations (e.g., invoicing, tax records)Legal obligation
Fraud prevention and securityLegitimate interests / Legal obligation

[REVIEW: Where consent is the legal basis (e.g., marketing emails or non-essential cookies in the EU/UK/Brazil), describe the consent mechanism and how it can be withdrawn.]

4. Tracking and Analytics

We use Google Analytics (and/or Google Tag Manager) to collect aggregated data about website traffic and visitor behaviour. This service may set cookies and process IP addresses. Google’s privacy practices are described at policies.google.com/privacy.

Our own CTA tracking endpoint (/api/track/cta) records interaction events — including which campaign or content variant triggered a click — to help us understand which parts of the site drive enquiries. These events do not include contact details or financial information.

[REVIEW: List any additional analytics, advertising, or retargeting pixels deployed on this site, including their purpose and opt-out mechanism.]

5. Cookies and Similar Technologies

We use cookies and similar tracking technologies on our website. Cookies are small files placed on your device; they may be “session” cookies (deleted when you close your browser) or “persistent” cookies (retained for a set period).

We may use the following categories of cookies:

  • Strictly necessary: Required for the site to function (e.g., session state). These cannot be opted out of.
  • Analytics: Used to understand how visitors interact with the site (e.g., Google Analytics).
  • Marketing / Advertising: [REVIEW: describe any advertising cookies or pixels, or remove this bullet if none are used.]

[REVIEW: Where applicable under GDPR/LGPD/ePrivacy, describe the cookie consent mechanism. If no cookie banner is deployed, note whether one is required for your audience and jurisdiction.]

You can control cookies through your browser settings. Disabling cookies may affect the functionality of the site.

6. Third-Party Services

We share data with the following categories of third parties, only to the extent necessary to operate our business:

  • Infrastructure and hosting providers: Server and database infrastructure on which our site and tools are hosted (e.g., cloud providers). [REVIEW: name specific providers.]
  • Analytics providers: Google LLC (Google Analytics / Google Tag Manager).
  • Email and communication: Email delivery services used to send invoices and service communications (e.g., Resend). [REVIEW: confirm and name providers.]
  • Meta Platforms, Inc.: By using Meta advertising infrastructure provisioned through our services, your campaign data is processed by Meta in accordance with Meta’s own privacy policy and data processing terms. We are not responsible for Meta’s data practices.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy, or as required by law. In general:

  • Client contact and service records are retained for [REVIEW: retention period, e.g., 5 years] after the conclusion of the engagement, or as required by applicable tax and accounting law.
  • Website analytics data is retained in accordance with the retention settings of the analytics provider [REVIEW: specify or confirm].
  • CTA interaction event logs are retained for [REVIEW: retention period].
  • Enquiry data from visitors who do not become clients is retained for [REVIEW: retention period, e.g., 12 months] from last contact.

When data is no longer needed, it is securely deleted or anonymised.

8. Your Rights

Depending on your location, you may have the following rights with respect to your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your personal data where we have no legal basis to retain it.
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Portability: Receive your data in a structured, machine-readable format where processing is based on consent or contract.
  • Objection: Object to processing based on legitimate interests.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

These rights apply under the EU General Data Protection Regulation (GDPR), the UK GDPR, and Brazil’s Lei Geral de Proteção de Dados (LGPD), subject to applicable exemptions. [REVIEW: confirm which frameworks apply to your business and tailor accordingly.]

To exercise any of these rights, contact us at ops@ads-flow.pro. We will respond within the timeframe required by applicable law (typically 30 days). You also have the right to lodge a complaint with your local data protection authority.

9. International Data Transfers

Our infrastructure and some of our service providers are located in countries outside of your own. When we transfer personal data internationally, we take steps to ensure an adequate level of protection in accordance with applicable law, such as the use of Standard Contractual Clauses (SCCs) approved by the European Commission or equivalent safeguards.

[REVIEW: Specify countries to which data may be transferred and the applicable transfer mechanism.]

10. Children's Privacy

Our services are intended exclusively for business users and are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we learn that we have inadvertently collected data from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. For material changes, we will make reasonable efforts to notify you by email or through a notice on our website.

We encourage you to review this page periodically. Your continued use of our services after any update constitutes acceptance of the revised policy.

12. Contact Us

For any questions, requests, or concerns about this Privacy Policy or our data practices, please contact us:

ADS FLOW [REVIEW: legal entity full name]

[REVIEW: registered address]

Email: ops@ads-flow.pro

Telegram: @oadsflow